Refactored server roles for better readability

2025-09-10 04:25:20 +02:00 · 2025-09-01 18:08:35 +02:00
parent b7065837df
commit b02d88adc0
77 changed files with 103 additions and 116 deletions
--- a/roles/sys-util-csp-cert/README.md
+++ b/roles/sys-util-csp-cert/README.md
@@ -0,0 +1,23 @@
+# Role: sys-util-csp-cert
+
+This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow:
+
+1. **`sys-front-inj-all`**
+   Injects global HTML snippets (CSS, Matomo tracking, iFrame notifier, custom JavaScript) into responses using Nginx `sub_filter`.
+2. **`sys-svc-certs`**
+   Handles issuing, renewing, and managing TLS certificates via ACME/Certbot.
+
+By combining encryption setup with content enhancements, this role streamlines domain provisioning for secure, fully-featured HTTP/HTTPS delivery.
+
+## Features
+
+* **Unified HTTPS Orchestration**
+  Seamlessly sets up TLS and performs HTML-level content injections in one role.
+* **Content Injection**
+  Adds global theming, analytics, and custom scripts before `</head>` and tracking noscript tags before `</body>`.
+* **Certificate Management**
+  Automates cert issuance and renewal via `sys-svc-certs`.
+* **Idempotent Workflow**
+  Ensures each component runs only once per domain.
+* **Simplified Playbooks**
+  Call a single role to handle both security (TLS) and user-experience (injections).