Refactored server roles for better readability

2025-09-10 04:25:20 +02:00 · 2025-09-01 18:08:35 +02:00
parent b7065837df
commit b02d88adc0
77 changed files with 103 additions and 116 deletions
--- a/roles/categories.yml
+++ b/roles/categories.yml
@@ -111,16 +111,6 @@ roles:
      description: "Developer-centric server utilities and admin toolkits."
      icon: "fas fa-code"
      invokable: false
  srv:
    title: "Server"
    description: "General server roles for provisioning and managing server infrastructure—covering web servers, proxy servers, network services, and other backend components."
    icon: "fas fa-server"
    invokable: false
    proxy:
      title: "Proxy Server"
      description: "Proxy-server roles for virtual-host orchestration and reverse-proxy setups."
      icon: "fas fa-project-diagram"
      invokable: false
  web:
    title: "Web Infrastructure"
    description: "Roles for managing web infrastructure—covering static content services and deployable web applications."
--- a/roles/docker-compose/README.md
+++ b/roles/docker-compose/README.md
@@ -20,7 +20,7 @@ To offer a centralized, extensible system for managing containerized application
 - **Reset Logic:** Cleans previous Compose project files and data when `MODE_RESET` is enabled.
 - **Handlers for Runtime Control:** Automatically builds, sets up, or restarts containers based on handlers.
 - **Template-ready Service Files:** Predefined service base and health check templates.
- **Integration Support:** Compatible with `srv-proxy-core` and other Infinito.Nexus service roles.
+- **Integration Support:** Compatible with `sys-svc-proxy` and other Infinito.Nexus service roles.
 ## Administration Tips
--- a/roles/srv-letsencrypt/tasks/main.yml
+++ b/roles/srv-letsencrypt/tasks/main.yml
@@ -1,4 +0,0 @@
 - block:
  - include_tasks: 01_core.yml
  - include_tasks: utils/run_once.yml
  when: run_once_srv_letsencrypt is not defined
--- a/roles/svc-db-openldap/templates/nginx.stream.conf.j2
+++ b/roles/svc-db-openldap/templates/nginx.stream.conf.j2
@@ -2,5 +2,5 @@ server {
    listen {{ ports.public.ldaps['svc-db-openldap'] }}ssl;
    proxy_pass 127.0.0.1:{{ ports.localhost.ldap['svc-db-openldap'] }};
-    {% include 'roles/srv-letsencrypt/templates/ssl_credentials.j2' %}
+    {% include 'roles/sys-svc-letsencrypt/templates/ssl_credentials.j2' %}
 }
--- a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml
+++ b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml
@@ -3,7 +3,7 @@
    name: '{{ item }}'
  loop:
  - sys-svc-certbot
-  - srv-core
+  - sys-svc-webserver
  - sys-ctl-alm-compose
 - name: install certbot
--- a/roles/sys-front-inj-all/tasks/main.yml
+++ b/roles/sys-front-inj-all/tasks/main.yml
@@ -41,9 +41,9 @@
  when: inj_enabled.logout
 - block:
-  - name: Include dependency 'srv-core'
+  - name: Include dependency 'sys-svc-webserver'
    include_role:
-      name: srv-core
+      name: sys-svc-webserver
-    when: run_once_srv_core is not defined
+    when: run_once_sys_svc_webserver is not defined
  - include_tasks: utils/run_once.yml
  when: run_once_sys_front_inj_all is not defined
--- a/roles/sys-front-inj-css/tasks/01_core.yml
+++ b/roles/sys-front-inj-css/tasks/01_core.yml
@@ -1,7 +1,7 @@
- name: Include dependency 'srv-core'
+- name: Include dependency 'sys-svc-webserver'
  include_role:
-    name: srv-core
+    name: sys-svc-webserver
-  when: run_once_srv_core is not defined
+  when: run_once_sys_svc_webserver is not defined
 - name: Generate color palette with colorscheme-generator
  set_fact:
--- a/roles/sys-front-inj-desktop/tasks/main.yml
+++ b/roles/sys-front-inj-desktop/tasks/main.yml
@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-core'
+  - name: Include dependency 'sys-svc-webserver'
    include_role:
-      name: srv-core
+      name: sys-svc-webserver
-    when: run_once_srv_core is not defined
+    when: run_once_sys_svc_webserver is not defined
  - include_tasks: 01_deploy.yml
  - include_tasks: utils/run_once.yml
  when: run_once_sys_front_inj_desktop is not defined
--- a/roles/sys-front-inj-javascript/tasks/main.yml
+++ b/roles/sys-front-inj-javascript/tasks/main.yml
@@ -1,9 +1,9 @@
 - block:
-  - name: Include dependency 'srv-core'
+  - name: Include dependency 'sys-svc-webserver'
    include_role:
-      name: srv-core
+      name: sys-svc-webserver
-    when: run_once_srv_core is not defined
+    when: run_once_sys_svc_webserver is not defined
  - include_tasks: utils/run_once.yml
  when: run_once_sys_front_inj_javascript is not defined
--- a/roles/sys-front-inj-logout/tasks/01_core.yml
+++ b/roles/sys-front-inj-logout/tasks/01_core.yml
@@ -1,8 +1,8 @@
- name: Include dependency 'srv-core'
+- name: Include dependency 'sys-svc-webserver'
  include_role:
-    name: srv-core
+    name: sys-svc-webserver
  when: 
-    - run_once_srv_core is not defined
+    - run_once_sys_svc_webserver is not defined
 - name: "deploy the logout.js"
  include_tasks: "02_deploy.yml"
--- a/roles/sys-front-inj-matomo/tasks/main.yml
+++ b/roles/sys-front-inj-matomo/tasks/main.yml
@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-core'
+  - name: Include dependency 'sys-svc-webserver'
    include_role:
-      name: srv-core
+      name: sys-svc-webserver
-    when: run_once_srv_core is not defined
+    when: run_once_sys_svc_webserver is not defined
  - include_tasks: utils/run_once.yml
  when: run_once_sys_front_inj_matomo is not defined
--- a/roles/sys-stk-front-proxy/README.md
+++ b/roles/sys-stk-front-proxy/README.md
@@ -10,7 +10,7 @@ A higher-level orchestration wrapper, *sys-stk-front-proxy* ties together severa
 1. **`sys-front-inj-all`** – applies global tweaks and includes.  
 2. **`sys-svc-certs`** – obtains Let’s Encrypt certificates.  
-3. **Domain template deployment** – copies a Jinja2 vHost from *srv-proxy-core*.  
+3. **Domain template deployment** – copies a Jinja2 vHost from *sys-svc-proxy*.  
 4. **`web-app-oauth2-proxy`** *(optional)* – protects the site with OAuth2.
 The result is a complete, reproducible domain rollout in a single playbook task.
--- a/roles/sys-stk-front-proxy/defaults/main.yml
+++ b/roles/sys-stk-front-proxy/defaults/main.yml
@@ -2,4 +2,4 @@
 vhost_flavour:        "basic"               # valid: basic, ws_generic
 # build the full template path from the flavour
-vhost_template_src:   "roles/srv-proxy-core/templates/vhost/{{ vhost_flavour }}.conf.j2"
+vhost_template_src:   "roles/sys-svc-proxy/templates/vhost/{{ vhost_flavour }}.conf.j2"
--- a/roles/sys-stk-front-proxy/tasks/main.yml
+++ b/roles/sys-stk-front-proxy/tasks/main.yml
@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-proxy-core'
+  - name: Include dependency 'sys-svc-proxy'
    include_role:
-      name: srv-proxy-core
+      name: sys-svc-proxy
-    when: run_once_srv_proxy_core is not defined
+    when: run_once_sys_svc_proxy is not defined
  - include_tasks: utils/run_once.yml
  when: run_once_sys_stk_front_proxy is not defined
@@ -15,7 +15,7 @@
 - name: "include role for {{ domain }} to receive certificates and do the modification routines"
  include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
 - name: "Copy nginx config to {{ configuration_destination }}"
  template:
--- a/roles/sys-stk-front-proxy/vars/main.yml
+++ b/roles/sys-stk-front-proxy/vars/main.yml
@@ -1 +1 @@
-configuration_destination:  "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+configuration_destination:  "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"
--- a/roles/sys-stk-front-pure/README.md
+++ b/roles/sys-stk-front-pure/README.md
@@ -7,7 +7,7 @@ The **sys-stk-front-pure** role extends a basic Nginx installation by wiring in
 2. Pulls in Let’s Encrypt ACME challenge handling.
 3. Applies global cleanup of unused domain configs.
-This role is built on top of your existing `srv-core` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.
+This role is built on top of your existing `sys-svc-webserver` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.
 ---
@@ -15,9 +15,9 @@ This role is built on top of your existing `srv-core` role, and it automates the
 When you apply **sys-stk-front-pure**, it will:
-1. **Include** the `srv-core` role to install and configure Nginx.  
+1. **Include** the `sys-svc-webserver` role to install and configure Nginx.  
 2. **Clean up** any stale vHost files under `sys-svc-cln-domains`.  
-3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `srv-letsencrypt`.  
+3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `sys-svc-letsencrypt`.  
 4. **Reload** Nginx automatically when any template changes.
 All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs.
@@ -42,7 +42,7 @@ All tasks are idempotent—once your certificates are in place and your configur
 ## Requirements
- A working `srv-core` setup.
+- A working `sys-svc-webserver` setup.
 - DNS managed via Cloudflare (for CAA record tasks) or equivalent ACME DNS flow.
 - Variables:
  - `LETSENCRYPT_WEBROOT_PATH`  
--- a/roles/sys-stk-front-pure/tasks/main.yml
+++ b/roles/sys-stk-front-pure/tasks/main.yml
@@ -3,8 +3,8 @@
    include_role:
      name: '{{ item }}'
    loop:
-    - srv-core
+    - sys-svc-webserver
    - sys-svc-cln-domains
-    - srv-letsencrypt
+    - sys-svc-letsencrypt
  - include_tasks: utils/run_once.yml
  when: run_once_sys_stk_front_pure is not defined
--- a/roles/sys-svc-cln-domains/tasks/main.yml
+++ b/roles/sys-svc-cln-domains/tasks/main.yml
@@ -3,7 +3,7 @@
    include_role:
      name: '{{ item }}'
    loop:
-    - srv-core
+    - sys-svc-webserver
  - name: Include task to remove deprecated nginx configs
    include_tasks: remove_deprecated_nginx_configs.yml
--- a/roles/sys-svc-cln-domains/tasks/remove_deprecated_nginx_configs.yml
+++ b/roles/sys-svc-cln-domains/tasks/remove_deprecated_nginx_configs.yml
@@ -15,6 +15,6 @@
 - name: Remove exact nginx config for {{ domain }}
  ansible.builtin.file:
-    path: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+    path: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"
    state: absent
  notify: restart openresty
--- a/roles/sys-svc-letsencrypt/README.md
+++ b/roles/sys-svc-letsencrypt/README.md
--- a/roles/sys-svc-letsencrypt/TODO.md
+++ b/roles/sys-svc-letsencrypt/TODO.md
--- a/roles/sys-svc-letsencrypt/meta/main.yml
+++ b/roles/sys-svc-letsencrypt/meta/main.yml
--- a/roles/sys-svc-letsencrypt/tasks/01_core.yml
+++ b/roles/sys-svc-letsencrypt/tasks/01_core.yml
--- a/roles/sys-svc-letsencrypt/tasks/01_set-caa-records.yml
+++ b/roles/sys-svc-letsencrypt/tasks/01_set-caa-records.yml
--- a/roles/sys-svc-letsencrypt/tasks/main.yml
+++ b/roles/sys-svc-letsencrypt/tasks/main.yml
@@ -1,5 +1,4 @@
 ---
 - block:
  - include_tasks: 01_core.yml
  - include_tasks: utils/run_once.yml
-  when: run_once_srv_core is not defined
+  when: run_once_sys_svc_letsencrypt is not defined
--- a/roles/sys-svc-letsencrypt/templates/letsencrypt.conf.j2
+++ b/roles/sys-svc-letsencrypt/templates/letsencrypt.conf.j2
--- a/roles/sys-svc-letsencrypt/templates/ssl_credentials.j2
+++ b/roles/sys-svc-letsencrypt/templates/ssl_credentials.j2
--- a/roles/sys-svc-letsencrypt/templates/ssl_header.j2
+++ b/roles/sys-svc-letsencrypt/templates/ssl_header.j2
@@ -12,4 +12,4 @@ ssl_session_tickets on;
 add_header Strict-Transport-Security max-age=15768000;
 ssl_stapling on;
 ssl_stapling_verify on;
-{% include 'roles/srv-letsencrypt/templates/ssl_credentials.j2' %}
+{% include 'roles/sys-svc-letsencrypt/templates/ssl_credentials.j2' %}
--- a/roles/sys-svc-letsencrypt/vars/main.yml
+++ b/roles/sys-svc-letsencrypt/vars/main.yml
--- a/roles/srv-proxy-core/README.md
+++ b/roles/srv-proxy-core/README.md
--- a/roles/srv-proxy-core/TODO.md
+++ b/roles/srv-proxy-core/TODO.md
--- a/roles/srv-proxy-core/meta/main.yml
+++ b/roles/srv-proxy-core/meta/main.yml
--- a/roles/srv-proxy-core/tasks/main.yml
+++ b/roles/srv-proxy-core/tasks/main.yml
@@ -4,6 +4,6 @@
      name: '{{ item }}'
    loop:
    - sys-stk-front-pure
-    - srv-core
+    - sys-svc-webserver
  - include_tasks: utils/run_once.yml
-  when: run_once_srv_proxy_core is not defined
+  when: run_once_sys_svc_proxy is not defined
--- a/roles/srv-proxy-core/templates/headers/buffers.conf.j2
+++ b/roles/srv-proxy-core/templates/headers/buffers.conf.j2
--- a/roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2
+++ b/roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2
--- a/roles/srv-proxy-core/templates/location/README.md
+++ b/roles/srv-proxy-core/templates/location/README.md
@@ -1,6 +1,6 @@
 # Nginx Location Templates
-This directory contains Jinja2 templates for different Nginx `location` blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the `srv-proxy-core` role to modularize and standardize reverse proxy configuration across a wide variety of applications.
+This directory contains Jinja2 templates for different Nginx `location` blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the `sys-svc-proxy` role to modularize and standardize reverse proxy configuration across a wide variety of applications.
 ---
--- a/roles/srv-proxy-core/templates/location/TODO.md
+++ b/roles/srv-proxy-core/templates/location/TODO.md
--- a/roles/srv-proxy-core/templates/location/html.conf.j2
+++ b/roles/srv-proxy-core/templates/location/html.conf.j2
@@ -15,7 +15,7 @@ location {{location}}
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-Port {{ WEB_PORT }};
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
  # WebSocket specific header
  proxy_http_version 1.1;
--- a/roles/srv-proxy-core/templates/location/media.conf.j2
+++ b/roles/srv-proxy-core/templates/location/media.conf.j2
--- a/roles/srv-proxy-core/templates/location/upload.conf.j2
+++ b/roles/srv-proxy-core/templates/location/upload.conf.j2
--- a/roles/srv-proxy-core/templates/location/ws.conf.j2
+++ b/roles/srv-proxy-core/templates/location/ws.conf.j2
--- a/roles/srv-proxy-core/templates/vhost/README.md
+++ b/roles/srv-proxy-core/templates/vhost/README.md
--- a/roles/srv-proxy-core/templates/vhost/basic.conf.j2
+++ b/roles/srv-proxy-core/templates/vhost/basic.conf.j2
@@ -1,7 +1,7 @@
 server
 {
  server_name {{ domain }};
-  {% include 'roles/srv-proxy-core/templates/headers/buffers.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/buffers.conf.j2' %}
  {% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
    {% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%}
@@ -14,7 +14,7 @@ server
    {{ proxy_extra_configuration }}
  {% endif %}
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
  {% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
    {% set acl = applications | get_app_conf(application_id, 'oauth2_proxy.acl', False, {}) %}
@@ -23,38 +23,38 @@ server
      {# 1. Expose everything by default, then protect blacklisted paths #}
      {% set oauth2_proxy_enabled = false %}
      {% set location = "/" %}
-      {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+      {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
      {% for loc in acl.blacklist %}
        {% set oauth2_proxy_enabled = true %}
        {% set location = loc %}
-        {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+        {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
      {% endfor %}
    {% elif acl.whitelist is defined %}
      {# 2. Protect everything by default, then expose whitelisted paths #}
      {% set oauth2_proxy_enabled = true %}
      {% set location = "/" %}
-      {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+      {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
      {% for loc in acl.whitelist %}
        {% set oauth2_proxy_enabled = false %}
        {% set location = loc %}
-        {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+        {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
      {% endfor %}
    {% else %}
      {# 3. OAuth2 enabled but no (or empty) ACL — protect all #}
      {% set oauth2_proxy_enabled = true %}
      {% set location = "/" %}
-      {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+      {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
    {% endif %}
  {% else %}
    {# 4. OAuth2 completely disabled — expose all #}
    {% set oauth2_proxy_enabled = false %}
    {% set location = "/" %}
-    {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+    {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
  {% endif %}
 }
--- a/roles/srv-proxy-core/templates/vhost/ws_generic.conf.j2
+++ b/roles/srv-proxy-core/templates/vhost/ws_generic.conf.j2
@@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
 server {
  server_name {{ domain }};
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
  {% include 'roles/sys-front-inj-all/templates/server.conf.j2' %}
@@ -25,10 +25,10 @@ server {
  add_header Strict-Transport-Security "max-age=31536000";
-  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
  {% if location_ws is defined %}
-    {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %}
+    {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
  {% endif %}
  error_page 500 501 502 503 504 /500.html;
--- a/roles/sys-svc-webserver/README.md
+++ b/roles/sys-svc-webserver/README.md
--- a/roles/sys-svc-webserver/TODO.md
+++ b/roles/sys-svc-webserver/TODO.md
--- a/roles/sys-svc-webserver/meta/main.yml
+++ b/roles/sys-svc-webserver/meta/main.yml
@@ -18,4 +18,4 @@ galaxy_info:
    - performance
  repository: "https://s.infinito.nexus/code"
  issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://s.infinito.nexus/code/roles/srv-core"
+  documentation: "https://s.infinito.nexus/code/roles/sys-svc-webserver"
--- a/roles/sys-svc-webserver/tasks/01_core.yml
+++ b/roles/sys-svc-webserver/tasks/01_core.yml
@@ -49,3 +49,5 @@
    - sys-ctl-hlth-csp
  vars:
    flush_handlers: false
 - include_tasks: utils/run_once.yml
--- a/roles/sys-svc-webserver/tasks/02_cleanup.yml
+++ b/roles/sys-svc-webserver/tasks/02_cleanup.yml
--- a/roles/sys-svc-webserver/tasks/03_reset.yml
+++ b/roles/sys-svc-webserver/tasks/03_reset.yml
--- a/roles/sys-svc-webserver/tasks/04_directories.yml
+++ b/roles/sys-svc-webserver/tasks/04_directories.yml
--- a/roles/sys-svc-webserver/tasks/main.yml
+++ b/roles/sys-svc-webserver/tasks/main.yml
@@ -0,0 +1,4 @@
 ---
 - block:
  - include_tasks: 01_core.yml
  when: run_once_sys_svc_webserver is not defined
--- a/roles/sys-svc-webserver/templates/nginx.conf.j2
+++ b/roles/sys-svc-webserver/templates/nginx.conf.j2
--- a/roles/sys-util-csp-cert/README.md
+++ b/roles/sys-util-csp-cert/README.md
@@ -1,4 +1,4 @@
-# Role: srv-composer
+# Role: sys-util-csp-cert
 This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow:
--- a/roles/sys-util-csp-cert/meta/main.yml
+++ b/roles/sys-util-csp-cert/meta/main.yml
@@ -27,4 +27,4 @@ galaxy_info:
    - orchestration
  repository: "https://s.infinito.nexus/code"
  issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://s.infinito.nexus/code/roles/srv-composer"
+  documentation: "https://s.infinito.nexus/code/roles/sys-util-csp-cert"
--- a/roles/sys-util-csp-cert/tasks/main.yml
+++ b/roles/sys-util-csp-cert/tasks/main.yml
@@ -1,4 +1,4 @@
-# run_once_srv_composer: deactivated
+# run_once_sys_util_csp_cert: deactivated
 - name: "include role sys-front-inj-all for '{{ domain }}'"
  include_role: 
--- a/roles/web-app-bigbluebutton/README.md
+++ b/roles/web-app-bigbluebutton/README.md
@@ -35,7 +35,7 @@ By default, BigBlueButton is deployed with best-practice hardening, modular secr
 ## System Requirements
 - Arch Linux with Docker, Compose, and Nginx roles pre-installed
- DNS and reverse proxy configuration using `srv-proxy-core`
+- DNS and reverse proxy configuration using `sys-svc-proxy`
 - Functional email system for Greenlight SMTP
 ## Important Resources
--- a/roles/web-app-bigbluebutton/tasks/main.yml
+++ b/roles/web-app-bigbluebutton/tasks/main.yml
@@ -3,7 +3,7 @@
  set_fact:
    proxy_extra_configuration: >-
      {{ lookup('ansible.builtin.template',
-                playbook_dir ~ '/roles/srv-proxy-core/templates/location/html.conf.j2') | trim }}
+                playbook_dir ~ '/roles/sys-svc-proxy/templates/location/html.conf.j2') | trim }}
  vars:
    location: '^~ /html5client'
    oauth2_proxy_enabled: false
--- a/roles/web-app-matrix/tasks/03_webserver.yml
+++ b/roles/web-app-matrix/tasks/03_webserver.yml
@@ -18,7 +18,7 @@
 - name: "include role for {{ application_id }} to receive certs & do modification routines for {{ MATRIX_SYNAPSE_DOMAIN }}"
  include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
  vars:
    domain:     "{{ MATRIX_SYNAPSE_DOMAIN }}"
    http_port:  "{{ MATRIX_SYNAPSE_PORT }}"
--- a/roles/web-app-matrix/templates/nginx.conf.j2
+++ b/roles/web-app-matrix/templates/nginx.conf.j2
@@ -1,6 +1,6 @@
 server {
    server_name {{ domain }};
-    {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+    {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
    # For the federation port
    listen {{ MATRIX_FEDERATION_PORT }} ssl default_server;
@@ -8,7 +8,7 @@ server {
    {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
-    {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+    {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
-    {% include 'roles/srv-proxy-core/templates/location/upload.conf.j2' %}
+    {% include 'roles/sys-svc-proxy/templates/location/upload.conf.j2' %}
 }
--- a/roles/web-app-nextcloud/tasks/main.yml
+++ b/roles/web-app-nextcloud/tasks/main.yml
@@ -11,7 +11,7 @@
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
  include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
 - name: create nextcloud proxy configuration file
  template: 
--- a/roles/web-app-nextcloud/templates/nginx/host.conf.j2
+++ b/roles/web-app-nextcloud/templates/nginx/host.conf.j2
@@ -2,7 +2,7 @@ server
 {
  server_name {{ domain }};
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
  {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
@@ -17,7 +17,7 @@ server
  client_body_buffer_size 400M;
  fastcgi_buffers 64 4K;
-  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
  location ^~ /.well-known {
    rewrite ^/\.well-known/host-meta\.json  /public.php?service=host-meta-json  last;
--- a/roles/web-app-peertube/tasks/create-domains.yml
+++ b/roles/web-app-peertube/tasks/create-domains.yml
@@ -1,9 +1,9 @@
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
  include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
 - name: configure {{ domain }}.conf
  template: 
    src:  "templates/peertube.conf.j2"
-    dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+    dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"
  notify: restart openresty
--- a/roles/web-app-peertube/templates/peertube.conf.j2
+++ b/roles/web-app-peertube/templates/peertube.conf.j2
@@ -1,18 +1,18 @@
 server {
  server_name {{ domain }};
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
  {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
  ##
  # Application
  ##
  {% set location = "@html" %}
-  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
  location / {
    try_files /dev/null {{ location }};
@@ -45,7 +45,7 @@ server {
  ##
  {% set location_ws = "@websocket" %}
-  {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
  location /socket.io {
    try_files /dev/null {{ location_ws }};
--- a/roles/web-app-syncope/tasks/main.yml
+++ b/roles/web-app-syncope/tasks/main.yml
@@ -1,8 +1,4 @@
 ---
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
  include_role:
    name: srv-composer
 - name: "load docker and db for {{ application_id }}"
  include_role: 
    name: sys-stk-back-stateful
@@ -10,7 +6,7 @@
 - name: configure {{ domain }}.conf
  template: 
    src:  "templates/proxy.conf.j2"
-    dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+    dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"
  notify: restart openresty
 - name: "create {{ docker_compose.files.env }}"
--- a/roles/web-app-syncope/templates/proxy.conf
+++ b/roles/web-app-syncope/templates/proxy.conf
@@ -2,7 +2,7 @@ server
 {
  server_name {{ domain }};
  {# Include buffers for OIDC #}
-  {% include 'roles/srv-proxy-core/templates/headers/buffers.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/buffers.conf.j2' %}
  {% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
    {% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%}
@@ -15,10 +15,10 @@ server
    {{ proxy_extra_configuration }}
  {% endif %}
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
  {% for path in syncope_paths.values() %}
    {% set location =  WEB_PROTOCOL ~ '://' ~ domains | get_domain(application_id) ~ '/' ~ path ~ '/' %}
-    {% include 'roles/srv-proxy-core/templates/location/html.conf.j2'%}
+    {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2'%}
  {% endfor %}
 }
--- a/roles/web-opt-rdr-domains/tasks/redirect-domain.yml
+++ b/roles/web-opt-rdr-domains/tasks/redirect-domain.yml
@@ -5,5 +5,5 @@
 - name: "Deploying NGINX redirect configuration for '{{ domain }}'"
  template:
    src:  redirect.domain.nginx.conf.j2
-    dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+    dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"
  notify: restart openresty
--- a/roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2
+++ b/roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2
@@ -1,6 +1,6 @@
 server {
  server_name {{ domain }};
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
  return 301 https://{{ target }}$request_uri;
 }
--- a/roles/web-opt-rdr-www/tasks/main.yml
+++ b/roles/web-opt-rdr-www/tasks/main.yml
@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-core'
+  - name: Include dependency 'sys-svc-webserver'
    include_role:
-      name: srv-core
+      name: sys-svc-webserver
-    when: run_once_srv_core is not defined
+    when: run_once_sys_svc_webserver is not defined
  - include_tasks: utils/run_once.yml
  when: run_once_web_opt_rdr_www is not defined
--- a/roles/web-svc-cdn/tasks/01_core.yml
+++ b/roles/web-svc-cdn/tasks/01_core.yml
@@ -7,7 +7,7 @@
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
  include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
  vars:
    http_port: "{{ ports.localhost.http[application_id] }}"
--- a/roles/web-svc-cdn/templates/nginx.conf.j2
+++ b/roles/web-svc-cdn/templates/nginx.conf.j2
@@ -2,11 +2,11 @@ server
 {
  server_name {{ domains | get_domain(application_id) }};
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
  {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
  charset utf-8;
--- a/roles/web-svc-collabora/tasks/01_core.yml
+++ b/roles/web-svc-collabora/tasks/01_core.yml
@@ -8,7 +8,7 @@
 - name: "generate {{ domain }}.conf"
  template:
    src: "nginx.conf.j2"
-    dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+    dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"
  notify: restart openresty
 - name: Update Collabora systemplate to include new fonts
--- a/roles/web-svc-collabora/templates/nginx.conf.j2
+++ b/roles/web-svc-collabora/templates/nginx.conf.j2
@@ -1,22 +1,22 @@
 server {
  server_name {{ domain }};
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
  {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
  {# Normal HTTP routes (discovery, browser, assets) – no Lua injection #}
  {% set proxy_lua_enabled = false %}
  {% set location = "/" %}
-  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
  {# Optional explicit fast path for discovery #}
  {% set location = "= " ~ container_healthcheck %}
-  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
  {# WebSocket handling for Collabora #}
  {% set location_ws = '^~ /cool/' %}
  {% set ws_port = http_port %}
-  {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
 }
--- a/roles/web-svc-file/tasks/main.yml
+++ b/roles/web-svc-file/tasks/main.yml
@@ -10,7 +10,7 @@
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
  include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
  vars:
    domain: "{{ domains | get_domain(application_id) }}"
    http_port: "{{ ports.localhost.http[application_id] }}"
--- a/roles/web-svc-file/templates/nginx.conf.j2
+++ b/roles/web-svc-file/templates/nginx.conf.j2
@@ -2,11 +2,11 @@ server
 {
  server_name {{ domains | get_domain(application_id) }};
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
  {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
  charset utf-8;
--- a/roles/web-svc-html/tasks/main.yml
+++ b/roles/web-svc-html/tasks/main.yml
@@ -10,7 +10,7 @@
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
  include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
  vars:
    domain: "{{ domains | get_domain(application_id) }}"
    http_port: "{{ ports.localhost.http[application_id] }}"
--- a/roles/web-svc-html/templates/nginx.conf.j2
+++ b/roles/web-svc-html/templates/nginx.conf.j2
@@ -2,11 +2,11 @@ server
 {
  server_name {{ domains | get_domain(application_id) }};
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
  {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
  charset utf-8;
		`@@ -1 +1 @@`
			`configuration_destination: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"`				`configuration_destination: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] \| path_join }}"`
`@@ -1,4 +1,4 @@`
	`# Role: srv-composer`	`# Role: sys-util-csp-cert`

	`This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow:`	`This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow:`