refactor: replace srv-web-7-7-dns-records with sys-dns-cloudflare-records

- removed obsolete role `srv-web-7-7-dns-records` (README, meta, tasks)
- updated Gitea role to use `sys-dns-cloudflare-records` with explicit record vars
- updated web-opt-rdr-www role to use new DNS role with zone detection (`to_zone`)
- added REDIRECT_WWW_FLAVOR var to support "edge" flavor selection

roles/srv-web-7-7-dns-records/README.md

@@ -1,37 +0,0 @@
-# Cloudflare DNS Records
-
-## Description
-
-This Ansible role automates the management of DNS A-records in Cloudflare zones. It uses the [community.general.cloudflare_dns](https://docs.ansible.com/ansible/latest/collections/community/general/cloudflare_dns_module.html) module to create or update A-records for a list of domains, automatically detects the correct zone for each record, and supports configurable proxy settings.
-
-## Overview
-
-Looping over a provided list of domains (`cloudflare_domains`), this role:
-- Determines the zone name by extracting the last two labels of each domain.
-- Ensures an A-record for each domain points to the specified IP (`cloudflare_target_ip`).
-- Honors the `proxied` flag to switch between DNS-only and Cloudflare-proxied modes.
-- Provides an optional debug task (`MODE_DEBUG`) to output the domain list before changes.
-
-Ideal for environments where bulk or dynamic DNS updates are needed, this role abstracts away the complexity of Cloudflare’s zone and record API.
-
-## Purpose
-
-Cloudflare DNS Records delivers an idempotent, scalable solution for managing A-records across multiple Cloudflare zones. Whether you need to onboard hundreds of domains or toggle proxy settings in CI/CD pipelines, this role handles the orchestration and ensures consistency.
-
-## Features
-
-- **Automatic Zone Detection:** Parses each domain to derive its zone (`example.com`) without manual intervention.  
-- **Bulk Record Management:** Creates or updates A-records for all entries in `cloudflare_domains`.  
-- **Proxy Toggle:** Configure `proxied: true` or `false` per record to switch between DNS-only and proxied modes.  
-- **Debug Support:** Enable `MODE_DEBUG` to print the domain list for validation before execution.  
-- **Flexible Authentication:** Supports both API token (`api_token`) and Global API key + email.  
-- **Low-TTL Option:** Use `ttl: 1` for rapid DNS propagation during dynamic updates.
-
-## Author
-
-Kevin Veen-Birkenbach
-
-## License
-
-Infinito.Nexus NonCommercial License  
-<https://s.infinito.nexus/license>

roles/srv-web-7-7-dns-records/meta/main.yml

@@ -1,26 +0,0 @@
----
-galaxy_info:
-  author: "Kevin Veen-Birkenbach"
-  description: "Manages DNS A-records in Cloudflare zones."
-  license: "Infinito.Nexus NonCommercial License"
-  license_url: "https://s.infinito.nexus/license"
-  company: |
-    Kevin Veen-Birkenbach
-    Consulting & Coaching Solutions
-    https://www.veen.world
-  min_ansible_version: "2.9"
-  platforms:
-    - name: "All"
-      versions:
-        - "all"
-  galaxy_tags:
-    - "cloudflare"
-    - "dns"
-    - "records"
-    - "ansible"
-    - "network"
-    - "automation"
-  repository: "https://s.infinito.nexus/code"
-  issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://docs.infinito.nexus"
-dependencies: []

roles/srv-web-7-7-dns-records/tasks/main.yml

@@ -1,17 +0,0 @@
-# run_once_srv_web_7_7_dns_records: deactivated
-
-- name: Create or update Cloudflare A-record for {{ item }}
-  community.general.cloudflare_dns:
-    api_token: "{{ CLOUDFLARE_API_TOKEN }}"
-    zone: "{{ item.split('.')[-2:] | join('.') }}"
-    state: present
-    type: A
-    name: "{{ item }}"
-    content: "{{ cloudflare_target_ip }}"
-    ttl: 1
-    proxied: "{{ cloudflare_proxied | int }}"
-  loop: "{{ cloudflare_domains }}"
-  loop_control:
-    label: "{{ item }}"
-  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
-  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"

roles/web-app-gitea/tasks/main.yml

@@ -58,10 +58,12 @@
 
 - name: Include DNS role to register Gitea domain(s)
   include_role:
-    name: srv-web-7-7-dns-records
+    name: sys-dns-cloudflare-records
   vars:
-    CLOUDFLARE_API_TOKEN:   "{{ CLOUDFLARE_API_TOKEN }}"
-    cloudflare_domains:     "{{ [ domains | get_domain(application_id) ] }}"
-    cloudflare_target_ip:   "{{ networks.internet.ip4 }}"
-    cloudflare_proxied:     false
+    cloudflare_records:
+      - zone:     "{{ domains | get_domain(application_id) | to_zone }}"
+        type:     A
+        name:    "{{ domains | get_domain(application_id) }}"
+        content: "{{ networks.internet.ip4 }}"
+        proxied: false  # Necessary for SSH port
   when: DNS_PROVIDER == 'cloudflare'

roles/web-opt-rdr-www/tasks/main.yml

@@ -18,10 +18,21 @@
 
 - name: Include DNS role to set redirects
   include_role:
-    name: srv-web-7-7-dns-records
+    name: sys-dns-cloudflare-records
   vars:
-    CLOUDFLARE_API_TOKEN: "{{ CLOUDFLARE_API_TOKEN }}"
-    cloudflare_domains: "{{ www_domains }}"
-    cloudflare_target_ip: "{{ networks.internet.ip4 }}"
-    cloudflare_proxied: false
+    cloudflare_records: |
+      {%- set bare = www_domains | map('regex_replace', '^www\\.(.+)$', '\\1') | list -%}
+      [
+      {%- for d in bare -%}
+        {
+          "type": "A",
+          "zone": "{{ d | to_zone }}",
+          "name": "{{ d }}",
+          "content": "{{ networks.internet.ip4 }}",
+          "proxied": false,
+          "ttl": 1
+        }{{ "," if not loop.last else "" }}
+      {%- endfor -%}
+      ]
   when: DNS_PROVIDER == 'cloudflare'
+

roles/web-opt-rdr-www/vars/main.yml

@@ -1 +1,2 @@
-application_id: "web-opt-rdr-www"
+application_id:       "web-opt-rdr-www"
+REDIRECT_WWW_FLAVOR:  "edge"