web-app-bluesky: refactor role, add Cloudflare DNS integration, split tasks

Changes: add AppView port; add CSP whitelist; new tasks (01_pds, 02_social_app, 03_dns); switch templates to BLUESKY_* vars; update docker-compose and env; TCP healthcheck; remove admin_password from schema.

Conversation context: https://chatgpt.com/share/68b85276-e0ec-800f-90ec-480a1d528593

roles/web-app-bluesky/vars/main.yml

@@ -1,11 +1,45 @@
-application_id:               "web-app-bluesky"
-social_app_path:              "{{ docker_compose.directories.services }}/social-app"
+# General
+application_id:                 "web-app-bluesky"
+
+## Bluesky
+
+## Social App
+BLUESKY_SOCIAL_APP_DIR:         "{{ docker_compose.directories.services }}/social-app"
 
 # This should be removed when the following issue is closed:
 # https://github.com/bluesky-social/pds/issues/52
-pdsadmin_folder_path:         "{{ docker_compose.directories.volumes }}/pdsadmin"
-pdsadmin_file_path:           "{{pdsadmin_folder_path}}/pdsadmin"
-pdsadmin_temporary_tar_path:  "/tmp/pdsadmin.tar.gz"
-bluesky_jwt_secret:           "{{ applications | get_app_conf(application_id, 'credentials.jwt_secret') }}"
-bluesky_admin_password:       "{{ applications | get_app_conf(application_id, 'credentials.admin_password') }}"
-bluesky_rotation_key:         "{{ applications | get_app_conf(application_id, 'credentials.plc_rotation_key_k256_private_key_hex') }}"
+
+## PDS
+BLUESKY_PDSADMIN_DIR:           "{{ [ docker_compose.directories.volumes, 'pdsadmin' ] | path_join }}"
+BLUESKY_PDSADMIN_FILE:          "{{ [ BLUESKY_PDSADMIN_DIR, 'pdsadmin' ] | path_join }}"
+BLUESKY_PDSADMIN_TMP_TAR:       "/tmp/pdsadmin.tar.gz"
+BLUESKY_PDS_IMAGE:              "{{ applications | get_app_conf(application_id, 'docker.services.pds.image') }}"
+BLUESKY_PDS_VERSION:            "{{ applications | get_app_conf(application_id, 'docker.services.pds.version') }}"
+BLUESKY_PDS_DATA_VOLUME:        "{{ applications | get_app_conf(application_id, 'docker.volumes.pds_data') }}"
+BLUESKY_PDS_DATA_DIR:           "/opt/pds"
+BLUESKY_PDS_BLOBSTORE_LOCATION: "{{ [ BLUESKY_PDS_DATA_DIR, 'blocks' ] | path_join }}"
+
+## Web
+BLUESKY_WEB_ENABLED:            "{{ applications | get_app_conf(application_id, 'docker.services.web.enabled') }}"
+BLUESKY_WEB_DOMAIN:             "{{ domains[application_id].web }}"
+BLUESKY_WEB_PORT:               "{{ ports.localhost.http['web-app-bluesky_web'] }}"
+
+## View
+BLUESKY_VIEW_ENABLED:           "{{ applications | get_app_conf(application_id, 'docker.services.view.enabled') }}"
+BLUESKY_VIEW_DOMAIN:            "{{ domains[application_id].view if BLUESKY_VIEW_ENABLED else 'api.bsky.app' }}"
+BLUESKY_VIEW_URL:               "{{ WEB_PROTOCOL }}://{{ BLUESKY_VIEW_DOMAIN }}"
+BLUESKY_VIEW_DID:               "did:web:{{ BLUESKY_VIEW_DOMAIN }}"
+BLUESKY_VIEW_PORT:              "{{ ports.localhost.http['web-app-bluesky_view'] | default(8053) }}"
+
+## Server
+BLUESKY_API_DOMAIN:             "{{ domains[application_id].api }}"
+BLUESKY_API_PORT:               "{{ ports.localhost.http['web-app-bluesky_api'] }}"
+
+## Credentials
+BLUESKY_JWT_SECRET:             "{{ applications | get_app_conf(application_id, 'credentials.jwt_secret') }}"
+BLUESKY_ROTATION_KEY:           "{{ applications | get_app_conf(application_id, 'credentials.plc_rotation_key_k256_private_key_hex') }}"
+
+## Admin
+BLUESKY_ADMIN_EMAIL:            "{{ users.administrator.email }}"
+BLUESKY_ADMIN_PASSWORD:         "{{ users.administrator.password }}"
+