Renamed general and mode constants and implemented a check to verify that constants are just defined ones over the whole repository

group_vars/all/00_general.yml

@@ -1,4 +1,4 @@
-INFINITO_ENVIRONMENT:     "production"  # Possible values: production, development
+ENVIRONMENT:              "production"  # Possible values: production, development
 
 # If true, sensitive credentials will be masked or hidden from all Ansible task logs
 # Recommendet to set to true
@@ -19,49 +19,46 @@ HOST_THOUSAND_SEPARATOR:  "."
 HOST_DECIMAL_MARK:        ","
 
 # Deployment mode
-deployment_mode:        "single"      # Use single, if you deploy on one server. Use cluster if you setup in cluster mode.
+DEPLOYMENT_MODE:        "single"      # Use single, if you deploy on one server. Use cluster if you setup in cluster mode.
 
+# Web
 WEB_PROTOCOL:           "https"       # Web protocol type. Use https or http. If you run local you need to change it to http
 WEB_PORT:               "{{ 443 if WEB_PROTOCOL == 'https' else 80 }}"  # Default port web applications will listen to
 
-## Domain
-primary_domain_tld:     "localhost"                                     # Top Level Domain of the server
-primary_domain_sld:     "infinito"                                        # Second Level Domain of the server
-primary_domain:         "{{primary_domain_sld}}.{{primary_domain_tld}}" # Primary Domain of the server
+# Domain
+PRIMARY_DOMAIN:         "localhost"                                                                                   # Primary Domain of the server
+PRIMARY_DOMAIN_tld:     "{{ (PRIMARY_DOMAIN == 'localhost') | ternary('localhost', PRIMARY_DOMAIN.split('.')[-1]) }}" # Top Level Domain of the server
+PRIMARY_DOMAIN_SLD:     "{{ (PRIMARY_DOMAIN == 'localhost') | ternary('localhost', PRIMARY_DOMAIN.split('.')[-2]) }}" # Second Level Domain of the server
 
 # Server Tact Variables 
 
 ## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
-hours_server_awake:                       "0..23"
+HOURS_SERVER_AWAKE:                       "0..23"
 
 ## Random delay for systemd timers to avoid peak loads.
-randomized_delay_sec:                     "5min"
+RANDOMIZED_DELAY_SEC:                     "5min"
 
 # Runtime Variables for Process Control
-activate_all_timers:                       false   # Activates all timers, independend if the handlers had been triggered
+ACTIVATE_ALL_TIMERS:                      false   # Activates all timers, independend if the handlers had been triggered
 
-# This enables debugging in ansible and in the apps
-# You SHOULD NOT enable this on production servers
-enable_debug:                             false
-
-dns_provider:                             cloudflare              # The DNS Provider\Registrar for the domain
+DNS_PROVIDER:                             cloudflare              # The DNS Provider\Registrar for the domain
 
 # Which ACME method to use: webroot, cloudflare, or hetzner
-certbot_acme_challenge_method:            "cloudflare"
-certbot_credentials_dir:                  /etc/certbot
-certbot_credentials_file:                 "{{ certbot_credentials_dir }}/{{ certbot_acme_challenge_method }}.ini"
-certbot_dns_api_token:                    ""                      # Define in inventory file: More information here: group_vars/all/docs/CLOUDFLARE_API_TOKEN.md
-certbot_dns_propagation_wait_seconds:     300                     # How long should the script wait for DNS propagation before continuing
-certbot_flavor:                           san                     # Possible options: san (recommended, with a dns flavor like cloudflare, or hetzner), wildcard(doesn't function with www redirect), dedicated
+CERTBOT_ACME_CHALLENGE_METHOD:            "cloudflare"
+CERTBOT_CREDENTIALS_DIR:                  /etc/certbot
+CERTBOT_CREDENTIALS_FILE:                 "{{ CERTBOT_CREDENTIALS_DIR }}/{{ CERTBOT_ACME_CHALLENGE_METHOD }}.ini"
+CERTBOT_DNS_API_TOKEN:                    ""                      # Define in inventory file: More information here: group_vars/all/docs/CLOUDFLARE_API_TOKEN.md
+CERTBOT_DNS_PROPAGATION_WAIT_SECONDS:     300                     # How long should the script wait for DNS propagation before continuing
+CERTBOT_FLAVOR:                           san                     # Possible options: san (recommended, with a dns flavor like cloudflare, or hetzner), wildcard(doesn't function with www redirect), dedicated
 
 # Path where Certbot stores challenge webroot files
-letsencrypt_webroot_path:                 "/var/lib/letsencrypt/"
+LETSENCRYPT_WEBROOT_PATH:                 "/var/lib/letsencrypt/"
 
 # Base directory containing Certbot configuration, account data, and archives
-letsencrypt_base_path:                    "/etc/letsencrypt/"
+LETSENCRYPT_BASE_PATH:                    "/etc/letsencrypt/"
 
 # Symlink directory for the current active certificate and private key
-letsencrypt_live_path:                    "{{ letsencrypt_base_path }}live/"
+LETSENCRYPT_LIVE_PATH:                    "{{ LETSENCRYPT_BASE_PATH }}live/"
 
 ## Docker Role Specific Parameters
 DOCKER_RESTART_POLICY:                    "unless-stopped"

group_vars/all/01_modes.yml

@@ -1,8 +1,9 @@
 # Mode
 
 # The following modes can be combined with each other
-mode_reset:   false # Cleans up all Infinito.Nexus files. It's necessary to run to whole playbook and not particial roles when using this function.
-mode_test:    false # Executes test routines instead of productive routines
-mode_update:  true  # Executes updates
-mode_backup:  true  # Activates the backup before the update procedure
-mode_cleanup: true  # Cleanup unused files and configurations
+MODE_RESET:   false # Cleans up all Infinito.Nexus files. It's necessary to run to whole playbook and not particial roles when using this function.
+MODE_TEST:    false # Executes test routines instead of productive routines
+MODE_UPDATE:  true  # Executes updates
+MODE_BACKUP:  true  # Activates the backup before the update procedure
+MODE_CLEANUP: true  # Cleanup unused files and configurations
+MODE_DEBUG:   false # This enables debugging in ansible and in the apps, You SHOULD NOT enable this on production servers

group_vars/all/02_system_email.yml

@@ -1,7 +1,7 @@
 # Email Configuration
 default_system_email:
-  domain:    "{{primary_domain}}"
-  host:      "mail.{{primary_domain}}"
+  domain:    "{{PRIMARY_DOMAIN}}"
+  host:      "mail.{{PRIMARY_DOMAIN}}"
   port:      465
   tls:       true   # true for TLS and false for SSL
   start_tls: false

group_vars/all/08_calendar.yml

@@ -3,10 +3,10 @@
 on_calendar_health_btrfs:                     "*-*-* 00:00:00"                        # Check once per day the btrfs for errors
 on_calendar_health_journalctl:                "*-*-* 00:00:00"                        # Check once per day the journalctl for errors
 on_calendar_health_disc_space:                "*-*-* 06,12,18,00:00:00"               # Check four times per day if there is sufficient disc space 
-on_calendar_health_docker_container:          "*-*-* {{ hours_server_awake }}:00:00"  # Check once per hour if the docker containers are healthy
-on_calendar_health_docker_volumes:            "*-*-* {{ hours_server_awake }}:15:00"  # Check once per hour if the docker volumes are healthy
-on_calendar_health_csp_crawler:               "*-*-* {{ hours_server_awake }}:30:00"  # Check once per hour if all CSP are fullfilled available
-on_calendar_health_nginx:                     "*-*-* {{ hours_server_awake }}:45:00"  # Check once per hour if all webservices are available
+on_calendar_health_docker_container:          "*-*-* {{ HOURS_SERVER_AWAKE }}:00:00"  # Check once per hour if the docker containers are healthy
+on_calendar_health_docker_volumes:            "*-*-* {{ HOURS_SERVER_AWAKE }}:15:00"  # Check once per hour if the docker volumes are healthy
+on_calendar_health_csp_crawler:               "*-*-* {{ HOURS_SERVER_AWAKE }}:30:00"  # Check once per hour if all CSP are fullfilled available
+on_calendar_health_nginx:                     "*-*-* {{ HOURS_SERVER_AWAKE }}:45:00"  # Check once per hour if all webservices are available
 on_calendar_health_msmtp:                     "*-*-* 00:00:00"                        # Check once per day SMTP Server              
 
 ## Schedule for Cleanup Tasks
@@ -19,7 +19,7 @@ on_calendar_backup_docker_to_local:           "*-*-* 03:30:00"
 on_calendar_backup_remote_to_local:           "*-*-* 21:30:00"
 
 ## Schedule for Maintenance Tasks
-on_calendar_heal_docker:                      "*-*-* {{ hours_server_awake }}:30:00"  # Heal unhealthy docker instances once per hour
+on_calendar_heal_docker:                      "*-*-* {{ HOURS_SERVER_AWAKE }}:30:00"  # Heal unhealthy docker instances once per hour
 on_calendar_renew_lets_encrypt_certificates:  "*-*-* 12,00:30:00"                     # Renew Mailu certificates twice per day
 on_calendar_deploy_certificates:              "*-*-* 13,01:30:00"                     # Deploy letsencrypt certificates twice per day to docker containers
 on_calendar_msi_keyboard_color:               "*-*-* *:*:00"                          # Change the keyboard color every minute

group_vars/all/12_oidc.yml

@@ -8,7 +8,7 @@
 # @see https://en.wikipedia.org/wiki/OpenID_Connect
 
 ## Helper Variables:
-_oidc_client_realm:         "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else primary_domain }}"
+_oidc_client_realm:         "{{ oidc.client.realm if oidc.client is defined and oidc.client.realm is defined else PRIMARY_DOMAIN }}"
 _oidc_url:                  "{{ 
                                 (oidc.url 
                                   if (oidc is defined and oidc.url is defined) 
@@ -16,7 +16,7 @@ _oidc_url:                  "{{
                                 ) 
                             }}"
 _oidc_client_issuer_url:    "{{ _oidc_url }}/realms/{{_oidc_client_realm}}"
-_oidc_client_id:            "{{ oidc.client.id if oidc.client is defined and oidc.client.id is defined else primary_domain }}"
+_oidc_client_id:            "{{ oidc.client.id if oidc.client is defined and oidc.client.id is defined else PRIMARY_DOMAIN }}"
 
 defaults_oidc:
   url:                    "{{ _oidc_url }}"
@@ -33,7 +33,7 @@ defaults_oidc:
     change_credentials:   "{{_oidc_client_issuer_url}}account/account-security/signing-in"  # URL for managing or changing user credentials
     certs:                "{{_oidc_client_issuer_url}}/protocol/openid-connect/certs"       # JSON Web Key Set (JWKS)
     reset_credentials:    "{{_oidc_client_issuer_url}}/login-actions/reset-credentials?client_id={{ _oidc_client_id }}" # Password reset url
-  button_text:            "SSO Login ({{primary_domain | upper}})"                           # Default button text
+  button_text:            "SSO Login ({{PRIMARY_DOMAIN | upper}})"                           # Default button text
   attributes:
     # Attribut to identify the user
     username:             "preferred_username"

group_vars/all/13_ldap.yml

@@ -5,12 +5,12 @@
 
 # Helper Variables:
 # Keep in mind to mapp this variables if there is ever the possibility for the user to define them in the inventory
-_ldap_dn_base:                  "dc={{primary_domain_sld}},dc={{primary_domain_tld}}"
+_ldap_dn_base:                  "dc={{PRIMARY_DOMAIN_SLD}},dc={{PRIMARY_DOMAIN_tld}}"
 _ldap_docker_network_enabled:   "{{ applications | get_app_conf('svc-db-openldap', 'network.docker') }}"
 _ldap_protocol:                 "{{ 'ldap' if _ldap_docker_network_enabled else 'ldaps' }}"
 _ldap_server_port:              "{{ ports.localhost[_ldap_protocol]['svc-db-openldap'] }}"
 _ldap_name:                     "{{ applications | get_app_conf('svc-db-openldap', 'docker.services.openldap.name') }}"
-_ldap_domain:                   "{{ primary_domain }}" # LDAP is jsut listening to a port not to a dedicated domain, so primary domain should be sufficient
+_ldap_domain:                   "{{ PRIMARY_DOMAIN }}" # LDAP is jsut listening to a port not to a dedicated domain, so primary domain should be sufficient
 _ldap_user_id:                  "uid"
 _ldap_filters_users_all:        "(|(objectclass=inetOrgPerson))"
 

group_vars/all/15_about.yml

@@ -19,7 +19,7 @@ defaults_service_provider:
     web-app-bluesky: >-
       {{ ('@' ~ users.contact.username ~ '.' ~ domains['web-app-bluesky'].api)
          if 'web-app-bluesky' in group_names else '' }}
-    email:          "{{ users.contact.username ~ '@' ~ primary_domain if 'web-app-mailu' in group_names else '' }}"
+    email:          "{{ users.contact.username ~ '@' ~ PRIMARY_DOMAIN if 'web-app-mailu' in group_names else '' }}"
     mastodon:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('web-app-mastodon') if 'web-app-mastodon' in group_names else '' }}"
     matrix:         "{{ '@' ~ users.contact.username ~ ':' ~ domains['web-app-matrix'].synapse if 'web-app-matrix' in group_names else '' }}"
     peertube:       "{{ '@' ~ users.contact.username ~ '@' ~ domains | get_domain('web-app-peertube') if 'web-app-peertube' in group_names else '' }}"

group_vars/all/docs/CLOUDFLARE_API_TOKEN.md

@@ -1,10 +1,10 @@
-# Cloudflare API Token for Ansible (`certbot_dns_api_token`)
+# Cloudflare API Token for Ansible (`CERTBOT_DNS_API_TOKEN`)
 
 This document explains how to generate and use a Cloudflare API Token for DNS automation and certificate operations in Ansible (e.g., with Certbot).
 
 ## Purpose
 
-The `certbot_dns_api_token` variable must contain a valid Cloudflare API Token.  
+The `CERTBOT_DNS_API_TOKEN` variable must contain a valid Cloudflare API Token.  
 This token is used for all DNS operations and ACME (SSL/TLS certificate) challenges that require access to your Cloudflare-managed domains.
 
 **Never commit your API token to a public repository. Always keep it secure!**
@@ -58,4 +58,4 @@ Add the following permissions:
 Set the token in your Ansible inventory or secrets file:
 
 ```yaml
-certbot_dns_api_token: "cf_your_generated_token_here"
+CERTBOT_DNS_API_TOKEN: "cf_your_generated_token_here"