Renamed general and mode constants and implemented a check to verify that constants are just defined ones over the whole repository

2025-09-08 03:07:14 +02:00 · 2025-08-13 19:10:44 +02:00
parent 004507e233
commit db0e030900
171 changed files with 474 additions and 345 deletions
--- a/roles/srv-web-6-6-tls-core/README.md
+++ b/roles/srv-web-6-6-tls-core/README.md
@@ -24,7 +24,7 @@ The Nginx HTTPS Certificate Retrieval role ensures that your Nginx-served domain
 - **ACME Challenge Selection:** Supports DNS plugins or webroot method automatically.
 - **Wildcard Certificate Management:** Issues wildcard certificates when configured, saving effort for subdomain-heavy deployments.
 - **Safe Cleanup:** Ensures that no unused certificates are left behind.
- **Flexible Control:** Supports `mode_test` for staging environment testing and `mode_cleanup` for cert cleanup operations.
+- **Flexible Control:** Supports `MODE_TEST` for staging environment testing and `MODE_CLEANUP` for cert cleanup operations.

 ## 🔗 Learn More

--- a/roles/srv-web-6-6-tls-core/tasks/flavors/dedicated.yml
+++ b/roles/srv-web-6-6-tls-core/tasks/flavors/dedicated.yml
@@ -1,7 +1,7 @@
 - name: "Check if certificate already exists for {{ domain }}"
  cert_check_exists:
    domain: "{{ domain }}"
-    cert_base_path: "{{ letsencrypt_live_path }}"
+    cert_base_path: "{{ LETSENCRYPT_LIVE_PATH }}"
  register: cert_check

 - name: "receive certificate for {{ domain }}"
@@ -10,21 +10,21 @@
    --agree-tos 
    --email {{ users.administrator.email }}
    --non-interactive 
-    {% if certbot_acme_challenge_method != "webroot" %}
-    --dns-{{ certbot_acme_challenge_method }}
-    --dns-{{ certbot_acme_challenge_method }}-credentials {{ certbot_credentials_file }}
-    --dns-{{ certbot_acme_challenge_method }}-propagation-seconds {{ certbot_dns_propagation_wait_seconds }}
+    {% if CERTBOT_ACME_CHALLENGE_METHOD != "webroot" %}
+    --dns-{{ CERTBOT_ACME_CHALLENGE_METHOD }}
+    --dns-{{ CERTBOT_ACME_CHALLENGE_METHOD }}-credentials {{ CERTBOT_CREDENTIALS_FILE }}
+    --dns-{{ CERTBOT_ACME_CHALLENGE_METHOD }}-propagation-seconds {{ CERTBOT_DNS_PROPAGATION_WAIT_SECONDS }}
    {% else %}
    --webroot 
-    -w {{ letsencrypt_webroot_path }}
+    -w {{ LETSENCRYPT_WEBROOT_PATH }}
    {% endif %}
    {% if wildcard_domain is defined and ( wildcard_domain | bool ) %}
-    -d {{ primary_domain }} 
-    -d *.{{ primary_domain }}
+    -d {{ PRIMARY_DOMAIN }} 
+    -d *.{{ PRIMARY_DOMAIN }}
    {% else %}
    -d {{ domain }}
    {% endif %}
-    {{ '--test-cert' if mode_test | bool else '' }}
+    {{ '--test-cert' if MODE_TEST | bool else '' }}
  register: certbot_result
  changed_when: "'Certificate not yet due for renewal' not in certbot_result.stdout"
  when: not cert_check.exists
--- a/roles/srv-web-6-6-tls-core/tasks/flavors/san.yml
+++ b/roles/srv-web-6-6-tls-core/tasks/flavors/san.yml
@@ -10,15 +10,15 @@
        certbundle
        --domains "{{ current_play_domains_all | join(',') }}"
        --certbot-email "{{ users.administrator.email }}"
-        --certbot-acme-challenge-method "{{ certbot_acme_challenge_method }}"
+        --certbot-acme-challenge-method "{{ CERTBOT_ACME_CHALLENGE_METHOD }}"
        --chunk-size 100
-        {% if certbot_acme_challenge_method != 'webroot' %}
-        --certbot-credentials-file "{{ certbot_credentials_file }}"
-        --certbot-dns-propagation-seconds "{{ certbot_dns_propagation_wait_seconds }}"
+        {% if CERTBOT_ACME_CHALLENGE_METHOD != 'webroot' %}
+        --certbot-credentials-file "{{ CERTBOT_CREDENTIALS_FILE }}"
+        --certbot-dns-propagation-seconds "{{ CERTBOT_DNS_PROPAGATION_WAIT_SECONDS }}"
        {% else %}
-        --letsencrypt-webroot-path "{{ letsencrypt_webroot_path }}"
+        --letsencrypt-webroot-path "{{ LETSENCRYPT_WEBROOT_PATH }}"
        {% endif %}
-        {{ '--mode-test' if mode_test | bool else '' }}
+        {{ '--mode-test' if MODE_TEST | bool else '' }}
      register: certbundle_result
      changed_when: "'Certificate not yet due for renewal' not in certbundle_result.stdout"
      failed_when: >
--- a/roles/srv-web-6-6-tls-core/tasks/flavors/wildcard.yml
+++ b/roles/srv-web-6-6-tls-core/tasks/flavors/wildcard.yml
@@ -3,7 +3,7 @@
  vars:
    wildcard_domain: true
  when: 
-    - domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
+    - domain.split('.') | length == (PRIMARY_DOMAIN.split('.') | length + 1) and domain.endswith(PRIMARY_DOMAIN)
    - run_once_receive_certificate is not defined  

 - name: "Load dedicated certificate for domain"
@@ -11,7 +11,7 @@
  vars:
    wildcard_domain: false
  when: 
-    - not (domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain))
+    - not (domain.split('.') | length == (PRIMARY_DOMAIN.split('.') | length + 1) and domain.endswith(PRIMARY_DOMAIN))

 - name: run the receive_certificate tasks once
  set_fact:
--- a/roles/srv-web-6-6-tls-core/tasks/main.yml
+++ b/roles/srv-web-6-6-tls-core/tasks/main.yml
@@ -6,20 +6,20 @@
  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_6_6_tls_core is not defined

- name: "Include flavor '{{ certbot_flavor }}' for '{{ domain }}'"
-  include_tasks: "{{ role_path }}/tasks/flavors/{{ certbot_flavor }}.yml"
+- name: "Include flavor '{{ CERTBOT_FLAVOR }}' for '{{ domain }}'"
+  include_tasks: "{{ role_path }}/tasks/flavors/{{ CERTBOT_FLAVOR }}.yml"

 #- name: "Cleanup dedicated cert for {{ domain }}"
 #  command: >-
 #    certbot delete --cert-name {{ domain }} --non-interactive
 #  when: 
-#    - mode_cleanup | bool
+#    - MODE_CLEANUP | bool
 #      # Cleanup mode is enabled
-#    - certbot_flavor != 'dedicated'
+#    - CERTBOT_FLAVOR != 'dedicated'
 #      # Wildcard certificate is enabled
-#    - domain.split('.') | length == (primary_domain.split('.') | length + 1) and domain.endswith(primary_domain)
+#    - domain.split('.') | length == (PRIMARY_DOMAIN.split('.') | length + 1) and domain.endswith(PRIMARY_DOMAIN)
 #      # AND: The domain is a direct first-level subdomain of the primary domain
-#    - domain != primary_domain  
+#    - domain != PRIMARY_DOMAIN  
 #      # The domain is not the primary domain
 #  register: certbot_result
 #  failed_when: certbot_result.rc != 0 and ("No certificate found with name" not in certbot_result.stderr)
@@ -28,8 +28,8 @@
 - name: "Find SSL cert folder for '{{ domain }}'"
  cert_folder_find:
    domain: "{{ domain }}"
-    cert_base_path: "{{ letsencrypt_live_path }}"
-    debug: "{{ enable_debug | default(false) }}"
+    cert_base_path: "{{ LETSENCRYPT_LIVE_PATH }}"
+    debug: "{{ MODE_DEBUG | default(false) }}"
  register: cert_folder_result
  delegate_to: "{{ inventory_hostname }}"
  changed_when: false