Implement dynamic TimeoutStartSec filter for domains and update roles

- Added new filter plugin 'timeout_start_sec_for_domains' to calculate TimeoutStartSec based on number of domains.
- Updated sys-ctl-hlth-csp and sys-ctl-hlth-webserver tasks to use the filter.
- Removed obsolete systemctl.service.j2 in sys-ctl-hlth-csp.
- Adjusted variable naming (CURRENT_PLAY_DOMAINS_ALL etc.) in multiple roles.
- Updated srv-letsencrypt and sys-svc-certs to use uppercase vars.
- Switched pretix role to sys-stk-full-stateful and removed leftover javascript.js.
- Added unittests for the new filter under tests/unit/filter_plugins.

See conversation: https://chatgpt.com/share/68b1ae9a-1ac0-800f-b49d-2915386a1a23

roles/srv-letsencrypt/vars/main.yml

@@ -1,4 +1,4 @@
 caa_entries:
 - tag: issue
   value: letsencrypt.org
-base_sld_domains: '{{ current_play_domains_all | generate_base_sld_domains }}'
+base_sld_domains: '{{ CURRENT_PLAY_DOMAINS_ALL | generate_base_sld_domains }}'

roles/sys-ctl-hlth-csp/tasks/01_core.yml

@@ -16,4 +16,5 @@
     system_service_on_calendar:           "{{ SYS_SCHEDULE_HEALTH_CSP_CRAWLER }}"
     system_service_timer_enabled:         true
     system_service_tpl_on_failure:        "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
-    system_service_tpl_timeout_start_sec: 15min
+    system_service_tpl_timeout_start_sec: "{{ CURRENT_PLAY_DOMAINS_ALL | timeout_start_sec_for_domains }}"
+    system_service_tpl_exec_start:        "{{ system_service_script_exec }} --nginx-config-dir={{ NGINX.DIRECTORIES.HTTP.SERVERS }}"

roles/sys-ctl-hlth-csp/templates/systemctl.service.j2

@@ -1,7 +0,0 @@
-[Unit]
-Description=Check for CSP-blocked resources via Puppeteer
-OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
-
-[Service]
-Type=oneshot
-ExecStart={{ system_service_script_exec }} --nginx-config-dir={{ NGINX.DIRECTORIES.HTTP.SERVERS }}

roles/sys-ctl-hlth-webserver/tasks/01_core.yml

@@ -16,6 +16,7 @@
 - include_role:
     name: sys-service
   vars:
-    system_service_on_calendar:     "{{ SYS_SCHEDULE_HEALTH_NGINX }}"
-    system_service_timer_enabled:   true
-    system_service_tpl_on_failure:  "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
+    system_service_on_calendar:           "{{ SYS_SCHEDULE_HEALTH_NGINX }}"
+    system_service_timer_enabled:         true
+    system_service_tpl_on_failure:        "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
+    system_service_tpl_timeout_start_sec: "{{ CURRENT_PLAY_DOMAINS_ALL | timeout_start_sec_for_domains }}"

roles/sys-svc-certs/tasks/flavors/_san.yml

@@ -8,7 +8,7 @@
 - name: Generate SAN certificate with certbundle
   command: >-
     certbundle
-    --domains "{{ current_play_domains_all | join(',') }}"
+    --domains "{{ CURRENT_PLAY_DOMAINS_ALL | join(',') }}"
     --certbot-email "{{ users.administrator.email }}"
     --certbot-acme-challenge-method "{{ CERTBOT_ACME_CHALLENGE_METHOD }}"
     --chunk-size 100

roles/web-app-pretix/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - block:
-  - name: "load docker and db for {{ application_id }}"
+  - name: "load docker, db and proxy for {{ application_id }}"
     include_role: 
-      name: sys-stk-back-stateful
+      name: sys-stk-full-stateful
   - include_tasks: utils/run_once.yml
   when: run_once_web_app_pretix is not defined

roles/web-app-pretix/templates/javascript.js

@@ -1 +0,0 @@
-alert('Custom JS loaded');

roles/web-opt-rdr-www/vars/main.yml

@@ -3,4 +3,4 @@ application_id:       "web-opt-rdr-www"
 
 # Redirect WWW
 REDIRECT_WWW_FLAVOR:  "{{ applications | get_app_conf(application_id, 'prefered_flavor') if DNS_PROVIDER == 'cloudflare' else 'origin' }}"
-REDIRECT_WWW_DOMAINS: "{{ current_play_domains_all | select('match', '^www\\.') | list }}"
+REDIRECT_WWW_DOMAINS: "{{ CURRENT_PLAY_DOMAINS_ALL | select('match', '^www\\.') | list }}"