From fc0bdbea9aff50a2ab263797493b67dac7b21df1 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Thu, 4 Dec 2025 10:48:45 +0100
Subject: [PATCH] Implemented SSL_ENABLED

---
 roles/sys-svc-letsencrypt/templates/ssl_header.j2   | 7 ++++++-
 roles/sys-util-csp-cert/tasks/main.yml              | 1 +
 roles/web-app-mailu/tasks/01_core.yml               | 1 +
 roles/web-app-matrix/tasks/03_webserver.yml         | 1 +
 roles/web-app-peertube/tasks/_create-domains.yml    | 1 +
 roles/web-opt-rdr-domains/tasks/redirect-domain.yml | 1 +
 6 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/roles/sys-svc-letsencrypt/templates/ssl_header.j2 b/roles/sys-svc-letsencrypt/templates/ssl_header.j2
index 4505144f..9d32c99c 100644
--- a/roles/sys-svc-letsencrypt/templates/ssl_header.j2
+++ b/roles/sys-svc-letsencrypt/templates/ssl_header.j2
@@ -1,3 +1,4 @@
+{% if SSL_ENABLED | bool %}
 listen {{ WEB_PORT }} ssl http2;
 listen [::]:{{ WEB_PORT }} ssl http2;
 
@@ -12,4 +13,8 @@ ssl_session_tickets on;
 add_header Strict-Transport-Security max-age=15768000;
 ssl_stapling on;
 ssl_stapling_verify on;
-{% include 'roles/sys-svc-letsencrypt/templates/ssl_credentials.j2' %}
\ No newline at end of file
+{% include 'roles/sys-svc-letsencrypt/templates/ssl_credentials.j2' %}
+{% else %}
+listen {{ WEB_PORT }};
+listen [::]:{{ WEB_PORT }};
+{% endif %}
\ No newline at end of file
diff --git a/roles/sys-util-csp-cert/tasks/main.yml b/roles/sys-util-csp-cert/tasks/main.yml
index e684df9f..593bbd5c 100644
--- a/roles/sys-util-csp-cert/tasks/main.yml
+++ b/roles/sys-util-csp-cert/tasks/main.yml
@@ -7,3 +7,4 @@
 - name: "include role sys-svc-certs for '{{ domain }}'"
   include_role:
     name: sys-svc-certs
+  when: SSL_ENABLED | bool
\ No newline at end of file
diff --git a/roles/web-app-mailu/tasks/01_core.yml b/roles/web-app-mailu/tasks/01_core.yml
index 20af0f0f..6cfde355 100644
--- a/roles/web-app-mailu/tasks/01_core.yml
+++ b/roles/web-app-mailu/tasks/01_core.yml
@@ -35,6 +35,7 @@
 - name: "Include Cert deploy service for '{{ role_name }}'"
   include_role:
     name: sys-ctl-mtn-cert-deploy
+  when: SSL_ENABLED | bool
 
 - name: "Flush Docker Compose handlers"
   meta: flush_handlers
diff --git a/roles/web-app-matrix/tasks/03_webserver.yml b/roles/web-app-matrix/tasks/03_webserver.yml
index 137c1ab7..feb0f4f4 100644
--- a/roles/web-app-matrix/tasks/03_webserver.yml
+++ b/roles/web-app-matrix/tasks/03_webserver.yml
@@ -22,6 +22,7 @@
   vars:
     domain:     "{{ MATRIX_SYNAPSE_DOMAIN }}"
     http_port:  "{{ MATRIX_SYNAPSE_PORT }}"
+  when: SSL_ENABLED | bool
 
 - name: create {{ MATRIX_SYNAPSE_DOMAIN }}.conf
   template:
diff --git a/roles/web-app-peertube/tasks/_create-domains.yml b/roles/web-app-peertube/tasks/_create-domains.yml
index f90113eb..d722ba35 100644
--- a/roles/web-app-peertube/tasks/_create-domains.yml
+++ b/roles/web-app-peertube/tasks/_create-domains.yml
@@ -1,6 +1,7 @@
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
     name: sys-util-csp-cert
+  when: SSL_ENABLED | bool
 
 - name: configure {{ domain }}.conf
   template:
diff --git a/roles/web-opt-rdr-domains/tasks/redirect-domain.yml b/roles/web-opt-rdr-domains/tasks/redirect-domain.yml
index 6e11dd51..07e97cdb 100644
--- a/roles/web-opt-rdr-domains/tasks/redirect-domain.yml
+++ b/roles/web-opt-rdr-domains/tasks/redirect-domain.yml
@@ -1,6 +1,7 @@
 - name: "include task receive certbot certificate"
   include_role:
     name: sys-svc-certs
+  when: SSL_ENABLED | bool
 
 - name: "Deploying NGINX redirect configuration for '{{ domain }}'"
   template: