6 Commits

Author	SHA1	Message	Date
Kevin Veen-Birkenbach	c835ca8f2c	refactor(front-injection): stabilize run_once flow and explicit web-service loading ... - sys-front-inj-all: load web-svc-cdn and web-svc-logout once; reinitialize inj_enabled after services; move run_once block to top; reorder injections. - sys-front-inj-css: move run_once call into 01_core; fix app_style_present default; simplify main. - sys-front-inj-desktop/js/matomo: deactivate per-role run_once blocks; keep utils/run_once where appropriate. - sys-front-inj-logout: switch to files/logout.js + copy; update head_sub mtime lookup; mark set_fact tasks unchanged. - sys-svc-cdn: inline former 01_core tasks into main; ensure shared/vendor dirs and set run_once in guarded block; remove 01_core.yml. Rationale: prevent cascading 'false_condition: run_once_sys_svc_cdn is not defined' skips by setting run-once facts only after the necessary tasks and avoiding parent-scope guards; improves determinism and handler flushing. Conversation: https://chatgpt.com/share/68ecfaa5-94a0-800f-b1b6-2b969074651f	2025-10-13 15:12:23 +02:00
Kevin Veen-Birkenbach	a996e2190f	feat(logout): wire injector to web-svc-logout and add robust CORS/CSP for /logout ... - sys-front-inj-logout: depend on web-svc-logout (run-once guarded) and simplify task flow. - web-svc-logout: align feature flags/formatting and extend CSP: - add cdn.jsdelivr.net to connect/script/style and quote values. - Nginx: move CORS config into logout-proxy.conf.j2 with dynamic vars: - Access-Control-Allow-Origin set to canonical logout origin, - Allow-Credentials=true, - Allow-Methods=GET, OPTIONS, - basic headers list (Accept, Authorization), - cache disabled for /logout responses. - Drop obsolete CORS var passing from 01_core.yml; headers now templated at proxy layer. Prepares clean cross-origin logout orchestration from https://logout.veen.world. Refs: ChatGPT discussion – https://chatgpt.com/share/68ebb75f-0170-800f-93c5-e5cb438b8ed4	2025-10-12 16:16:47 +02:00
Kevin Veen-Birkenbach	97af4990aa	refactor(webserver): rename roles and update references ... - Rename sys-svc-webserver -> sys-svc-webserver-core - Rename sys-stk-front-pure -> sys-svc-webserver-https - Update includes, run_once flags, and docs across: * sys-ctl-mtn-cert-renew * sys-front-inj-* * sys-stk-front-proxy * sys-svc-certs * sys-svc-cln-domains * web-opt-rdr-* * web-svc-* - Remove redundant webserver include in web-opt-rdr-www - Fix documentation links Ref: ChatGPT conversation https://chatgpt.com/share/68d6cea2-3570-800f-acb3-c3277317f17b	2025-09-26 19:34:42 +02:00
Kevin Veen-Birkenbach	b02d88adc0	Refactored server roles for better readability	2025-09-01 18:08:35 +02:00
Kevin Veen-Birkenbach	6fa4d00547	Refactor CDN and run_once handling ... - Move run_once include from main.yml to 01_core.yml in desk-gnome-caffeine and desk-ssh - Introduce sys-svc-cdn/01_core.yml to handle shared/vendor dirs once and role dirs per run - Replace cdn.* with cdn_paths_all.* across inj roles - Split cdn_dirs into cdn_dirs_role and CDN_DIRS_GLOBAL - Ensure cdn_urls uses cdn_paths_all Details: https://chatgpt.com/share/68b58d64-1e28-800f-8907-36926a9e9a9b	2025-09-01 14:11:36 +02:00
Kevin Veen-Birkenbach	231fd567b3	feat(frontend): rename inj roles to sys-front-*, add sys-svc-cdn, cache-busting lookup ... Introduce sys-svc-cdn (cdn_paths/cdn_urls/cdn_dirs) and ensure CDN directories + latest symlink. Rename sys-srv-web-inj-* → sys-front-inj-*; update includes/templates; serve shared/per-app CSS & JS via CDN. Add lookup_plugins/local_mtime_qs.py for mtime-based cache busting; split CSS into default.css/bootstrap.css + optional per-app style.css. CSP: use style-src-elem; drop unsafe-inline for styles. Services: fix SYS_SERVICE_ALL_ENABLED bool and controlled flush. BREAKING CHANGE: role names changed; replace includes and references accordingly. Conversation: https://chatgpt.com/share/68b55494-9ec4-800f-b559-44707029141d	2025-09-01 10:10:23 +02:00