mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-09 18:28:10 +02:00

Files

Kevin Veen-Birkenbach a817d964e4 refactor(front-stack): introduce sys-stk-front-base and semi-stateless stack; improve coturn role docs

- Extract common HTTPS + Cloudflare + handler bootstrap into new role sys-stk-front-base
- Update sys-stk-front-proxy, web-svc-cdn, web-svc-file, web-svc-html to depend on sys-stk-front-base
- Add new sys-stk-semi-stateless role combining front-base + back-stateless
- Update web-svc-coturn to use sys-stk-semi-stateless and rewrite README/meta with detailed Coturn description
- Unify sys-util-csp-cert README heading

Ref: ChatGPT conversation https://chatgpt.com/share/68d6cea2-3570-800f-acb3-c3277317f17b

2025-09-26 20:25:53 +02:00

README.md

sys-util-csp-cert

This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow:

sys-front-inj-all Injects global HTML snippets (CSS, Matomo tracking, iFrame notifier, custom JavaScript) into responses using Nginx sub_filter.
sys-svc-certs Handles issuing, renewing, and managing TLS certificates via ACME/Certbot.

By combining encryption setup with content enhancements, this role streamlines domain provisioning for secure, fully-featured HTTP/HTTPS delivery.

Features

Unified HTTPS Orchestration Seamlessly sets up TLS and performs HTML-level content injections in one role.
Content Injection Adds global theming, analytics, and custom scripts before </head> and tracking noscript tags before </body>.
Certificate Management Automates cert issuance and renewal via sys-svc-certs.
Idempotent Workflow Ensures each component runs only once per domain.
Simplified Playbooks Call a single role to handle both security (TLS) and user-experience (injections).