kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-08 18:35:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
379b1d420eb2814e4364f5f079846df6856ede13
computer-playbook/roles/sys-svc-webserver-https
History
Kevin Veen-Birkenbach 716ebef33b Refactor task includes and update variable handling for Ansible 2.20 migration 
This commit updates multiple roles to ensure compatibility with Ansible 2.20.
Several include paths and task-loading mechanisms required adjustments,
as Ansible 2.20 applies stricter evaluation rules for complex Jinja expressions
and no longer resolves certain relative include paths the way Ansible 2.18 did.

Key changes:
- Replaced legacy once_finalize.yml and once_flag.yml with the new structure
  under tasks/utils/once/finalize.yml and tasks/utils/once/flag.yml.
- Updated all include_tasks statements to use 'path_join' with playbook_dir,
  ensuring deterministic and absolute file resolution across roles.
- Fixed all network helper includes by converting direct relative paths such as
  'roles/docker-compose/tasks/utils/network.yml' to proper Jinja-evaluated paths.
- Normalized MATOMO_* variable names for consistency with the updated variable
  scope behavior in Ansible 2.20.
- Removed deprecated patterns that were implicitly supported in Ansible 2.18
  but break under the more strict variable and path resolution model in 2.20.

These changes are part of the full migration step required to ensure the
infinito-nexus roles remain stable, deterministic, and forward-compatible with
Ansible 2.20.

Details of the discussion and reasoning can be found in this conversation:
https://chatgpt.com/share/69300a8d-24d4-800f-bec0-e895a695618a
2025-12-03 11:02:34 +01:00
..
meta
tasks
Refactor task includes and update variable handling for Ansible 2.20 migration
2025-12-03 11:02:34 +01:00
README.md

README.md

Webserver HTTPS Provisioning 🚀

Description

The sys-svc-webserver-https role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS:

  1. Ensures your Nginx server is configured for SSL/TLS.
  2. Pulls in Lets Encrypt ACME challenge handling.
  3. Applies global cleanup of unused domain configs.

This role is built on top of your existing sys-svc-webserver-core role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.

Overview

When you apply sys-svc-webserver-https, it will:

  1. Include the sys-svc-webserver-core role to install and configure Nginx.
  2. Clean up any stale vHost files under sys-svc-cln-domains.
  3. Deploy the Lets Encrypt challenge-and-redirect snippet from sys-svc-letsencrypt.
  4. Reload Nginx automatically when any template changes.

All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs.

Features

  • 🔒 Automatic HTTPS Redirect
    Sets up port 80 → 443 redirect and serves /.well-known/acme-challenge/ for Certbot.

  • 🔑 Lets Encrypt Integration
    Pulls in challenge configuration and CAA-record management for automatic certificate issuance and renewal.

  • 🧹 Domain Cleanup
    Removes obsolete or orphaned server blocks before enabling HTTPS.

  • 🚦 Handler-Safe
    Triggers an Nginx reload only when necessary, minimizing service interruptions.

License

This role is released under the Infinito.Nexus NonCommercial License. See https://s.infinito.nexus/license for details.

Author

Developed and maintained by Kevin Veen-Birkenbach Consulting & Coaching Solutions https://www.veen.world

Reference in New Issue View Git Blame Copy Permalink