kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-24 11:06:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
4cb58bec0fadde736268c7202798fa7a28706a0d
computer-playbook/roles/sys-stk-front-proxy
History
Kevin Veen-Birkenbach 5d1210d651 feat(ai): introduce dedicated AI roles and wiring; clean up legacy AI stack 
• Add svc-ai category under roles and load it in constructor stage

• Create new 'svc-ai-ollama' role (vars, tasks, compose, meta, README) and dedicated network

• Refactor former AI stack into separate app roles: web-app-flowise and web-app-openwebui

• Add web-app-minio role; adjust config (no central DB), meta (fa-database, run_after), compose networks include, volume key

• Provide user-focused READMEs for Flowise, OpenWebUI, MinIO, Ollama

• Networks: add subnets for web-app-openwebui, web-app-flowise, web-app-minio; rename web-app-ai → svc-ai-ollama

• Ports: rename ai_* keys to web-app-openwebui / web-app-flowise; keep minio_api/minio_console

• Add group_vars/all/17_ai.yml (OLLAMA_BASE_LOCAL_URL, OLLAMA_LOCAL_ENABLED)

• Replace hardcoded include paths with path_join in multiple roles (svc-db-postgres, sys-service, sys-stk-front-proxy, sys-stk-full-stateful, sys-svc-webserver, web-svc-cdn, web-app-keycloak)

• Remove obsolete web-app-ai templates/vars/env; split Flowise into its own role

• Minor config cleanups (CSP flags to {}, central_database=false)

https://chatgpt.com/share/68d15cb8-cf18-800f-b853-78962f751f81
2025-09-22 18:40:20 +02:00
..
defaults
Implemented performance switch for Front Proxy
2025-09-16 13:58:46 +02:00
meta
Refactor role naming for TLS and proxy stack
2025-08-29 14:38:20 +02:00
tasks
feat(ai): introduce dedicated AI roles and wiring; clean up legacy AI stack
2025-09-22 18:40:20 +02:00
vars
Refactored server roles for better readability
2025-09-01 18:08:35 +02:00
README.md
Refactored server roles for better readability
2025-09-01 18:08:35 +02:00

README.md

Nginx Domain Setup 🚀

Description

This role bootstraps per-domain Nginx configuration: it requests TLS certificates, applies global modifiers, deploys a ready-made vHost file, and can optionally lock down access via OAuth2.

Overview

A higher-level orchestration wrapper, sys-stk-front-proxy ties together several lower-level roles:

  1. sys-front-inj-all applies global tweaks and includes.
  2. sys-svc-certs obtains Lets Encrypt certificates.
  3. Domain template deployment copies a Jinja2 vHost from sys-svc-proxy.
  4. web-app-oauth2-proxy (optional) protects the site with OAuth2.

The result is a complete, reproducible domain rollout in a single playbook task.

Purpose

Provide one-stop, idempotent domain provisioning for Nginx-based homelabs or small production environments.

Features

  • End-to-end TLS — certificate retrieval and secure headers included.
  • Template-driven vHosts — choose basic or ws_generic flavours (or your own).
  • Conditional OAuth2 — easily toggle authentication per application.
  • Handler-safe — automatically triggers an Nginx reload when templates change.
  • Composable — designed to be called repeatedly for many domains.

Credits 📝

Developed and maintained by Kevin Veen-Birkenbach.
Learn more at https://www.veen.world

Part of the Infinito.Nexus Project — licensed under the Infinito.Nexus NonCommercial License