kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 10:19:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
598f4e854a40d1f1a6cf168acaf911eea3d767c8
computer-playbook/roles/sys-util-csp-cert
History
Kevin Veen-Birkenbach e6803e5614 refactor(ansible): normalize include_role syntax and unify host config paths via path_join 
- Remove stray spaces after include_role: across many roles to ensure clean YAML and
  consistent linting/formatting.
- Listmonk:
  - Introduce LISTMONK_CONFIG_HOST = [ docker_compose.directories.config, 'config.toml' ] | path_join
  - Use that var in the template task (dest) and the docker-compose volume mount
- Matrix:
  - Build MATRIX_SYNAPSE_CONFIG_PATH_HOST, MATRIX_SYNAPSE_LOG_PATH_HOST, and
    MATRIX_ELEMENT_CONFIG_PATH_HOST via path_join
- Mobilizon:
  - Build mobilizon_host_conf_exs_file via path_join
  - Keep get_app_conf strictness unchanged (defaults to True in our filter), so behavior
    remains strict even though the explicit third arg was dropped
- Simpleicons:
  - Build server.js and package.json host paths via path_join
- Numerous web-app roles (Confluence, Discourse, EspoCRM, Friendica, Funkwhale, Gitea,
  GitLab, Jenkins, Joomla, Listmonk, Mailu, Mastodon, Matomo, Matrix, MediaWiki,
  Mobilizon, Moodle, Nextcloud, OpenProject, Peertube, Pixelfed, Pretix, Roulette Wheel,
  Snipe-IT, Syncope, Taiga, WordPress, XWiki, Yourls) and web-svc roles (coturn,
  libretranslate, simpleicons) updated for consistent include_role formatting

Why:
- path_join avoids double slashes and missing separators across different config roots
- Consistent include_role: formatting improves readability and prevents linter noise

Ref:
- Conversation: https://chatgpt.com/share/68d14711-727c-800f-b454-7dc4c3c1f4cb
2025-09-22 14:55:25 +02:00
..
meta
tasks
refactor(ansible): normalize include_role syntax and unify host config paths via path_join
2025-09-22 14:55:25 +02:00
README.md
Refactored server roles for better readability
2025-09-01 18:08:35 +02:00

README.md

Role: sys-util-csp-cert

This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow:

  1. sys-front-inj-all Injects global HTML snippets (CSS, Matomo tracking, iFrame notifier, custom JavaScript) into responses using Nginx sub_filter.
  2. sys-svc-certs Handles issuing, renewing, and managing TLS certificates via ACME/Certbot.

By combining encryption setup with content enhancements, this role streamlines domain provisioning for secure, fully-featured HTTP/HTTPS delivery.

Features

  • Unified HTTPS Orchestration Seamlessly sets up TLS and performs HTML-level content injections in one role.
  • Content Injection Adds global theming, analytics, and custom scripts before </head> and tracking noscript tags before </body>.
  • Certificate Management Automates cert issuance and renewal via sys-svc-certs.
  • Idempotent Workflow Ensures each component runs only once per domain.
  • Simplified Playbooks Call a single role to handle both security (TLS) and user-experience (injections).