mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-09-09 19:57:16 +02:00
Kevin Veen-Birkenbach
231fd567b3
Introduce sys-svc-cdn (cdn_paths/cdn_urls/cdn_dirs) and ensure CDN directories + latest symlink. Rename sys-srv-web-inj-* → sys-front-inj-*; update includes/templates; serve shared/per-app CSS & JS via CDN. Add lookup_plugins/local_mtime_qs.py for mtime-based cache busting; split CSS into default.css/bootstrap.css + optional per-app style.css. CSP: use style-src-elem; drop unsafe-inline for styles. Services: fix SYS_SERVICE_ALL_ENABLED bool and controlled flush. BREAKING CHANGE: role names changed; replace includes and references accordingly. Conversation: https://chatgpt.com/share/68b55494-9ec4-800f-b559-44707029141d
1.1 KiB
1.1 KiB
Role: srv-composer
This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow:
sys-front-inj-allInjects global HTML snippets (CSS, Matomo tracking, iFrame notifier, custom JavaScript) into responses using Nginxsub_filter.sys-svc-certsHandles issuing, renewing, and managing TLS certificates via ACME/Certbot.
By combining encryption setup with content enhancements, this role streamlines domain provisioning for secure, fully-featured HTTP/HTTPS delivery.
Features
- Unified HTTPS Orchestration Seamlessly sets up TLS and performs HTML-level content injections in one role.
- Content Injection
Adds global theming, analytics, and custom scripts before
</head>and tracking noscript tags before</body>. - Certificate Management
Automates cert issuance and renewal via
sys-svc-certs. - Idempotent Workflow Ensures each component runs only once per domain.
- Simplified Playbooks Call a single role to handle both security (TLS) and user-experience (injections).