kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-27 05:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/sys-ctl-hlth-csp
History
Kevin Veen-Birkenbach 26b392ea76
refactor!: replace sys-systemctl with sys-service, add sys-daemon, and rename systemctl_* → system_service_* across repo 
- Swap role includes: sys-systemctl → sys-service in all roles
- Rename variables everywhere: systemctl_* → system_service_* (incl. systemctl_id → system_service_id)
- Templates: ExecStart now uses {{ system_service_script_exec }}; add optional RuntimeMaxSec via SYS_SERVICE_DEFAULT_RUNTIME
- Move SYS_SERVICE defaults into roles/sys-service/defaults (remove SYS_SERVICE_ALL_ENABLED & SYS_SERVICE_DEFAULT_STATE from group_vars/07_services.yml)
- Tidy group_vars/all/08_timer.yml formatting
- Introduce roles/sys-daemon:
  - default manager timeouts (timeouts.conf)
  - optional purge of /etc/systemd/system.conf.d
  - validation via systemd-analyze verify
  - handlers for daemon-reload & daemon-reexec
- Refactor sys-timer to system_service_* variables (docs and templates updated)
- Move filter_plugins/filetype.py under sys-service
- Update meta/README to point to official systemd docs
- Touch many roles (backup/cleanup/health/repair/certs/nginx/csp/wireguard/ssd-hdd/keyboard/update-docker/alarm compose/email/telegram/etc.) to new naming

BREAKING CHANGE:
- Role path/name change: use `sys-service` instead of `sys-systemctl`
- All `systemctl_*` vars are now `system_service_*` (e.g., on_calendar, state, timer_enabled, script_exec, id)
- If you have custom templates, adopt RuntimeMaxSec and new variable names

Chat context: https://chatgpt.com/share/68a47568-312c-800f-af3f-e98575446327
2025-08-19 15:00:44 +02:00
..
files
Refactor systemctl services and timers
2025-08-18 21:22:16 +02:00
handlers
Refactor systemctl services and timers
2025-08-18 21:22:16 +02:00
meta
Refactor systemctl services and categories due to alarm bugs
2025-08-18 13:35:43 +02:00
tasks
refactor!: replace sys-systemctl with sys-service, add sys-daemon, and rename systemctl_* → system_service_* across repo
2025-08-19 15:00:44 +02:00
templates
refactor!: replace sys-systemctl with sys-service, add sys-daemon, and rename systemctl_* → system_service_* across repo
2025-08-19 15:00:44 +02:00
vars
refactor!: replace sys-systemctl with sys-service, add sys-daemon, and rename systemctl_* → system_service_* across repo
2025-08-19 15:00:44 +02:00
README.md
Refactor systemctl services and categories due to alarm bugs
2025-08-18 13:35:43 +02:00

README.md

Health CSP Crawler

Description

This Ansible role automates the validation of Content Security Policy (CSP) enforcement for all configured domains by crawling them using a CSP Checker.

Overview

Designed for Archlinux systems, this role periodically checks whether web resources (JavaScript, fonts, images, etc.) are blocked by CSP headers. It integrates Python and Node.js tooling and installs a systemd service with timer support.

Features

  • CSP Resource Validation: Uses Puppeteer to simulate browser requests and detect blocked resources.
  • Domain Extraction: Parses all .conf files in the NGINX config folder to determine the list of domains to check.
  • Automated Execution: Registers a systemd service and timer for recurring health checks.
  • Error Notification: Integrates with sys-ctl-alm-compose for alerting on failure.

License

Infinito.Nexus NonCommercial License https://s.infinito.nexus/license

Author

Kevin Veen-Birkenbach Consulting & Coaching Solutions https://www.veen.world