mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-10 18:58:10 +02:00
Kevin Veen-Birkenbach
a817d964e4
- Extract common HTTPS + Cloudflare + handler bootstrap into new role sys-stk-front-base - Update sys-stk-front-proxy, web-svc-cdn, web-svc-file, web-svc-html to depend on sys-stk-front-base - Add new sys-stk-semi-stateless role combining front-base + back-stateless - Update web-svc-coturn to use sys-stk-semi-stateless and rewrite README/meta with detailed Coturn description - Unify sys-util-csp-cert README heading Ref: ChatGPT conversation https://chatgpt.com/share/68d6cea2-3570-800f-acb3-c3277317f17b
24 lines
1.1 KiB
Markdown
24 lines
1.1 KiB
Markdown
# sys-util-csp-cert
|
|
|
|
This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow:
|
|
|
|
1. **`sys-front-inj-all`**
|
|
Injects global HTML snippets (CSS, Matomo tracking, iFrame notifier, custom JavaScript) into responses using Nginx `sub_filter`.
|
|
2. **`sys-svc-certs`**
|
|
Handles issuing, renewing, and managing TLS certificates via ACME/Certbot.
|
|
|
|
By combining encryption setup with content enhancements, this role streamlines domain provisioning for secure, fully-featured HTTP/HTTPS delivery.
|
|
|
|
## Features
|
|
|
|
* **Unified HTTPS Orchestration**
|
|
Seamlessly sets up TLS and performs HTML-level content injections in one role.
|
|
* **Content Injection**
|
|
Adds global theming, analytics, and custom scripts before `</head>` and tracking noscript tags before `</body>`.
|
|
* **Certificate Management**
|
|
Automates cert issuance and renewal via `sys-svc-certs`.
|
|
* **Idempotent Workflow**
|
|
Ensures each component runs only once per domain.
|
|
* **Simplified Playbooks**
|
|
Call a single role to handle both security (TLS) and user-experience (injections).
|