Sys-stk-front-proxy Role¶

Description: No description available

Variables¶

author: Kevin Veen-Birkenbach
description: Automated domain provisioning (TLS, vHost, OAuth2) for Nginx.
license: Infinito.Nexus NonCommercial License
license_url: https://s.infinito.nexus/license
company: Kevin Veen-Birkenbach

Consulting & Coaching Solutions https://www.veen.world

min_ansible_version: 2.9
platforms: [{‘name’: ‘Archlinux’, ‘versions’: [‘rolling’]}]
galaxy_tags: [‘nginx’, ‘tls’, ‘letsencrypt’, ‘oauth2’, ‘automation’, ‘archlinux’]
repository: https://s.infinito.nexus/code
issue_tracker_url: https://s.infinito.nexus/issues
documentation: https://docs.infinito.nexus/

README¶

Nginx Domain Setup 🚀¶

Description¶

This role bootstraps per-domain Nginx configuration: it requests TLS certificates, applies global modifiers, deploys a ready-made vHost file, and can optionally lock down access via OAuth2.

Overview¶

A higher-level orchestration wrapper, sys-stk-front-proxy ties together several lower-level roles:

``sys-front-inj-all`` – applies global tweaks and includes.
``sys-svc-certs`` – obtains Let’s Encrypt certificates.
Domain template deployment – copies a Jinja2 vHost from sys-svc-proxy.
``web-app-oauth2-proxy`` (optional) – protects the site with OAuth2.

The result is a complete, reproducible domain rollout in a single playbook task.

Purpose¶

Provide one-stop, idempotent domain provisioning for Nginx-based homelabs or small production environments.

Features¶

End-to-end TLS — certificate retrieval and secure headers included.
Template-driven vHosts — choose basic or ws_generic flavours (or your own).
Conditional OAuth2 — easily toggle authentication per application.
Handler-safe — automatically triggers an Nginx reload when templates change.
Composable — designed to be called repeatedly for many domains.

Credits 📝¶

Developed and maintained by Kevin Veen-Birkenbach.

Learn more at https://www.veen.world

Part of the Infinito.Nexus Project — licensed under the Infinito.Nexus NonCommercial License