Great docker refactoring

2025-07-07 09:05:15 +02:00 · 2025-07-06 18:53:45 +02:00 · 2025-07-06 18:53:45 +02:00 · 0347d238c2
commit 0347d238c2
parent bd9e43506f
27 changed files with 107 additions and 119 deletions
--- a/cli/deploy.py
+++ b/cli/deploy.py
@ -27,9 +27,6 @@ def run_ansible_playbook(inventory, playbook, modes, limit=None, allowed_applica
    if allowed_applications:
        joined = ",".join(allowed_applications)
        cmd.extend(["-e", f"allowed_applications={joined}"])
    else:
        # No IDs provided: execute all applications defined in the inventory
        cmd.extend(["-e", "allowed_applications=all"])
    # Pass other mode flags
    for key, value in modes.items():
--- a/roles/docker-attendize/TODO.md
+++ b/roles/docker-attendize/TODO.md
@ -1 +1,3 @@
- Implement this role
+# Todo
 - Implement this role
 - refactore main.yml
--- a/roles/docker-compose/defaults/main.yml
+++ b/roles/docker-compose/defaults/main.yml
@ -1 +1,2 @@
-docker_compose_skipp_file_creation: false # If set to true the file creation will be skipped
+docker_compose_skipp_file_creation: false # If set to true the file creation will be skipped
 docker_repository:                  true  # Activates docker repository download and routine
--- a/roles/docker-compose/handlers/main.yml
+++ b/roles/docker-compose/handlers/main.yml
@ -8,6 +8,14 @@
 #  listen: docker compose up
 #  when: mode_reset | bool
 - name: rebuild docker repository
  command:
    cmd:   docker compose build
    chdir: "{{docker_repository_path}}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
    DOCKER_CLIENT_TIMEOUT: 600
 # default setup for docker compose files
 - name: docker compose up
  shell: docker-compose -p {{ application_id }} up -d --force-recreate --remove-orphans --build
--- a/roles/docker-compose/tasks/create-files.yml
+++ b/roles/docker-compose/tasks/create-files.yml
@ -1,10 +1,10 @@
- name: Create (optional) Dockerfile
+- name: "Create (optional) Dockerfile for {{ application_id }}"
  template:
    src: "{{ item }}"
    dest: "{{ docker_compose.files.dockerfile }}"
-  with_first_found:
+  loop:
-    - "{{ playbook_dir }}/roles/{{ role_name }}/templates/Dockerfile.j2"
+    - "{{ playbook_dir }}/roles/docker-{{ application_id }}/templates/Dockerfile.j2"
-    - "{{ playbook_dir }}/roles/{{ role_name }}/files/Dockerfile"
+    - "{{ playbook_dir }}/roles/docker-{{ application_id }}/files/Dockerfile"
  notify: docker compose up
  register: create_dockerfile_result
  failed_when:
@ -19,9 +19,9 @@
    force:        yes
  notify:         docker compose up
  register:       env_template
-  with_first_found:
+  loop:
-    - "{{ playbook_dir }}/roles/{{ role_name }}/templates/env.j2"
+    - "{{ playbook_dir }}/roles/docker-{{ application_id }}/templates/env.j2"
-    - "{{ playbook_dir }}/roles/{{ role_name }}/files/env"
+    - "{{ playbook_dir }}/roles/docker-{{ application_id }}/files/env"
  failed_when:
    - env_template is failed
    - "'Could not find or access' not in env_template.msg"
--- a/roles/docker-compose/tasks/main.yml
+++ b/roles/docker-compose/tasks/main.yml
@ -16,5 +16,8 @@
    mode: '0755'
  with_dict: "{{ docker_compose.directories }}"
- include_tasks: "create-files.yml"
+- include_tasks: "repository.yml"
  when: docker_repository | bool
 - include_tasks: "files.yml"
  when: not docker_compose_skipp_file_creation | bool
--- a/roles/docker-repository-setup/tasks/main.yml
+++ b/roles/docker-repository-setup/tasks/main.yml
--- a/roles/docker-ldap/docs/Administration.md
+++ b/roles/docker-ldap/docs/Administration.md
@ -68,5 +68,5 @@ docker exec -i ldap \
    -D "$LDAP_ADMIN_DN" \
    -w "$LDAP_ADMIN_PASSWORD" \
    -c \
-    -f "/tmp/ldif/data/01_rbac_roles.ldif"
+    -f "/tmp/ldif/data/01_rbac.ldif"
 ```
--- a/roles/docker-openproject/tasks/main.yml
+++ b/roles/docker-openproject/tasks/main.yml
@ -23,10 +23,6 @@
  notify:
    - docker compose up
 - name: "include role docker-repository-setup for {{application_id}}"
  include_role: 
    name: docker-repository-setup
 - name: "create {{dummy_volume}}"
  file:
    path: "{{dummy_volume}}"
--- a/roles/docker-openproject/vars/main.yml
+++ b/roles/docker-openproject/vars/main.yml
@ -1,6 +1,7 @@
 application_id:               "openproject"
 docker_repository_address:    "https://github.com/opf/openproject-deploy"
 database_type:                "postgres"
 docker_repository:            true
 openproject_plugins_folder:  "{{docker_compose.directories.volumes}}plugins/"
--- a/roles/docker-portfolio/tasks/main.yml
+++ b/roles/docker-portfolio/tasks/main.yml
@ -12,11 +12,6 @@
    http_port:   "{{ ports.localhost.http[application_id] }}"
  when: run_once_docker_portfolio is not defined
 - name: "include role docker-repository-setup for {{application_id}}"
  include_role: 
    name: docker-repository-setup
  when: run_once_docker_portfolio is not defined
 - name: "Check if host-specific config.yaml exists in {{ config_inventory_path }}"
  stat:
    path: "{{ config_inventory_path }}"
--- a/roles/docker-portfolio/vars/main.yml
+++ b/roles/docker-portfolio/vars/main.yml
@ -1,3 +1,4 @@
 application_id:             "portfolio"
 docker_repository_address:  "https://github.com/kevinveenbirkenbach/portfolio"
-config_inventory_path:      "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml.j2"
+config_inventory_path:      "{{ inventory_dir }}/files/{{ inventory_hostname }}/docker/portfolio/config.yaml.j2"
 docker_repository:          true
--- a/roles/docker-repository-setup/README.md
+++ b/roles/docker-repository-setup/README.md
@ -1,44 +0,0 @@
 # Docker Repository Setup
 This Ansible role sets up and manages your Docker repository. It ensures that the repository is pulled from your remote Git source, and it automatically triggers a rebuild of your Docker images using Docker Compose. 
 ## Features 🔧
 - **Default Path Setup:**  
  Automatically sets a default `docker_repository_path`
 - **Repository Management:**  
  Clones or updates your Docker repository from a specified Git repository.
 - **Automated Build Trigger:**  
  Notifies handlers to rebuild the Docker repository using Docker Compose with extended timeouts.
 ## Role Structure 📂
 - **Handlers:**  
  - `rebuild docker repository`: Runs `docker compose build` in the designated repository directory with custom timeout settings.
 - **Tasks:**  
  - Sets the default repository path if undefined.
  - Pulls the latest code from the Docker repository.
  - Notifies the Docker Compose project setup and triggers a repository rebuild.
 - **Meta:**  
  - Declares a dependency on the `docker-compose` role to ensure that handlers and related dependencies are loaded.
 ## Usage ⚙️
 Ensure that you have set the following variables (either via your inventory, `group_vars`, or `host_vars`):
 - `docker_repository_address`: The Git repository URL of your Docker repository.
 - `docker_compose.directories.services`: The base directory where your Docker services are stored.  
  The role will append `repository/` to this path to form `docker_repository_path`.
 ## Author
 Kevin Veen-Birkenbach  
 [https://www.veen.world](https://www.veen.world)
 ---
 Happy deploying! 🚀🐳
--- a/roles/docker-repository-setup/handlers/main.yml
+++ b/roles/docker-repository-setup/handlers/main.yml
@ -1,7 +0,0 @@
 - name: rebuild docker repository
  command:
    cmd:   docker compose build 
    chdir: "{{docker_repository_path}}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
    DOCKER_CLIENT_TIMEOUT: 600
--- a/roles/docker-repository-setup/meta/main.yml
+++ b/roles/docker-repository-setup/meta/main.yml
@ -1,2 +0,0 @@
 dependencies:
 - docker-compose  # To load handlers and make dependencies visible
--- a/roles/docker-taiga/tasks/main.yml
+++ b/roles/docker-taiga/tasks/main.yml
@ -10,10 +10,6 @@
    domain:   "{{ domains | get_domain(application_id) }}"
    http_port:   "{{ ports.localhost.http[application_id] }}"
 - name: "include role docker-repository-setup for {{application_id}}"
  include_role: 
    name: docker-repository-setup
 - name: "copy templates {{ settings_files }} for taiga-contrib-oidc-auth"
  template:
    src:  "taiga/{{item}}.py.j2"
--- a/roles/docker-taiga/vars/main.yml
+++ b/roles/docker-taiga/vars/main.yml
@ -10,7 +10,7 @@ taiga_image_frontend: >-
  {{ 'robrotheram/taiga-front-openid' if applications[application_id].features.oidc and applications[application_id].oidc.flavor == 'robrotheram'
     else 'taigaio/taiga-front' }}
 taiga_frontend_conf_path:   "{{docker_compose.directories.config}}conf.json"
-
+docker_repository:          true
 settings_files:
 - urls
 - local
--- a/roles/docker-template/vars/main.yml
+++ b/roles/docker-template/vars/main.yml
@ -1 +0,0 @@
 application_id: template
--- a/tasks/plays/01_constructor.yml
+++ b/tasks/plays/01_constructor.yml
@ -1,16 +1,8 @@
 ---
-
+- name: "Debug: allowed_applications"
 - name: Show effective filter_plugins setting
  shell: ansible-config dump --only-changed | grep -i filter_plugins || echo "using default"
  register: filter_cfg
 - name: Debug filter_plugins config
  debug:
-    msg: "{{ filter_cfg.stdout_lines }}"
+    msg: "{{ allowed_applications }}"
-
+  when: enable_debug | bool
 - name: "Debug: show which ansible.cfg was used"
  debug:
    msg: "{{ ansible_config_file }}"
 - name: Merge variables
  block:
@ -110,51 +102,51 @@
  when: mode_update | bool
 - name: setup standard wireguard
-  when: ("wireguard_server" in group_names)
+  when: ('wireguard_server' | application_allowed(group_names, allowed_applications))
  include_role:
    name: wireguard
 # vpn setup
 - name: setup wireguard client behind firewall\nat
-  when: ("wireguard_behind_firewall" in group_names)
+  when: ('wireguard_behind_firewall' | application_allowed(group_names, allowed_applications))
  include_role:
    name: client-wireguard-behind-firewall
 - name: setup wireguard client
-  when: ("wireguard_client" in group_names)
+  when: ('wireguard_client' | application_allowed(group_names, allowed_applications))
  include_role:
    name: client-wireguard
 ## backup setup
 - name: setup replica backup hosts
-  when: ("backup_remote_to_local" in group_names)
+  when: ('backup_remote_to_local' | application_allowed(group_names, allowed_applications))
  include_role:
    name: backup-remote-to-local
 - name: setup backup to swappable
-  when: ("backup_to_usb" in group_names)
+  when: ('backup_to_usb' | application_allowed(group_names, allowed_applications))
  include_role:
    name: backup-data-to-usb
 ## driver setup
 - name: driver-intel
-  when: ("intel" in group_names)
+  when: ('intel' | application_allowed(group_names, allowed_applications))
  include_role:
    name: driver-intel
 - name: setup multiprinter hosts
-  when: ("epson_multiprinter" in group_names)
+  when: ('epson_multiprinter' | application_allowed(group_names, allowed_applications))
  include_role:
    name: driver-epson-multiprinter
 - name: setup hibernate lid switch
-  when: ("driver-lid-switch" in group_names)
+  when: ('driver-lid-switch' | application_allowed(group_names, allowed_applications))
  include_role:
    name: driver-lid-switch
 ## system setup 
 - name: setup swapfile hosts
-  when: ("swapfile" in group_names)
+  when: ('swapfile' | application_allowed(group_names, allowed_applications))
  include_role:
    name: system-swapfile
--- a/tasks/plays/02_server.yml
+++ b/tasks/plays/02_server.yml
@ -16,25 +16,25 @@
 # Native Webserver Roles
 - name: setup nginx-serve-htmls
  when: ("nginx-serve-htmls" in group_names)
  include_role:
    name: nginx-serve-html
  vars:
    domain: "{{primary_domain}}"
  when: ('nginx-serve-htmls' | application_allowed(group_names, allowed_applications))
 - name: "setup corporate identity"
  when: ("corporate_identity" in group_names)
  include_role:
    name: persona-corporate
  when: ('corporate_identity' | application_allowed(group_names, allowed_applications))
 - name: setup redirect hosts
-  when: ("redirect" in group_names)
+  when: ('redirect' | application_allowed(group_names, allowed_applications))
  include_role:
    name: nginx-redirect-domains
  vars:
    domain_mappings: "{{ current_play_domain_mappings_redirect}}"
 - name: setup www redirect 
-  when: ("www_redirect" in group_names)
+  when: ('www_redirect' | application_allowed(group_names, allowed_applications))
  include_role:
    name: nginx-redirect-www
--- a/tasks/plays/03_destructor.yml
+++ b/tasks/plays/03_destructor.yml
@ -1,8 +1,8 @@
 - name: optimize storage performance
  include_role:
    name: system-storage-optimizer
-  when: "(path_mass_storage is defined or path_rapid_storage is defined) and enable_system_storage_optimizer | bool and (docker_enabled is defined and docker_enabled | bool) "
+  when: ('storage-optimizer' | application_allowed(group_names, allowed_applications))
-
+  
 - name: Cleanup Docker Anonymous Volumes
  import_role:
    name: cleanup-docker-anonymous-volumes
--- a/tasks/utils/update-repository-with-files.yml
+++ b/tasks/utils/update-repository-with-files.yml
@ -22,16 +22,6 @@
    chdir: "{{docker_compose.directories.instance}}"
  ignore_errors: true
 # This could be replaced by include_role: docker-repository-setup
 # Attendize and Akaunting still use this. When you refactor this code replace this.
 - name: pull docker repository
  git:
    repo: "{{ docker_repository_address }}"
    dest: "{{ docker_repository_directory  | default(docker_compose.directories.instance) }}"
    update: yes
  notify: docker compose up
  become: true
 - name: "restore detached files"
  command: >
    mv "/tmp/{{application_id}}-{{ item }}.backup" "{{docker_compose.directories.instance}}{{ item }}"
--- a/templates/docker_role/README.md
+++ b/templates/docker_role/README.md
--- a/templates/docker_role/meta/main.yml.j2
+++ b/templates/docker_role/meta/main.yml.j2
@ -0,0 +1,23 @@
 ---
 galaxy_info:
  author: "Kevin Veen-Birkenbach"
  description: "{{ description }}"
  license: "CyMaIS NonCommercial License (CNCL)"
  license_url: "https://s.veen.world/cncl"
  company: | 
    Kevin Veen-Birkenbach
    Consulting & Coaching Solutions
    https://www.veen.world
  platforms:
    - name: Docker
      versions:
        - latest
  galaxy_tags:
  {% for tag in tags %}
    - {{ tag }}
  {% endfor %}
  repository: "https://github.com/kevinveenbirkenbach/cymais"
  issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues"
  documentation: "https://github.com/kevinveenbirkenbach/cymais/roles/{{application_id}}"
  logo:
    class: "{{ logo_classes }}"
--- a/templates/docker_role/meta/schema.yml.j2
+++ b/templates/docker_role/meta/schema.yml.j2
--- a/templates/docker_role/tasks/main.yml.j2
+++ b/templates/docker_role/tasks/main.yml.j2
@ -0,0 +1,36 @@
 ---
 {% if database | bool %}
 {% raw %}
 - name: "include docker-central-database"
  include_role: 
    name: docker-central-database
  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
 - name: "include role nginx-domain-setup for {{application_id}}"
  include_role:
    name: nginx-domain-setup
  vars:
    domain:   "{{ domains | get_domain(application_id) }}"
    http_port:   "{{ ports.localhost.http[application_id] }}"
  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
 {% endraw %}
 {% else %}
 {% raw %}
 - name: "include docker-compose role"
  include_role: 
    name: docker-compose
  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
 {% endraw %}
 {% endif %}
 {% raw %}
 - name: run the {% raw %}portfolio{% endraw %} tasks once
  set_fact:
    run_once_docker_portfolio: true
  when: run_once_docker_{% endraw %}{{ application_id }}{% raw %} is not defined
 {% endraw %}
--- a/templates/docker_role/vars/main.yml.j2
+++ b/templates/docker_role/vars/main.yml.j2
@ -0,0 +1 @@
 application_id: {{ application_id }}
`@ -1 +1,2 @@`
	`docker_compose_skipp_file_creation: false # If set to true the file creation will be skipped`	`docker_compose_skipp_file_creation: false # If set to true the file creation will be skipped`
		`docker_repository: true # Activates docker repository download and routine`
		`@ -1,2 +0,0 @@`
			`dependencies:`
			`- docker-compose # To load handlers and make dependencies visible`