Replaced depenencies by includes for performance reasons

2025-08-16 00:47:29 +02:00 · 2025-08-12 03:08:33 +02:00 · 2025-08-12 03:08:33 +02:00 · 1a42e8bd14
commit 1a42e8bd14
parent 8634b5e1b3
89 changed files with 716 additions and 830 deletions
--- a/roles/desk-gnome-caffeine/tasks/01_core.yml
+++ b/roles/desk-gnome-caffeine/tasks/01_core.yml
@ -0,0 +1,21 @@
 - name: Include dependency 'dev-yay'
  include_role:
    name: dev-yay
  when: run_once_dev_yay is not defined
 - name: Install caffeine
  kewlfft.aur.aur:
    use: yay
    name:
    - caffeine-ng
  become: false
 - name: Create autostart directory if it doesn't exist
  file:
    path: "{{auto_start_directory}}"
    state: directory
 - name: Copy caffeine.desktop file to autostart directory
  template:
    src: caffeine.desktop.j2
    dest: "{{auto_start_directory}}caffeine.desktop"
--- a/roles/desk-gnome-caffeine/tasks/main.yml
+++ b/roles/desk-gnome-caffeine/tasks/main.yml
@ -1,24 +1,4 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_tasks: 01_core.yml
-  - name: Include moved dependency 'dev-yay'
+  - include_tasks: utils/run_once.yml
    include_role:
      name: dev-yay
  - set_fact:
      run_once_desk_gnome_caffeine: true
  when: run_once_desk_gnome_caffeine is not defined
 - name: Install caffeine
  kewlfft.aur.aur:
    use: yay
    name:
    - caffeine-ng
  become: false
 - name: Create autostart directory if it doesn't exist
  file:
    path: "{{auto_start_directory}}"
    state: directory
 - name: Copy caffeine.desktop file to autostart directory
  template:
    src: caffeine.desktop.j2
    dest: "{{auto_start_directory}}caffeine.desktop"
--- a/roles/desk-qbittorrent/tasks/main.yml
+++ b/roles/desk-qbittorrent/tasks/main.yml
@ -1,13 +1,14 @@
- name: Load former meta dependencies once
+- block:
-  block:
+
-  - name: Include moved dependency 'dev-yay'
+  - name: Include dependency 'dev-yay'
    include_role:
      name: dev-yay
-  - set_fact:
+    when: run_once_dev_yay is not defined
-      run_once_desk_qbittorrent: true
+
  when: run_once_desk_qbittorrent is not defined
  - name: install torrent software
    kewlfft.aur.aur:
      use: yay
      name:
      - qbittorrent
  - include_tasks: utils/run_once.yml
  when: run_once_desk_qbittorrent is not defined
--- a/roles/desk-spotify/tasks/main.yml
+++ b/roles/desk-spotify/tasks/main.yml
@ -1,13 +1,13 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'dev-yay'
  - name: Include moved dependency 'dev-yay'
    include_role:
      name: dev-yay
-  - set_fact:
+    when: run_once_dev_yay is not defined
-      run_once_desk_spotify: true
+
  when: run_once_desk_spotify is not defined
  - name: install spotify
    kewlfft.aur.aur:
      use: yay
      name:
      - spotify
  - include_tasks: utils/run_once.yml
  when: run_once_desk_spotify is not defined
--- a/roles/desk-ssh/tasks/01_core.yml
+++ b/roles/desk-ssh/tasks/01_core.yml
@ -0,0 +1,51 @@
 - name: Include dependency 'dev-shell'
  include_role:
    name: dev-shell
  when: run_once_dev_shell is not defined
 - name: pull ssh repository from {{desk_ssh_repository}}
  git:
    repo: "{{desk_ssh_repository}}"
    dest: "$HOME/.ssh"
    update: yes
  register: git_result
  ignore_errors: true
  become: false
 - name: Warn if repo is not reachable
  debug:
    msg: "Warning: Repository is not reachable."
  when: git_result.failed and enable_debug | bool
 - name: Ensure systemd user directory exists
  file:
    path: "$HOME/.config/systemd/user"
    state: directory
    mode: "0700"
  become: false
 - name: Deploy ssh-agent systemd unit file
  template:
    src: ssh-agent.service.j2
    dest: "$HOME/.config/systemd/user/ssh-agent.service"
    mode: "0644"
  become: false
 - name: Enable and start ssh-agent service
  systemd:
    name: ssh-agent.service
    scope: user
    enabled: true
    state: started
    daemon_reload: true
  become: false
 - name: Ensure ~/.profile exists with common environment
  lineinfile:
    path: "$HOME/.profile"
    line: 'export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"'
    insertafter: EOF
    state: present
    create: yes
    mode: "0644"
  become: false
--- a/roles/desk-ssh/tasks/main.yml
+++ b/roles/desk-ssh/tasks/main.yml
@ -1,54 +1,4 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_tasks: 01_core.yml
-  - name: Include moved dependency 'dev-shell'
+  - include_tasks: utils/run_once.yml
    include_role:
      name: dev-shell
  - set_fact:
      run_once_desk_ssh: true
  when: run_once_desk_ssh is not defined
 - name: pull ssh repository from {{desk_ssh_repository}}
  git:
    repo: "{{desk_ssh_repository}}"
    dest: "$HOME/.ssh"
    update: yes
  register: git_result
  ignore_errors: true
  become: false
 - name: Warn if repo is not reachable
  debug:
    msg: "Warning: Repository is not reachable."
  when: git_result.failed and enable_debug | bool
 - name: Ensure systemd user directory exists
  file:
    path: "$HOME/.config/systemd/user"
    state: directory
    mode: "0700"
  become: false
 - name: Deploy ssh-agent systemd unit file
  template:
    src: ssh-agent.service.j2
    dest: "$HOME/.config/systemd/user/ssh-agent.service"
    mode: "0644"
  become: false
 - name: Enable and start ssh-agent service
  systemd:
    name: ssh-agent.service
    scope: user
    enabled: true
    state: started
    daemon_reload: true
  become: false
 - name: Ensure ~/.profile exists with common environment
  lineinfile:
    path: "$HOME/.profile"
    line: 'export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"'
    insertafter: EOF
    state: present
    create: yes
    mode: "0644"
  become: false
--- a/roles/desk-zoom/tasks/main.yml
+++ b/roles/desk-zoom/tasks/main.yml
@ -1,14 +1,13 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'dev-yay'
  - name: Include moved dependency 'dev-yay'
    include_role:
      name: dev-yay
-  - set_fact:
+
      run_once_desk_zoom: true
  when: run_once_desk_zoom is not defined
  - name: install video conference software
    kewlfft.aur.aur:
      use: yay
      name:
      - zoom
    become: false
  - include_tasks: utils/run_once.yml
  when: run_once_desk_zoom is not defined
--- a/roles/dev-gcc/tasks/main.yml
+++ b/roles/dev-gcc/tasks/main.yml
@ -1,6 +1,10 @@
 ---
 - block:
  - name: Install GCC
    community.general.pacman:
      name: gcc
      state: present
      update_cache: yes
  - set_fact:
      run_once_dev_gcc: true
  when: run_once_dev_gcc is not defined
--- a/roles/dev-python-pip/tasks/main.yml
+++ b/roles/dev-python-pip/tasks/main.yml
@ -1,18 +1,14 @@
- name: Load former meta dependencies once
+- block:
-  block:
+
-  - name: Include moved dependency 'dev-gcc'
+  - include_role:
    include_role:
      name: dev-gcc
-  - set_fact:
+    when: run_once_dev_gcc is not defined
-      run_once_dev_python_pip: true
+
  when: run_once_dev_python_pip is not defined
  - name: python pip install
    community.general.pacman:
      name: python-pip
      state: present
  when: run_once_dev_python_pip is not defined
- name: run the python_pip tasks once
+  - include_tasks: utils/run_once.yml
-  set_fact:
+
    run_once_dev_python_pip: true
  when: run_once_dev_python_pip is not defined
--- a/roles/dev-shell/tasks/main.yml
+++ b/roles/dev-shell/tasks/main.yml
@ -1,4 +1,5 @@
 ---
 - block:
  - name: Ensure ~/.bash_profile sources ~/.profile
    lineinfile:
      path: "$HOME/.bash_profile"
@ -18,3 +19,7 @@
      create: yes
      mode: "0644"
    become: false
  - set_fact:
      run_once_dev_shell: true
  when: run_once_dev_shell is not defined
--- a/roles/dev-yay/tasks/01_core.yml
+++ b/roles/dev-yay/tasks/01_core.yml
@ -0,0 +1,47 @@
 - name: Include dependencies
  include_role:
    name: '{{ item }}'
  loop:
  - dev-fakeroot
  - dev-git
  - dev-base-devel
 - name: install yay
  community.general.pacman:
    name:
    - base-devel
    - patch
    state: present
 - name: Create the `aur_builder` user
  become: true
  ansible.builtin.user:
    name: aur_builder
    create_home: yes
    group: wheel
 - name: Allow the `aur_builder` user to run `sudo pacman` without a password
  become: true
  ansible.builtin.lineinfile:
    path: /etc/sudoers.d/11-install-aur_builder
    line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
    create: yes
    validate: 'visudo -cf %s'
 - name: Clone yay from AUR
  become: true
  become_user: aur_builder
  git:
    repo: https://aur.archlinux.org/yay.git
    dest: /home/aur_builder/yay
    clone: yes
    update: yes
 - name: Build and install yay
  become: true
  become_user: aur_builder
  shell: |
    cd /home/aur_builder/yay
    makepkg -si --noconfirm
  args:
    creates: /usr/bin/yay
--- a/roles/dev-yay/tasks/main.yml
+++ b/roles/dev-yay/tasks/main.yml
@ -1,51 +1,5 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_tasks: 01_core.yml
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - dev-fakeroot
    - dev-git
    - dev-base-devel
  - set_fact:
      run_once_dev_yay: true
  when: run_once_dev_yay is not defined
 - name: install yay
  community.general.pacman:
    name:
    - base-devel
    - patch
    state: present
 - name: Create the `aur_builder` user
  become: true
  ansible.builtin.user:
    name: aur_builder
    create_home: yes
    group: wheel
 - name: Allow the `aur_builder` user to run `sudo pacman` without a password
  become: true
  ansible.builtin.lineinfile:
    path: /etc/sudoers.d/11-install-aur_builder
    line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
    create: yes
    validate: 'visudo -cf %s'
 - name: Clone yay from AUR
  become: true
  become_user: aur_builder
  git:
    repo: https://aur.archlinux.org/yay.git
    dest: /home/aur_builder/yay
    clone: yes
    update: yes
 - name: Build and install yay
  become: true
  become_user: aur_builder
  shell: |
    cd /home/aur_builder/yay
    makepkg -si --noconfirm
  args:
    creates: /usr/bin/yay
--- a/roles/docker-compose/tasks/main.yml
+++ b/roles/docker-compose/tasks/main.yml
@ -1,11 +1,10 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_role:
  - name: Include moved dependency 'docker-container'
    include_role:
      name: docker-container
-  - set_fact:
+    when: run_once_docker_container is not defined
-      run_once_docker_compose: true
+  - include_tasks: utils/run_once.yml
  when: run_once_docker_compose is not defined
 - name: "Load variables from {{ docker_compose_variable_file }} for whole play"
  include_vars: "{{ docker_compose_variable_file }}"
--- a/roles/docker-container/tasks/main.yml
+++ b/roles/docker-container/tasks/main.yml
@ -1,8 +1,6 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_role:
  - name: Include moved dependency 'docker-core'
    include_role:
      name: docker-core
-  - set_fact:
+    when: run_once_docker_core is not defined
-      run_once_docker_container: true
+  - include_tasks: utils/run_once.yml
  when: run_once_docker_container is not defined
--- a/roles/drv-epson-multiprinter/tasks/01_core.yml
+++ b/roles/drv-epson-multiprinter/tasks/01_core.yml
@ -0,0 +1,19 @@
 - name: Include dependency 'dev-yay'
  include_role:
    name: dev-yay
  when: run_once_dev_yay is not defined
 - name: install AUR packages for epson
  kewlfft.aur.aur:
    use: yay
    name:
    - epson-printer-utility
    - imagescan-plugin-networkscan
    - epson-inkjet-printer-escpr
    - epson-inkjet-printer-escpr2
  become: false
 - name: install imagescan
  community.general.pacman:
    name: imagescan
    state: present
--- a/roles/drv-epson-multiprinter/tasks/main.yml
+++ b/roles/drv-epson-multiprinter/tasks/main.yml
@ -1,21 +1,5 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_tasks: 01_core.yml
  - name: Include moved dependency 'dev-yay'
    include_role:
      name: dev-yay
  - set_fact:
      run_once_drv_epson_multiprinter: true
  when: run_once_drv_epson_multiprinter is not defined
 - name: install AUR packages for epson
  kewlfft.aur.aur:
    use: yay
    name:
    - epson-printer-utility
    - imagescan-plugin-networkscan
    - epson-inkjet-printer-escpr
    - epson-inkjet-printer-escpr2
  become: false
 - name: install imagescan
  community.general.pacman:
    name: imagescan
    state: present
--- a/roles/drv-msi-keyboard-color/tasks/01_core.yml
+++ b/roles/drv-msi-keyboard-color/tasks/01_core.yml
@ -0,0 +1,38 @@
 - include_role:
    name: '{{ item }}'
  loop:
  - dev-yay
  - sys-alm-compose
 - name: Install MSI packages
  kewlfft.aur.aur:
    use: yay
    name:
    - msi-perkeyrgb
 - name: Copy keyboard_color.sh script
  copy:
    src: keyboard_color.py
    dest: /opt/keyboard_color.py
    mode: 0755
 - name: Copy keyboard-color.infinito.service file
  template:
    src: keyboard-color.service.j2
    dest: /etc/systemd/system/keyboard-color.infinito.service
    mode: 0644
 - name: Reload systemd daemon
  systemd:
    daemon_reload: yes
 - name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
 - name: "include role for sys-timer for {{service_name}}"
  include_role:
    name: sys-timer
  vars:
    on_calendar: "{{on_calendar_msi_keyboard_color}}"
    persistent: "true"
--- a/roles/drv-msi-keyboard-color/tasks/main.yml
+++ b/roles/drv-msi-keyboard-color/tasks/main.yml
@ -1,43 +1,5 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_tasks: 01_core.yml
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - dev-yay
    - sys-alm-compose
  - set_fact:
      run_once_drv_msi_keyboard_color: true
  when: run_once_drv_msi_keyboard_color is not defined
 - name: Install MSI packages
  kewlfft.aur.aur:
    use: yay
    name:
    - msi-perkeyrgb
 - name: Copy keyboard_color.sh script
  copy:
    src: keyboard_color.py
    dest: /opt/keyboard_color.py
    mode: 0755
 - name: Copy keyboard-color.infinito.service file
  template:
    src: keyboard-color.service.j2
    dest: /etc/systemd/system/keyboard-color.infinito.service
    mode: 0644
 - name: Reload systemd daemon
  systemd:
    daemon_reload: yes
 - name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
 - name: "include role for sys-timer for {{service_name}}"
  include_role:
    name: sys-timer
  vars:
    on_calendar: "{{on_calendar_msi_keyboard_color}}"
    persistent: "true"
--- a/roles/pkgmgr-install/tasks/01_core.yml
+++ b/roles/pkgmgr-install/tasks/01_core.yml
@ -0,0 +1,9 @@
 - name: Include dependency 'pkgmgr'
  include_role:
    name: pkgmgr
  when: run_once_pkgmgr is not defined
 - name: update pkgmgr
  shell: |
    source ~/.venvs/pkgmgr/bin/activate
    pkgmgr update pkgmgr
--- a/roles/pkgmgr-install/tasks/main.yml
+++ b/roles/pkgmgr-install/tasks/main.yml
@ -1,16 +1,8 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_tasks: 01_core.yml
  - name: Include moved dependency 'pkgmgr'
    include_role:
      name: pkgmgr
  - set_fact:
      run_once_pkgmgr_install: true
  when: run_once_pkgmgr_install is not defined
 - name: update pkgmgr
  shell: |
    source ~/.venvs/pkgmgr/bin/activate
    pkgmgr update pkgmgr
  when: run_once_pkgmgr_install is not defined
 - name: update {{ package_name }}
  shell: |
@ -21,7 +13,3 @@
  changed_when: "'No command defined and neither main.sh nor main.py found' not in pkgmgr_update_result.stdout"
  failed_when: pkgmgr_update_result.rc != 0 and 'No command defined and neither main.sh nor main.py found' not in pkgmgr_update_result.stdout
 - name: mark pkgmgr update as done
  set_fact:
    run_once_pkgmgr_install: true
  when: run_once_pkgmgr_install is not defined
--- a/roles/pkgmgr/tasks/01_core.yml
+++ b/roles/pkgmgr/tasks/01_core.yml
@ -1,15 +1,11 @@
- name: Load former meta dependencies once
+- name: Include dependencies
  block:
  - name: Include moved dependencies
  include_role:
    name: '{{ item }}'
  loop:
  - dev-git
  - dev-make
  - dev-python-yaml
-  - set_fact:
+
      run_once_pkgmgr: true
  when: run_once_pkgmgr is not defined
 - name: Ensure GitHub host key is in known_hosts
  known_hosts:
    path: "~/.ssh/known_hosts"
--- a/roles/srv-proxy-6-6-domain/tasks/main.yml
+++ b/roles/srv-proxy-6-6-domain/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'srv-proxy-7-4-core'
  - name: Include moved dependency 'srv-proxy-7-4-core'
    include_role:
      name: srv-proxy-7-4-core
-  - set_fact:
+    when: run_once_srv_proxy_7_4_core is not defined
-      run_once_srv_proxy_6_6_domain: true
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_proxy_6_6_domain is not defined
 - include_tasks: "01_cloudflare.yml"
  when: dns_provider == "cloudflare"
--- a/roles/srv-proxy-6-6-tls-deploy/tasks/01_core.yml
+++ b/roles/srv-proxy-6-6-tls-deploy/tasks/01_core.yml
@ -0,0 +1,10 @@
 - name: Include dependency 'sys-alm-compose'
  include_role:
    name: sys-alm-compose
  when: run_once_sys_alm_compose is not defined
 - name: add srv-proxy-6-6-tls-deploy.sh
  template:
    src: "srv-proxy-6-6-tls-deploy.sh.j2"
    dest: "{{nginx_docker_cert_deploy_script}}"
  notify: restart srv-proxy-6-6-tls-deploy.infinito.service
--- a/roles/srv-proxy-6-6-tls-deploy/tasks/main.yml
+++ b/roles/srv-proxy-6-6-tls-deploy/tasks/main.yml
@ -1,17 +1,8 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_tasks: 01_core.yml
  - name: Include moved dependency 'sys-alm-compose'
    include_role:
      name: sys-alm-compose
  - set_fact:
      run_once_srv_proxy_6_6_tls_deploy: true
  when: run_once_srv_proxy_6_6_tls_deploy is not defined
 - name: add srv-proxy-6-6-tls-deploy.sh
  template:
    src: "srv-proxy-6-6-tls-deploy.sh.j2"
    dest: "{{nginx_docker_cert_deploy_script}}"
  when: run_once_srv_proxy_6_6_tls_deploy is not defined
  notify: restart srv-proxy-6-6-tls-deploy.infinito.service
 - name: "create {{cert_mount_directory}}"
  file:
@ -34,7 +25,3 @@
    service_name: "srv-proxy-6-6-tls-deploy.{{application_id}}"
    persistent: "true"
 - name: run the run_once_srv_proxy_6_6_tls_deploy tasks once
  set_fact:
    run_once_srv_proxy_6_6_tls_deploy: true
  when: run_once_srv_proxy_6_6_tls_deploy is not defined
--- a/roles/srv-proxy-7-4-core/tasks/main.yml
+++ b/roles/srv-proxy-7-4-core/tasks/main.yml
@ -1,11 +1,9 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - srv-web-7-6-https
    - srv-web-7-4-core
-  - set_fact:
+  - include_tasks: utils/run_once.yml
      run_once_srv_proxy_7_4_core: true
  when: run_once_srv_proxy_7_4_core is not defined
--- a/roles/srv-web-6-6-tls-core/tasks/main.yml
+++ b/roles/srv-web-6-6-tls-core/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'srv-web-7-6-https'
  - name: Include moved dependency 'srv-web-7-6-https'
    include_role:
      name: srv-web-7-6-https
-  - set_fact:
+    when: run_once_srv_web_7_6_https is not defined
-      run_once_srv_web_6_6_tls_core: true
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_6_6_tls_core is not defined
 - name: "Include flavor '{{ certbot_flavor }}' for '{{ domain }}'"
  include_tasks: "{{ role_path }}/tasks/flavors/{{ certbot_flavor }}.yml"
--- a/roles/srv-web-6-6-tls-renew/tasks/01_core.yml
+++ b/roles/srv-web-6-6-tls-renew/tasks/01_core.yml
@ -1,15 +1,11 @@
- name: Load former meta dependencies once
+- name: Include dependencies
  block:
  - name: Include moved dependencies
  include_role:
    name: '{{ item }}'
  loop:
  - srv-web-7-7-certbot
  - srv-web-7-4-core
  - sys-alm-compose
-  - set_fact:
+
      run_once_srv_web_6_6_tls_renew: true
  when: run_once_srv_web_6_6_tls_renew is not defined
 - name: install certbot
  community.general.pacman:
    name:
--- a/roles/srv-web-7-6-https/tasks/main.yml
+++ b/roles/srv-web-7-6-https/tasks/main.yml
@ -1,12 +1,10 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - srv-web-7-4-core
    - sys-cln-domains
    - srv-web-7-7-letsencrypt
-  - set_fact:
+  - include_tasks: utils/run_once.yml
      run_once_srv_web_7_6_https: true
  when: run_once_srv_web_7_6_https is not defined
--- a/roles/srv-web-7-7-inj-compose/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-compose/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'srv-web-7-4-core'
  - name: Include moved dependency 'srv-web-7-4-core'
    include_role:
      name: srv-web-7-4-core
-  - set_fact:
+    when: run_once_srv_web_7_4_core is not defined
-      run_once_srv_web_7_7_inj_compose: true
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_7_inj_compose is not defined
 - name: Set inj_enabled dictionary
  set_fact:
    inj_enabled:
--- a/roles/srv-web-7-7-inj-css/tasks/01_core.yml
+++ b/roles/srv-web-7-7-inj-css/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'srv-web-7-4-core'
  block:
  - name: Include moved dependency 'srv-web-7-4-core'
  include_role:
    name: srv-web-7-4-core
-  - set_fact:
+  when: run_once_srv_web_7_4_core is not defined
-      run_once_srv_web_7_7_inj_css: true
+
  when: run_once_srv_web_7_7_inj_css is not defined
 - name: Generate color palette with colorscheme-generator
  set_fact:
    color_palette: "{{ lookup('colorscheme', global_css_base_color, count=global_css_count, shades=global_css_shades) }}"
--- a/roles/srv-web-7-7-inj-javascript/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-javascript/tasks/main.yml
@ -1,11 +1,12 @@
- name: Load former meta dependencies once
+- block:
-  block:
+
-  - name: Include moved dependency 'srv-web-7-4-core'
+  - name: Include dependency 'srv-web-7-4-core'
    include_role:
      name: srv-web-7-4-core
-  - set_fact:
+    when: run_once_srv_web_7_4_core is not defined
-      run_once_srv_web_7_7_inj_javascript: true
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_7_inj_javascript is not defined
 - name: "Load JavaScript code for '{{ application_id }}'"
  set_fact:
    javascript_code: "{{ lookup('template', modifier_javascript_template_file) }}"
--- a/roles/srv-web-7-7-inj-logout/tasks/01_core.yml
+++ b/roles/srv-web-7-7-inj-logout/tasks/01_core.yml
@ -0,0 +1,8 @@
 - name: Include dependency 'srv-web-7-4-core'
  include_role:
    name: srv-web-7-4-core
  when: 
    - run_once_srv_web_7_4_core is not defined
 - name: "deploy the logout.js"
  include_tasks: "deploy.yml"
--- a/roles/srv-web-7-7-inj-logout/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-logout/tasks/main.yml
@ -1,14 +1,8 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_tasks: 01_core.yml
  - name: Include moved dependency 'srv-web-7-4-core'
    include_role:
      name: srv-web-7-4-core
  - set_fact:
      run_once_srv_web_7_7_inj_logout: true
  when: run_once_srv_web_7_7_inj_logout is not defined
 - name: "deploy the logout.js"
  include_tasks: "deploy.yml"
  when: run_once_srv_web_7_7_inj_logout is not defined
 - name: "Load logout code for '{{ application_id }}'"
  set_fact:
@ -22,8 +16,3 @@
  set_fact:
    applications: "{{ applications | append_csp_hash(application_id, logout_code_one_liner) }}"
  changed_when: false
 - name: mark js as deployed
  set_fact:
    run_once_srv_web_7_7_inj_logout: true
  when: run_once_srv_web_7_7_inj_logout is not defined
--- a/roles/srv-web-7-7-inj-matomo/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-matomo/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'srv-web-7-4-core'
  - name: Include moved dependency 'srv-web-7-4-core'
    include_role:
      name: srv-web-7-4-core
-  - set_fact:
+    when: run_once_srv_web_7_4_core is not defined
-      run_once_srv_web_7_7_inj_matomo: true
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_7_inj_matomo is not defined
 - name: "Relevant variables for role: {{ role_path | basename }}"
  debug:
    msg:
--- a/roles/srv-web-7-7-inj-port-ui-desktop/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-port-ui-desktop/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'srv-web-7-4-core'
  - name: Include moved dependency 'srv-web-7-4-core'
    include_role:
      name: srv-web-7-4-core
-  - set_fact:
+    when: run_once_srv_web_7_4_core is not defined
-      run_once_srv_web_7_7_inj_port_ui_desktop: true
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_7_inj_port_ui_desktop is not defined
 - name: "Load iFrame handler JS template for '{{ application_id }}'"
  set_fact:
    iframe_code: "{{ lookup('template','iframe-handler.js.j2') }}"
--- a/roles/srv-web-7-7-letsencrypt/tasks/01_core.yml
+++ b/roles/srv-web-7-7-letsencrypt/tasks/01_core.yml
@ -0,0 +1,14 @@
  - name: Include dependency 'srv-web-6-6-tls-renew'
    include_role:
      name: srv-web-6-6-tls-renew
    when: run_once_srv_web_6_6_tls_renew is not defined
  - name: create nginx letsencrypt config file
    template:
      src: "letsencrypt.conf.j2"
      dest: "{{nginx.directories.http.global}}letsencrypt.conf"
    notify: restart openresty
  - name: "Set CAA records for all base domains"
    include_tasks: 01_set-caa-records.yml
    when: dns_provider == 'cloudflare'
--- a/roles/srv-web-7-7-letsencrypt/tasks/main.yml
+++ b/roles/srv-web-7-7-letsencrypt/tasks/main.yml
@ -1,21 +1,4 @@
 - name: Load former meta dependencies once
  block:
  - name: Include moved dependency 'srv-web-6-6-tls-renew'
    include_role:
      name: srv-web-6-6-tls-renew
  - set_fact:
      run_once_srv_web_7_7_letsencrypt: true
  when: run_once_srv_web_7_7_letsencrypt is not defined
 - block:
-  - name: create nginx letsencrypt config file
+  - include_tasks: 01_core.yml
    template:
      src: "letsencrypt.conf.j2"
      dest: "{{nginx.directories.http.global}}letsencrypt.conf"
    notify: restart openresty
  - name: "Set CAA records for all base domains"
    include_tasks: 01_set-caa-records.yml
    when: dns_provider == 'cloudflare'
  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_7_letsencrypt is not defined
--- a/roles/svc-bkp-loc-2-usb/tasks/main.yml
+++ b/roles/svc-bkp-loc-2-usb/tasks/main.yml
@ -1,14 +1,13 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - sys-cln-bkps-service
    - sys-lock
-  - set_fact:
+  - include_tasks: utils/run_once.yml
      run_once_svc_bkp_loc_2_usb: true
  when: run_once_svc_bkp_loc_2_usb is not defined
 - name: Fail if any backup_to_usb variable is empty
  assert:
    that:
--- a/roles/svc-bkp-rmt-2-loc/tasks/main.yml
+++ b/roles/svc-bkp-rmt-2-loc/tasks/main.yml
@ -1,6 +1,5 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
@ -9,9 +8,9 @@
    - sys-lock
    - user-root
    - sys-rst-daemon
-  - set_fact:
+  - include_tasks: utils/run_once.yml
      run_once_svc_bkp_rmt_2_loc: true
  when: run_once_svc_bkp_rmt_2_loc is not defined
 - name: "create {{docker_backup_remote_to_local_folder}}"
  file:
    path: "{{docker_backup_remote_to_local_folder}}"
--- a/roles/svc-db-postgres/tasks/01_core.yml
+++ b/roles/svc-db-postgres/tasks/01_core.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'docker-core'
  - name: Include moved dependency 'docker-core'
    include_role:
      name: docker-core
-  - set_fact:
+    when: run_once_docker_core is not defined
-      run_once_svc_db_postgres: true
+  - include_tasks: utils/run_once.yml
  when: run_once_svc_db_postgres is not defined
 - name: Create Docker network for PostgreSQL
  community.docker.docker_network:
    name: "{{ postgres_network_name }}"
--- a/roles/svc-opt-swapfile/tasks/main.yml
+++ b/roles/svc-opt-swapfile/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'pkgmgr-install'
  - name: Include moved dependency 'pkgmgr-install'
    include_role:
      name: pkgmgr-install
-  - set_fact:
+    when: run_once_pkgmgr_install is not defined
-      run_once_svc_opt_swapfile: true
+  - include_tasks: utils/run_once.yml
  when: run_once_svc_opt_swapfile is not defined
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-alm-compose/tasks/main.yml
+++ b/roles/sys-alm-compose/tasks/main.yml
@ -1,22 +1,14 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - sys-alm-telegram
    - sys-alm-email
  - set_fact:
      run_once_sys_alm_compose: true
  when: run_once_sys_alm_compose is not defined
  - name: configure sys-alm-compose.infinito@.service
    template:
      src: sys-alm-compose@.service.j2
      dest: "/etc/systemd/system/sys-alm-compose.infinito@.service"
    notify: "restart sys-alm-compose service"
-  when: run_once_sys_alm_compose is not defined
+  - include_tasks: utils/run_once.yml
 - name: run the systemd_notifier_service tasks once
  set_fact:
    run_once_sys_alm_compose: true
  when: run_once_sys_alm_compose is not defined
--- a/roles/sys-alm-email/tasks/01_core.yml
+++ b/roles/sys-alm-email/tasks/01_core.yml
@ -1,14 +1,10 @@
- name: Load former meta dependencies once
+- name: Include dependencies
  block:
  - name: Include moved dependencies
  include_role:
    name: '{{ item }}'
  loop:
  - sys-svc-msmtp
  - sys-rst-daemon
-  - set_fact:
+
      run_once_sys_alm_email: true
  when: run_once_sys_alm_email is not defined
 - name: "create {{systemd_notifier_email_folder}}"
  file:
    path: "{{systemd_notifier_email_folder}}"
--- a/roles/sys-alm-telegram/tasks/01_core.yml
+++ b/roles/sys-alm-telegram/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'sys-rst-daemon'
  block:
  - name: Include moved dependency 'sys-rst-daemon'
  include_role:
    name: sys-rst-daemon
-  - set_fact:
+  when: run_once_sys_rst_daemon is not defined
-      run_once_sys_alm_telegram: true
+
  when: run_once_sys_alm_telegram is not defined
 - name: Fail if Telegram bot credentials are not set
  assert:
    that:
--- a/roles/sys-bkp-docker-2-loc/tasks/01_core.yml
+++ b/roles/sys-bkp-docker-2-loc/tasks/01_core.yml
@ -1,6 +1,4 @@
- name: Load former meta dependencies once
+- name: Include dependencies
  block:
  - name: Include moved dependencies
  include_role:
    name: '{{ item }}'
  loop:
@ -8,9 +6,7 @@
  - sys-alm-compose
  - sys-lock
  - sys-bkp-directory-validator
-  - set_fact:
+
      run_once_sys_bkp_docker_2_loc: true
  when: run_once_sys_bkp_docker_2_loc is not defined
 - include_tasks: 02_pkgmgr_routines.yml
  when: backup_docker_to_local_folder is not defined
--- a/roles/sys-bkp-provider/tasks/main.yml
+++ b/roles/sys-bkp-provider/tasks/main.yml
@ -1,11 +1,9 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - sys-bkp-provider-user
    - sys-cln-bkps-timer
-  - set_fact:
+  - include_tasks: utils/run_once.yml
      run_once_sys_bkp_provider: true
  when: run_once_sys_bkp_provider is not defined
--- a/roles/sys-cli/tasks/main.yml
+++ b/roles/sys-cli/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'dev-yay'
  - name: Include moved dependency 'dev-yay'
    include_role:
      name: dev-yay
-  - set_fact:
+    when: run_once_dev_yay is not defined
-      run_once_sys_cli: true
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_cli is not defined
 - name: "pkgmgr install infinito"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-cln-bkps-service/tasks/01_core.yml
+++ b/roles/sys-cln-bkps-service/tasks/01_core.yml
@ -1,6 +1,4 @@
- name: Load former meta dependencies once
+- name: Include dependencies
  block:
  - name: Include moved dependencies
  include_role:
    name: '{{ item }}'
  loop:
@ -8,9 +6,7 @@
  - sys-alm-compose
  - sys-lock
  - sys-rst-daemon
-  - set_fact:
+
      run_once_sys_cln_bkps_service: true
  when: run_once_sys_cln_bkps_service is not defined
 - name: install lsof and python-psutil
  community.general.pacman:
    name:
--- a/roles/sys-cln-bkps-timer/tasks/01_core.yml
+++ b/roles/sys-cln-bkps-timer/tasks/01_core.yml
@ -0,0 +1,16 @@
 - name: Include dependencies
  include_role:
    name: '{{ item }}'
  loop:
  - sys-cln-bkps-service
  - sys-rst-daemon
 - name: set service_name to sys-cln-backups
  set_fact:
    service_name: "sys-cln-backups"
 - name: "include role for sys-timer for {{service_name}}"
  include_role:
    name: sys-timer
  vars:
    on_calendar: "{{on_calendar_cleanup_backups}}"
--- a/roles/sys-cln-bkps-timer/tasks/main.yml
+++ b/roles/sys-cln-bkps-timer/tasks/main.yml
@ -1,26 +1,5 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_tasks: 01_core.yml
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - sys-cln-bkps-service
    - sys-rst-daemon
  - set_fact:
      run_once_sys_cln_bkps_timer: true
  when: run_once_sys_cln_bkps_timer is not defined
 - name: set service_name to sys-cln-backups
  set_fact:
    service_name: "sys-cln-backups"
  when: run_once_sys_cln_bkps_timer is not defined
 - name: "include role for sys-timer for {{service_name}}"
  include_role:
    name: sys-timer
  vars:
    on_calendar: "{{on_calendar_cleanup_backups}}"
  when: run_once_sys_cln_bkps_timer is not defined
  - name: run the cleanup_backups_timer tasks once
    set_fact:
      run_once_sys_cln_bkps_timer: true
--- a/roles/sys-cln-certs/tasks/01_core.yml
+++ b/roles/sys-cln-certs/tasks/01_core.yml
@ -1,14 +1,10 @@
- name: Load former meta dependencies once
+- name: Include dependencies
  block:
  - name: Include moved dependencies
  include_role:
    name: '{{ item }}'
  loop:
  - sys-alm-compose
  - sys-rst-daemon
-  - set_fact:
+
      run_once_sys_cln_certs: true
  when: run_once_sys_cln_certs is not defined
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-cln-disc-space/tasks/main.yml
+++ b/roles/sys-cln-disc-space/tasks/main.yml
@ -1,15 +1,14 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - sys-alm-compose
    - sys-lock
    - sys-rst-daemon
-  - set_fact:
+  - include_tasks: utils/run_once.yml
      run_once_sys_cln_disc_space: true
  when: run_once_sys_cln_disc_space is not defined
 - name: "create {{cleanup_disc_space_folder}}"
  file:
    path: "{{cleanup_disc_space_folder}}"
--- a/roles/sys-cln-domains/tasks/main.yml
+++ b/roles/sys-cln-domains/tasks/main.yml
@ -1,14 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - srv-web-7-4-core
    - sys-rst-daemon
-  - set_fact:
+
      run_once_sys_cln_domains: true
  when: run_once_sys_cln_domains is not defined
  - name: Include task to remove deprecated nginx configs
    include_tasks: remove_deprecated_nginx_configs.yml
    loop: "{{ deprecated_domains }}"
@ -18,7 +15,6 @@
      domain: "{{ item }}"
    when:
    - mode_cleanup | bool
  - run_once_sys_cln_domains is not defined
 ## The revoking just works for the base domain
 #- name: "Revoke Certbot certificate for {{ item }}"
@ -55,8 +51,5 @@
 #    'No certificate found with name' not in certbot_delete_result.stderr
 #  changed_when: >
 #    certbot_delete_result.rc == 0
-
+  - include_tasks: utils/run_once.yml
 - name: run the nginx_domains_cleanup role once
  set_fact:
    run_once_sys_cln_domains: true
  when: run_once_sys_cln_domains is not defined
--- a/roles/sys-cln-faild-bkps/tasks/01_core.yml
+++ b/roles/sys-cln-faild-bkps/tasks/01_core.yml
@ -1,6 +1,4 @@
- name: Load former meta dependencies once
+- name: Include dependencies
  block:
  - name: Include moved dependencies
  include_role:
    name: '{{ item }}'
  loop:
@ -8,9 +6,7 @@
  - sys-lock
  - sys-bkp-directory-validator
  - sys-rst-daemon
-  - set_fact:
+
      run_once_sys_cln_faild_bkps: true
  when: run_once_sys_cln_faild_bkps is not defined
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-hlth-btrfs/tasks/main.yml
+++ b/roles/sys-hlth-btrfs/tasks/main.yml
@ -1,11 +1,13 @@
- name: Load former meta dependencies once
+- block:
-  block:
+
-  - name: Include moved dependency 'sys-alm-compose'
+  - name: Include dependency 'sys-alm-compose'
    include_role:
      name: sys-alm-compose
-  - set_fact:
+    when: run_once_sys_alm_compose is not defined
-      run_once_sys_hlth_btrfs: true
+
  - include_tasks: utils/run_once.yml
  when: run_once_sys_hlth_btrfs is not defined
 - name: "create {{docker_health_btrfs_folder}}"
  file:
    path: "{{docker_health_btrfs_folder}}"
--- a/roles/sys-hlth-csp/tasks/01_core.yml
+++ b/roles/sys-hlth-csp/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'sys-alm-compose'
  block:
  - name: Include moved dependency 'sys-alm-compose'
  include_role:
    name: sys-alm-compose
-  - set_fact:
+  when: run_once_sys_alm_compose is not defined
-      run_once_sys_hlth_csp: true
+
  when: run_once_sys_hlth_csp is not defined
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-hlth-disc-space/tasks/main.yml
+++ b/roles/sys-hlth-disc-space/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'sys-alm-compose'
  - name: Include moved dependency 'sys-alm-compose'
    include_role:
      name: sys-alm-compose
-  - set_fact:
+    when: run_once_sys_alm_compose is not defined
-      run_once_sys_hlth_disc_space: true
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_hlth_disc_space is not defined
 - name: "create {{health_disc_space_folder}}"
  file:
    path: "{{health_disc_space_folder}}"
--- a/roles/sys-hlth-docker-container/tasks/01_core.yml
+++ b/roles/sys-hlth-docker-container/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'sys-alm-compose'
  block:
  - name: Include moved dependency 'sys-alm-compose'
  include_role:
    name: sys-alm-compose
-  - set_fact:
+  when: run_once_sys_alm_compose is not defined
-      run_once_sys_hlth_docker_container: true
+  
  when: run_once_sys_hlth_docker_container is not defined
 - name: "create {{health_docker_container_folder}}"
  file:
    path: "{{health_docker_container_folder}}"
--- a/roles/sys-hlth-docker-volumes/tasks/01_core.yml
+++ b/roles/sys-hlth-docker-volumes/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'sys-alm-compose'
  block:
  - name: Include moved dependency 'sys-alm-compose'
  include_role:
    name: sys-alm-compose
-  - set_fact:
+  when: run_once_sys_alm_compose is not defined
-      run_once_sys_hlth_docker_volumes: true
+  
  when: run_once_sys_hlth_docker_volumes is not defined
 - name: "create {{health_docker_volumes_folder}}"
  file:
    path: "{{health_docker_volumes_folder}}"
--- a/roles/sys-hlth-journalctl/tasks/01_core.yml
+++ b/roles/sys-hlth-journalctl/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'sys-alm-compose'
  block:
  - name: Include moved dependency 'sys-alm-compose'
  include_role:
    name: sys-alm-compose
-  - set_fact:
+  when: run_once_sys_alm_compose is not defined
-      run_once_sys_hlth_journalctl: true
+
  when: run_once_sys_hlth_journalctl is not defined
 - name: "create {{health_journalctl_folder}}"
  file:
    path: "{{health_journalctl_folder}}"
--- a/roles/sys-hlth-msmtp/tasks/main.yml
+++ b/roles/sys-hlth-msmtp/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'sys-alm-telegram'
  - name: Include moved dependency 'sys-alm-telegram'
    include_role:
      name: sys-alm-telegram
-  - set_fact:
+    when: run_once_sys_alm_telegram is not defined
-      run_once_sys_hlth_msmtp: true
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_hlth_msmtp is not defined
 - name: "create {{ health_msmtp_folder }}"
  file:
    path: "{{ health_msmtp_folder }}"
--- a/roles/sys-hlth-webserver/tasks/01_core.yml
+++ b/roles/sys-hlth-webserver/tasks/01_core.yml
@ -1,14 +1,13 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - dev-python-pip
    - sys-alm-compose
-  - set_fact:
+  - include_tasks: utils/run_once.yml
      run_once_sys_hlth_webserver: true
  when: run_once_sys_hlth_webserver is not defined
 - name: Install required Python modules
  community.general.pacman:
    name: python-requests
--- a/roles/sys-postfix/tasks/main.yml
+++ b/roles/sys-postfix/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'user-administrator'
  - name: Include moved dependency 'user-administrator'
    include_role:
      name: user-administrator
-  - set_fact:
+    when: run_once_user_administrator is not defined
-      run_once_sys_postfix: true
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_postfix is not defined
 - name: install postfix
  community.general.pacman:
    name: postfix
--- a/roles/sys-rpr-btrfs-blnc/tasks/01_core.yml
+++ b/roles/sys-rpr-btrfs-blnc/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'sys-alm-compose'
  block:
  - name: Include moved dependency 'sys-alm-compose'
  include_role:
    name: sys-alm-compose
-  - set_fact:
+  when: run_once_sys_alm_compose is not defined
-      run_once_sys_rpr_btrfs_blnc: true
+
  when: run_once_sys_rpr_btrfs_blnc is not defined
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-rpr-docker-hard/tasks/01_core.yml
+++ b/roles/sys-rpr-docker-hard/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'sys-lock'
  block:
  - name: Include moved dependency 'sys-lock'
  include_role:
    name: sys-lock
-  - set_fact:
+  when: run_once_sys_lock is not defined
-      run_once_sys_rpr_docker_hard: true
+
  when: run_once_sys_rpr_docker_hard is not defined
 - name: "create {{restart_docker_folder}}"
  file:
    path: "{{restart_docker_folder}}"
--- a/roles/sys-rpr-docker-soft/tasks/01_core.yml
+++ b/roles/sys-rpr-docker-soft/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'sys-lock'
  block:
  - name: Include moved dependency 'sys-lock'
  include_role:
    name: sys-lock
-  - set_fact:
+  when: run_once_sys_lock is not defined
-      run_once_sys_rpr_docker_soft: true
+
  when: run_once_sys_rpr_docker_soft is not defined
 - name: "create {{heal_docker}}"
  file:
    path: "{{heal_docker}}"
--- a/roles/sys-svc-journalctl/tasks/main.yml
+++ b/roles/sys-svc-journalctl/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'sys-hlth-journalctl'
  - name: Include moved dependency 'sys-hlth-journalctl'
    include_role:
      name: sys-hlth-journalctl
-  - set_fact:
+    when: run_once_sys_hlth_journalctl is not defined
-      run_once_sys_svc_journalctl: true
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_svc_journalctl is not defined
 - name: copy journald.conf
  template:
    src: templates/journald.conf.j2
--- a/roles/sys-svc-msmtp/tasks/01_core.yml
+++ b/roles/sys-svc-msmtp/tasks/01_core.yml
@ -0,0 +1,17 @@
 - name: Include dependency 'sys-hlth-msmtp'
  include_role:
    name: sys-hlth-msmtp
  when: run_once_sys_hlth_msmtp is not defined
 - name: install msmtp msmtp-mta
  community.general.pacman:
    name:
    - msmtp
    - msmtp-mta
    state: present
 - name: configure msmtprc.conf.j2
  template:
    src: "msmtprc.conf.j2"
    dest: "/root/.msmtprc"
    mode: 600
--- a/roles/sys-svc-msmtp/tasks/main.yml
+++ b/roles/sys-svc-msmtp/tasks/main.yml
@ -1,27 +1,5 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_tasks: 01_core.yml
  - name: Include moved dependency 'sys-hlth-msmtp'
    include_role:
      name: sys-hlth-msmtp
  - set_fact:
      run_once_sys_svc_msmtp: true
  when: run_once_sys_svc_msmtp is not defined
 - name: install msmtp msmtp-mta
  community.general.pacman:
    name:
    - msmtp
    - msmtp-mta
    state: present
  when: run_once_sys_svc_msmtp is not defined
 - name: configure msmtprc.conf.j2
  template:
    src: "msmtprc.conf.j2"
    dest: "/root/.msmtprc"
    mode: 600
  when: run_once_sys_svc_msmtp is not defined
 - name: run the msmtp tasks once
  set_fact:
    run_once_sys_svc_msmtp: true
  when: run_once_sys_svc_msmtp is not defined
--- a/roles/sys-svc-sshd/tasks/main.yml
+++ b/roles/sys-svc-sshd/tasks/main.yml
@ -1,12 +1,8 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'user-administrator'
  - name: Include moved dependency 'user-administrator'
    include_role:
      name: user-administrator
-  - set_fact:
+    when: run_once_user_administrator is not defined
      run_once_sys_svc_sshd: true
  when: run_once_sys_svc_sshd is not defined
 - block:
  - name: create sshd_config
    template:
      src: "sshd_config.j2"
@ -15,8 +11,5 @@
      group: root
      mode: '0644'
    notify: sshd restart
-
+  - include_tasks: utils/run_once.yml
  - name: run the sshd tasks once
    set_fact:
      run_once_sys_svc_sshd: true
  when: run_once_sys_svc_sshd is not defined
--- a/roles/update-compose/tasks/01_core.yml
+++ b/roles/update-compose/tasks/01_core.yml
@ -30,7 +30,9 @@
 - name: "Update with yay"
  include_role:
    name: update-yay
-  when: yay_installed.rc == 0
+  when:
    - yay_installed.rc == 0
    - run_once_update_yay is not defined
 - name: "Check if pip is installed"
  command: which pip
@ -41,6 +43,8 @@
 - name: "Update with pip"
  include_role:
    name: update-pip
  when:
    - run_once_update_pip is not defined
 - name: "Check if pkgmgr command is available"
  command: "which pkgmgr"
--- a/roles/update-docker/tasks/01_core.yml
+++ b/roles/update-docker/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'sys-lock'
  block:
  - name: Include moved dependency 'sys-lock'
  include_role:
    name: sys-lock
-  - set_fact:
+  when: run_once_sys_lock is not defined
-      run_once_update_docker: true
+
  when: run_once_update_docker is not defined
 - name: "start sys-bkp-docker-2-loc-everything.infinito.service"
  systemd:
    name: sys-bkp-docker-2-loc-everything.infinito.service
--- a/roles/update-pip/tasks/main.yml
+++ b/roles/update-pip/tasks/main.yml
@ -1,9 +1,7 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'dev-python-pip'
  - name: Include moved dependency 'dev-python-pip'
    include_role:
      name: dev-python-pip
-  - set_fact:
+    when: run_once_dev_python_pip is not defined
-      run_once_update_pip: true
+  - include_tasks: utils/run_once.yml
  when: run_once_update_pip is not defined
 - {}
--- a/roles/update-yay/tasks/main.yml
+++ b/roles/update-yay/tasks/main.yml
@ -1,20 +1,14 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'dev-yay'
  - name: Include moved dependency 'dev-yay'
    include_role:
      name: dev-yay
-  - set_fact:
+    when: run_once_dev_yay is not defined
-      run_once_update_yay: true
+
  when: run_once_update_yay is not defined
  - name: upgrade the system using yay, only act on AUR packages.
    become: false
    kewlfft.aur.aur:
      upgrade: yes
      use: yay
      aur_only: yes
-  when: run_once_update_yay is not defined
+  - include_tasks: utils/run_once.yml
 - name: run update yay once
  set_fact:
    run_once_update_yay: true
  when: run_once_update_yay is not defined
--- a/roles/user-administrator/tasks/01_core.yml
+++ b/roles/user-administrator/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'sys-sudo'
  block:
  - name: Include moved dependency 'sys-sudo'
  include_role:
    name: sys-sudo
-  - set_fact:
+  when: run_once_sys_sudo is not defined
-      run_once_user_administrator: true
+
  when: run_once_user_administrator is not defined
 - name: create administrator
  user:
    name: administrator
--- a/roles/util-desk-design/tasks/01_core.yml
+++ b/roles/util-desk-design/tasks/01_core.yml
@ -0,0 +1,18 @@
 - name: Include dependency 'dev-yay'
  include_role:
    name: dev-yay
  when: run_once_dev_yay is not defined
 - name: install designer tools
  community.general.pacman:
    name:
    - gimp
    - blender
    state: present
 - name: install drawio
  kewlfft.aur.aur:
    use: yay
    name:
    - drawio-desktop
  become: false
--- a/roles/util-desk-design/tasks/main.yml
+++ b/roles/util-desk-design/tasks/main.yml
@ -1,21 +1,6 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - include_tasks: 01_core.yml
  - name: Include moved dependency 'dev-yay'
    include_role:
      name: dev-yay
  - set_fact:
      run_once_util_desk_design: true
  when: run_once_util_desk_design is not defined
 - name: install designer tools
  community.general.pacman:
    name:
    - gimp
    - blender
    state: present
 - name: install drawio
  kewlfft.aur.aur:
    use: yay
    name:
    - drawio-desktop
  become: false
--- a/roles/util-desk-dev-core/tasks/main.yml
+++ b/roles/util-desk-dev-core/tasks/main.yml
@ -1,13 +1,13 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'pkgmgr'
  - name: Include moved dependency 'pkgmgr'
    include_role:
      name: pkgmgr
-  - set_fact:
+    when: run_once_pkgmgr is not defined
-      run_once_util_desk_dev_core: true
+
  when: run_once_util_desk_dev_core is not defined
  - name: install base developer tools
    community.general.pacman:
      name:
      - code
      state: present
  - include_tasks: utils/run_once.yml
  when: run_once_util_desk_dev_core is not defined
--- a/roles/util-desk-dev-python/tasks/main.yml
+++ b/roles/util-desk-dev-python/tasks/main.yml
@ -1,8 +1,7 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'dev-python-pip'
  - name: Include moved dependency 'dev-python-pip'
    include_role:
      name: dev-python-pip
-  - set_fact:
+    when: run_once_dev_python_pip is not defined
-      run_once_util_desk_dev_python: true
+  - include_tasks: utils/run_once.yml
  when: run_once_util_desk_dev_python is not defined
--- a/roles/util-dev-admin/tasks/main.yml
+++ b/roles/util-dev-admin/tasks/main.yml
@ -1,14 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - dev-gcc
    - dev-yay
-  - set_fact:
+
      run_once_util_dev_admin: true
  when: run_once_util_dev_admin is not defined
  - name: install administration tools
    community.general.pacman:
      name:
@ -17,3 +14,5 @@
      - fdupes
      - p7zip
      state: present
  - include_tasks: utils/run_once.yml
  when: run_once_util_dev_admin is not defined
--- a/roles/web-app-matrix-ansible/tasks/main.yml
+++ b/roles/web-app-matrix-ansible/tasks/main.yml
@ -1,11 +1,12 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'srv-proxy-7-4-core'
  - name: Include moved dependency 'srv-proxy-7-4-core'
    include_role:
      name: srv-proxy-7-4-core
-  - set_fact:
+    when: run_once_srv_proxy_7_4_core is not defined
-      run_once_web_app_matrix_ansible: true
+
  - include_tasks: utils/run_once.yml
  when: run_once_web_app_matrix_ansible is not defined
 - name: "include role srv-proxy-6-6-domain for {{application_id}}"
  include_role:
    name: srv-proxy-6-6-domain
--- a/roles/web-app-mig/tasks/01_core.yml
+++ b/roles/web-app-mig/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
+- name: Include dependency 'sys-cli'
  block:
  - name: Include moved dependency 'sys-cli'
  include_role:
    name: sys-cli
-  - set_fact:
+  when: run_once_sys_cli is not defined
-      run_once_web_app_mig: true
+
  when: run_once_web_app_mig is not defined
 - name: Load docker compose vars
  include_vars:
    file: roles/docker-compose/vars/docker-compose.yml
@ -14,6 +11,7 @@
 - name: Set roles volume variable
  set_fact:
    mig_roles_meta_volume: "{{ mig_docker_compose.docker_compose.directories.volumes }}/roles/"
 - name: Set roles list variable
  set_fact:
    mig_roles_meta_list: "{{ mig_roles_meta_volume }}list.json"
--- a/roles/web-app-mybb/tasks/main.yml
+++ b/roles/web-app-mybb/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'srv-proxy-7-4-core'
  - name: Include moved dependency 'srv-proxy-7-4-core'
    include_role:
      name: srv-proxy-7-4-core
-  - set_fact:
+    when: run_once_srv_proxy_7_4_core is not defined
-      run_once_web_app_mybb: true
+  - include_tasks: utils/run_once.yml
  when: run_once_web_app_mybb is not defined
 - name: "load docker and db for {{application_id}}"
  include_role:
    name: cmp-db-docker
--- a/roles/web-opt-rdr-domains/tasks/main.yml
+++ b/roles/web-opt-rdr-domains/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'srv-web-7-6-https'
  - name: Include moved dependency 'srv-web-7-6-https'
    include_role:
      name: srv-web-7-6-https
-  - set_fact:
+    when: run_once_srv_web_7_6_https is not defined
-      run_once_web_opt_rdr_domains: true
+  - include_tasks: utils/run_once.yml
  when: run_once_web_opt_rdr_domains is not defined
 - name: "Include domains redirects"
  include_tasks: redirect-domain.yml
  vars:
--- a/roles/web-opt-rdr-www/tasks/main.yml
+++ b/roles/web-opt-rdr-www/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependency 'srv-web-7-4-core'
  - name: Include moved dependency 'srv-web-7-4-core'
    include_role:
      name: srv-web-7-4-core
-  - set_fact:
+    when: run_once_srv_web_7_4_core is not defined
-      run_once_web_opt_rdr_www: true
+  - include_tasks: utils/run_once.yml
  when: run_once_web_opt_rdr_www is not defined
 - name: Filter www-prefixed domains from current_play_domains_all
  set_fact:
    www_domains: "{{ current_play_domains_all | select('match', '^www\\.') | list }}"
--- a/roles/web-svc-cdn/tasks/01_core.yml
+++ b/roles/web-svc-cdn/tasks/01_core.yml
@ -0,0 +1,19 @@
 - name: Include dependencies
  include_role:
    name: '{{ item }}'
  loop:
  - srv-web-7-6-https
  - dev-git
 - name: "include role for {{application_id}} to receive certs & do modification routines"
  include_role:
    name: srv-web-7-6-composer
  vars:
    domain: "{{ domains | get_domain(application_id) }}"
    http_port: "{{ ports.localhost.http[application_id] }}"
 - name: "generate {{domains | get_domain(application_id)}}.conf"
  template:
    src: "nginx.conf.j2"
    dest: "{{ nginx.directories.http.servers }}{{ domains | get_domain(application_id) }}.conf"
  notify: restart openresty
--- a/roles/web-svc-cdn/tasks/main.yml
+++ b/roles/web-svc-cdn/tasks/main.yml
@ -1,28 +1,5 @@
 - name: Load former meta dependencies once
  block:
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - srv-web-7-6-https
    - dev-git
  - set_fact:
      run_once_web_svc_cdn: true
  when: run_once_web_svc_cdn is not defined
 - block:
-  - name: "include role for {{application_id}} to receive certs & do modification routines"
+  - include_tasks: 01_core.yml
    include_role:
      name: srv-web-7-6-composer
    vars:
      domain: "{{ domains | get_domain(application_id) }}"
      http_port: "{{ ports.localhost.http[application_id] }}"
  - name: "generate {{domains | get_domain(application_id)}}.conf"
    template:
      src: "nginx.conf.j2"
      dest: "{{ nginx.directories.http.servers }}{{ domains | get_domain(application_id) }}.conf"
    notify: restart openresty
  - include_tasks: utils/run_once.yml
  when: run_once_web_svc_cdn is not defined
--- a/roles/web-svc-file/tasks/main.yml
+++ b/roles/web-svc-file/tasks/main.yml
@ -1,14 +1,13 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - srv-web-7-6-https
    - dev-git
-  - set_fact:
+  - include_tasks: utils/run_once.yml
      run_once_web_svc_file: true
  when: run_once_web_svc_file is not defined
 - name: "include role for {{application_id}} to receive certs & do modification routines"
  include_role:
    name: srv-web-7-6-composer
--- a/roles/web-svc-html/tasks/main.yml
+++ b/roles/web-svc-html/tasks/main.yml
@ -1,14 +1,13 @@
- name: Load former meta dependencies once
+- block:
-  block:
+  - name: Include dependencies
  - name: Include moved dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - srv-web-7-6-https
    - dev-git
-  - set_fact:
+  - include_tasks: utils/run_once.yml
      run_once_web_svc_html: true
  when: run_once_web_svc_html is not defined
 - name: "include role for {{application_id}} to receive certs & do modification routines"
  include_role:
    name: srv-web-7-6-composer