Replaced depenencies by includes for performance reasons

2025-08-15 08:30:46 +02:00 · 2025-08-12 03:08:33 +02:00 · 2025-08-12 03:08:33 +02:00 · 1a42e8bd14
commit 1a42e8bd14
parent 8634b5e1b3
89 changed files with 716 additions and 830 deletions
--- a/roles/desk-gnome-caffeine/tasks/01_core.yml
+++ b/roles/desk-gnome-caffeine/tasks/01_core.yml
@ -0,0 +1,21 @@
+- name: Include dependency 'dev-yay'
+  include_role:
+    name: dev-yay
+  when: run_once_dev_yay is not defined
+
+- name: Install caffeine
+  kewlfft.aur.aur:
+    use: yay
+    name:
+    - caffeine-ng
+  become: false
+
+- name: Create autostart directory if it doesn't exist
+  file:
+    path: "{{auto_start_directory}}"
+    state: directory
+
+- name: Copy caffeine.desktop file to autostart directory
+  template:
+    src: caffeine.desktop.j2
+    dest: "{{auto_start_directory}}caffeine.desktop"
--- a/roles/desk-gnome-caffeine/tasks/main.yml
+++ b/roles/desk-gnome-caffeine/tasks/main.yml
@ -1,24 +1,4 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-yay'
-    include_role:
-      name: dev-yay
-  - set_fact:
-      run_once_desk_gnome_caffeine: true
+- block:
+  - include_tasks: 01_core.yml
+  - include_tasks: utils/run_once.yml
  when: run_once_desk_gnome_caffeine is not defined
- name: Install caffeine
-  kewlfft.aur.aur:
-    use: yay
-    name:
-    - caffeine-ng
-  become: false
-
- name: Create autostart directory if it doesn't exist
-  file:
-    path: "{{auto_start_directory}}"
-    state: directory
-
- name: Copy caffeine.desktop file to autostart directory
-  template:
-    src: caffeine.desktop.j2
-    dest: "{{auto_start_directory}}caffeine.desktop"
--- a/roles/desk-qbittorrent/tasks/main.yml
+++ b/roles/desk-qbittorrent/tasks/main.yml
@ -1,13 +1,14 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-yay'
+- block:
+
+  - name: Include dependency 'dev-yay'
    include_role:
      name: dev-yay
-  - set_fact:
-      run_once_desk_qbittorrent: true
+    when: run_once_dev_yay is not defined
+
+  - name: install torrent software
+    kewlfft.aur.aur:
+      use: yay
+      name:
+      - qbittorrent
+  - include_tasks: utils/run_once.yml
  when: run_once_desk_qbittorrent is not defined
- name: install torrent software
-  kewlfft.aur.aur:
-    use: yay
-    name:
-    - qbittorrent
--- a/roles/desk-spotify/tasks/main.yml
+++ b/roles/desk-spotify/tasks/main.yml
@ -1,13 +1,13 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-yay'
+- block:
+  - name: Include dependency 'dev-yay'
    include_role:
      name: dev-yay
-  - set_fact:
-      run_once_desk_spotify: true
+    when: run_once_dev_yay is not defined
+
+  - name: install spotify
+    kewlfft.aur.aur:
+      use: yay
+      name:
+      - spotify
+  - include_tasks: utils/run_once.yml
  when: run_once_desk_spotify is not defined
- name: install spotify
-  kewlfft.aur.aur:
-    use: yay
-    name:
-    - spotify
--- a/roles/desk-ssh/tasks/01_core.yml
+++ b/roles/desk-ssh/tasks/01_core.yml
@ -0,0 +1,51 @@
+- name: Include dependency 'dev-shell'
+  include_role:
+    name: dev-shell
+  when: run_once_dev_shell is not defined
+
+- name: pull ssh repository from {{desk_ssh_repository}}
+  git:
+    repo: "{{desk_ssh_repository}}"
+    dest: "$HOME/.ssh"
+    update: yes
+  register: git_result
+  ignore_errors: true
+  become: false
+
+- name: Warn if repo is not reachable
+  debug:
+    msg: "Warning: Repository is not reachable."
+  when: git_result.failed and enable_debug | bool
+
+- name: Ensure systemd user directory exists
+  file:
+    path: "$HOME/.config/systemd/user"
+    state: directory
+    mode: "0700"
+  become: false
+
+- name: Deploy ssh-agent systemd unit file
+  template:
+    src: ssh-agent.service.j2
+    dest: "$HOME/.config/systemd/user/ssh-agent.service"
+    mode: "0644"
+  become: false
+
+- name: Enable and start ssh-agent service
+  systemd:
+    name: ssh-agent.service
+    scope: user
+    enabled: true
+    state: started
+    daemon_reload: true
+  become: false
+
+- name: Ensure ~/.profile exists with common environment
+  lineinfile:
+    path: "$HOME/.profile"
+    line: 'export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"'
+    insertafter: EOF
+    state: present
+    create: yes
+    mode: "0644"
+  become: false
--- a/roles/desk-ssh/tasks/main.yml
+++ b/roles/desk-ssh/tasks/main.yml
@ -1,54 +1,4 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-shell'
-    include_role:
-      name: dev-shell
-  - set_fact:
-      run_once_desk_ssh: true
+- block:
+  - include_tasks: 01_core.yml
+  - include_tasks: utils/run_once.yml
  when: run_once_desk_ssh is not defined
- name: pull ssh repository from {{desk_ssh_repository}}
-  git:
-    repo: "{{desk_ssh_repository}}"
-    dest: "$HOME/.ssh"
-    update: yes
-  register: git_result
-  ignore_errors: true
-  become: false
-
- name: Warn if repo is not reachable
-  debug:
-    msg: "Warning: Repository is not reachable."
-  when: git_result.failed and enable_debug | bool
-
- name: Ensure systemd user directory exists
-  file:
-    path: "$HOME/.config/systemd/user"
-    state: directory
-    mode: "0700"
-  become: false
-
- name: Deploy ssh-agent systemd unit file
-  template:
-    src: ssh-agent.service.j2
-    dest: "$HOME/.config/systemd/user/ssh-agent.service"
-    mode: "0644"
-  become: false
-
- name: Enable and start ssh-agent service
-  systemd:
-    name: ssh-agent.service
-    scope: user
-    enabled: true
-    state: started
-    daemon_reload: true
-  become: false
-
- name: Ensure ~/.profile exists with common environment
-  lineinfile:
-    path: "$HOME/.profile"
-    line: 'export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"'
-    insertafter: EOF
-    state: present
-    create: yes
-    mode: "0644"
-  become: false
--- a/roles/desk-zoom/tasks/main.yml
+++ b/roles/desk-zoom/tasks/main.yml
@ -1,14 +1,13 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-yay'
+- block:
+  - name: Include dependency 'dev-yay'
    include_role:
      name: dev-yay
-  - set_fact:
-      run_once_desk_zoom: true
+
+  - name: install video conference software
+    kewlfft.aur.aur:
+      use: yay
+      name:
+      - zoom
+    become: false
+  - include_tasks: utils/run_once.yml
  when: run_once_desk_zoom is not defined
- name: install video conference software
-  kewlfft.aur.aur:
-    use: yay
-    name:
-    - zoom
-  become: false
--- a/roles/dev-gcc/tasks/main.yml
+++ b/roles/dev-gcc/tasks/main.yml
@ -1,6 +1,10 @@
 ---
- name: Install GCC
-  community.general.pacman:
-    name: gcc
-    state: present
-    update_cache: yes
+- block:
+  - name: Install GCC
+    community.general.pacman:
+      name: gcc
+      state: present
+      update_cache: yes
+  - set_fact:
+      run_once_dev_gcc: true
+  when: run_once_dev_gcc is not defined
--- a/roles/dev-python-pip/tasks/main.yml
+++ b/roles/dev-python-pip/tasks/main.yml
@ -1,18 +1,14 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-gcc'
-    include_role:
-      name: dev-gcc
-  - set_fact:
-      run_once_dev_python_pip: true
-  when: run_once_dev_python_pip is not defined
- name: python pip install
-  community.general.pacman:
-    name: python-pip
-    state: present
-  when: run_once_dev_python_pip is not defined
+- block:
+
+  - include_role:
+      name: dev-gcc
+    when: run_once_dev_gcc is not defined
+
+  - name: python pip install
+    community.general.pacman:
+      name: python-pip
+      state: present
+
+  - include_tasks: utils/run_once.yml

- name: run the python_pip tasks once
-  set_fact:
-    run_once_dev_python_pip: true
  when: run_once_dev_python_pip is not defined
--- a/roles/dev-shell/tasks/main.yml
+++ b/roles/dev-shell/tasks/main.yml
@ -1,20 +1,25 @@
 ---
- name: Ensure ~/.bash_profile sources ~/.profile
-  lineinfile:
-    path: "$HOME/.bash_profile"
-    line: '[ -f ~/.profile ] && . ~/.profile'
-    insertafter: EOF
-    state: present
-    create: yes
-    mode: "0644"
-  become: false
+- block:
+  - name: Ensure ~/.bash_profile sources ~/.profile
+    lineinfile:
+      path: "$HOME/.bash_profile"
+      line: '[ -f ~/.profile ] && . ~/.profile'
+      insertafter: EOF
+      state: present
+      create: yes
+      mode: "0644"
+    become: false

- name: Ensure ~/.zprofile sources ~/.profile
-  lineinfile:
-    path: "$HOME/.zprofile"
-    line: '[ -f ~/.profile ] && . ~/.profile'
-    insertafter: EOF
-    state: present
-    create: yes
-    mode: "0644"
-  become: false
+  - name: Ensure ~/.zprofile sources ~/.profile
+    lineinfile:
+      path: "$HOME/.zprofile"
+      line: '[ -f ~/.profile ] && . ~/.profile'
+      insertafter: EOF
+      state: present
+      create: yes
+      mode: "0644"
+    become: false
+
+  - set_fact:
+      run_once_dev_shell: true
+  when: run_once_dev_shell is not defined
--- a/roles/dev-yay/tasks/01_core.yml
+++ b/roles/dev-yay/tasks/01_core.yml
@ -0,0 +1,47 @@
+- name: Include dependencies
+  include_role:
+    name: '{{ item }}'
+  loop:
+  - dev-fakeroot
+  - dev-git
+  - dev-base-devel
+
+- name: install yay
+  community.general.pacman:
+    name:
+    - base-devel
+    - patch
+    state: present
+
+- name: Create the `aur_builder` user
+  become: true
+  ansible.builtin.user:
+    name: aur_builder
+    create_home: yes
+    group: wheel
+
+- name: Allow the `aur_builder` user to run `sudo pacman` without a password
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/sudoers.d/11-install-aur_builder
+    line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
+    create: yes
+    validate: 'visudo -cf %s'
+
+- name: Clone yay from AUR
+  become: true
+  become_user: aur_builder
+  git:
+    repo: https://aur.archlinux.org/yay.git
+    dest: /home/aur_builder/yay
+    clone: yes
+    update: yes
+
+- name: Build and install yay
+  become: true
+  become_user: aur_builder
+  shell: |
+    cd /home/aur_builder/yay
+    makepkg -si --noconfirm
+  args:
+    creates: /usr/bin/yay
--- a/roles/dev-yay/tasks/main.yml
+++ b/roles/dev-yay/tasks/main.yml
@ -1,51 +1,5 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - dev-fakeroot
-    - dev-git
-    - dev-base-devel
+- block:
+  - include_tasks: 01_core.yml
  - set_fact:
      run_once_dev_yay: true
  when: run_once_dev_yay is not defined
- name: install yay
-  community.general.pacman:
-    name:
-    - base-devel
-    - patch
-    state: present
-
- name: Create the `aur_builder` user
-  become: true
-  ansible.builtin.user:
-    name: aur_builder
-    create_home: yes
-    group: wheel
-
- name: Allow the `aur_builder` user to run `sudo pacman` without a password
-  become: true
-  ansible.builtin.lineinfile:
-    path: /etc/sudoers.d/11-install-aur_builder
-    line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
-    create: yes
-    validate: 'visudo -cf %s'
-
- name: Clone yay from AUR
-  become: true
-  become_user: aur_builder
-  git:
-    repo: https://aur.archlinux.org/yay.git
-    dest: /home/aur_builder/yay
-    clone: yes
-    update: yes
-
- name: Build and install yay
-  become: true
-  become_user: aur_builder
-  shell: |
-    cd /home/aur_builder/yay
-    makepkg -si --noconfirm
-  args:
-    creates: /usr/bin/yay
--- a/roles/docker-compose/tasks/main.yml
+++ b/roles/docker-compose/tasks/main.yml
@ -1,11 +1,10 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'docker-container'
-    include_role:
+- block:
+  - include_role:
      name: docker-container
-  - set_fact:
-      run_once_docker_compose: true
+    when: run_once_docker_container is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_docker_compose is not defined
+
 - name: "Load variables from {{ docker_compose_variable_file }} for whole play"
  include_vars: "{{ docker_compose_variable_file }}"

--- a/roles/docker-container/tasks/main.yml
+++ b/roles/docker-container/tasks/main.yml
@ -1,8 +1,6 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'docker-core'
-    include_role:
+- block:
+  - include_role:
      name: docker-core
-  - set_fact:
-      run_once_docker_container: true
+    when: run_once_docker_core is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_docker_container is not defined
--- a/roles/drv-epson-multiprinter/tasks/01_core.yml
+++ b/roles/drv-epson-multiprinter/tasks/01_core.yml
@ -0,0 +1,19 @@
+- name: Include dependency 'dev-yay'
+  include_role:
+    name: dev-yay
+  when: run_once_dev_yay is not defined
+
+- name: install AUR packages for epson
+  kewlfft.aur.aur:
+    use: yay
+    name:
+    - epson-printer-utility
+    - imagescan-plugin-networkscan
+    - epson-inkjet-printer-escpr
+    - epson-inkjet-printer-escpr2
+  become: false
+
+- name: install imagescan
+  community.general.pacman:
+    name: imagescan
+    state: present
--- a/roles/drv-epson-multiprinter/tasks/main.yml
+++ b/roles/drv-epson-multiprinter/tasks/main.yml
@ -1,21 +1,5 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-yay'
-    include_role:
-      name: dev-yay
+- block:
+  - include_tasks: 01_core.yml
  - set_fact:
      run_once_drv_epson_multiprinter: true
  when: run_once_drv_epson_multiprinter is not defined
- name: install AUR packages for epson
-  kewlfft.aur.aur:
-    use: yay
-    name:
-    - epson-printer-utility
-    - imagescan-plugin-networkscan
-    - epson-inkjet-printer-escpr
-    - epson-inkjet-printer-escpr2
-  become: false
- name: install imagescan
-  community.general.pacman:
-    name: imagescan
-    state: present
--- a/roles/drv-msi-keyboard-color/tasks/01_core.yml
+++ b/roles/drv-msi-keyboard-color/tasks/01_core.yml
@ -0,0 +1,38 @@
+- include_role:
+    name: '{{ item }}'
+  loop:
+  - dev-yay
+  - sys-alm-compose
+
+- name: Install MSI packages
+  kewlfft.aur.aur:
+    use: yay
+    name:
+    - msi-perkeyrgb
+
+- name: Copy keyboard_color.sh script
+  copy:
+    src: keyboard_color.py
+    dest: /opt/keyboard_color.py
+    mode: 0755
+
+- name: Copy keyboard-color.infinito.service file
+  template:
+    src: keyboard-color.service.j2
+    dest: /etc/systemd/system/keyboard-color.infinito.service
+    mode: 0644
+
+- name: Reload systemd daemon
+  systemd:
+    daemon_reload: yes
+
+- name: "set 'service_name' to '{{ role_name }}'"
+  set_fact:
+    service_name: "{{ role_name }}"
+
+- name: "include role for sys-timer for {{service_name}}"
+  include_role:
+    name: sys-timer
+  vars:
+    on_calendar: "{{on_calendar_msi_keyboard_color}}"
+    persistent: "true"
--- a/roles/drv-msi-keyboard-color/tasks/main.yml
+++ b/roles/drv-msi-keyboard-color/tasks/main.yml
@ -1,43 +1,5 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - dev-yay
-    - sys-alm-compose
+- block:
+  - include_tasks: 01_core.yml
  - set_fact:
      run_once_drv_msi_keyboard_color: true
  when: run_once_drv_msi_keyboard_color is not defined
- name: Install MSI packages
-  kewlfft.aur.aur:
-    use: yay
-    name:
-    - msi-perkeyrgb
-
- name: Copy keyboard_color.sh script
-  copy:
-    src: keyboard_color.py
-    dest: /opt/keyboard_color.py
-    mode: 0755
-
- name: Copy keyboard-color.infinito.service file
-  template:
-    src: keyboard-color.service.j2
-    dest: /etc/systemd/system/keyboard-color.infinito.service
-    mode: 0644
-
- name: Reload systemd daemon
-  systemd:
-    daemon_reload: yes
-
- name: "set 'service_name' to '{{ role_name }}'"
-  set_fact:
-    service_name: "{{ role_name }}"
-
- name: "include role for sys-timer for {{service_name}}"
-  include_role:
-    name: sys-timer
-  vars:
-    on_calendar: "{{on_calendar_msi_keyboard_color}}"
-    persistent: "true"
--- a/roles/pkgmgr-install/tasks/01_core.yml
+++ b/roles/pkgmgr-install/tasks/01_core.yml
@ -0,0 +1,9 @@
+- name: Include dependency 'pkgmgr'
+  include_role:
+    name: pkgmgr
+  when: run_once_pkgmgr is not defined
+
+- name: update pkgmgr
+  shell: |
+    source ~/.venvs/pkgmgr/bin/activate
+    pkgmgr update pkgmgr
--- a/roles/pkgmgr-install/tasks/main.yml
+++ b/roles/pkgmgr-install/tasks/main.yml
@ -1,16 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'pkgmgr'
-    include_role:
-      name: pkgmgr
+- block:
+  - include_tasks: 01_core.yml
  - set_fact:
      run_once_pkgmgr_install: true
  when: run_once_pkgmgr_install is not defined
- name: update pkgmgr
-  shell: |
-    source ~/.venvs/pkgmgr/bin/activate
-    pkgmgr update pkgmgr
-  when: run_once_pkgmgr_install is not defined

 - name: update {{ package_name }}
  shell: |
@ -21,7 +13,3 @@
  changed_when: "'No command defined and neither main.sh nor main.py found' not in pkgmgr_update_result.stdout"
  failed_when: pkgmgr_update_result.rc != 0 and 'No command defined and neither main.sh nor main.py found' not in pkgmgr_update_result.stdout

- name: mark pkgmgr update as done
-  set_fact:
-    run_once_pkgmgr_install: true
-  when: run_once_pkgmgr_install is not defined
--- a/roles/pkgmgr/tasks/01_core.yml
+++ b/roles/pkgmgr/tasks/01_core.yml
@ -1,15 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - dev-git
-    - dev-make
-    - dev-python-yaml
-  - set_fact:
-      run_once_pkgmgr: true
-  when: run_once_pkgmgr is not defined
+- name: Include dependencies
+  include_role:
+    name: '{{ item }}'
+  loop:
+  - dev-git
+  - dev-make
+  - dev-python-yaml
+
 - name: Ensure GitHub host key is in known_hosts
  known_hosts:
    path: "~/.ssh/known_hosts"
--- a/roles/srv-proxy-6-6-domain/tasks/main.yml
+++ b/roles/srv-proxy-6-6-domain/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-proxy-7-4-core'
+- block:
+  - name: Include dependency 'srv-proxy-7-4-core'
    include_role:
      name: srv-proxy-7-4-core
-  - set_fact:
-      run_once_srv_proxy_6_6_domain: true
+    when: run_once_srv_proxy_7_4_core is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_proxy_6_6_domain is not defined
+
 - include_tasks: "01_cloudflare.yml"
  when: dns_provider == "cloudflare"

--- a/roles/srv-proxy-6-6-tls-deploy/tasks/01_core.yml
+++ b/roles/srv-proxy-6-6-tls-deploy/tasks/01_core.yml
@ -0,0 +1,10 @@
+- name: Include dependency 'sys-alm-compose'
+  include_role:
+    name: sys-alm-compose
+  when: run_once_sys_alm_compose is not defined
+
+- name: add srv-proxy-6-6-tls-deploy.sh
+  template:
+    src: "srv-proxy-6-6-tls-deploy.sh.j2"
+    dest: "{{nginx_docker_cert_deploy_script}}"
+  notify: restart srv-proxy-6-6-tls-deploy.infinito.service
--- a/roles/srv-proxy-6-6-tls-deploy/tasks/main.yml
+++ b/roles/srv-proxy-6-6-tls-deploy/tasks/main.yml
@ -1,17 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-alm-compose'
-    include_role:
-      name: sys-alm-compose
+- block:
+  - include_tasks: 01_core.yml
  - set_fact:
      run_once_srv_proxy_6_6_tls_deploy: true
  when: run_once_srv_proxy_6_6_tls_deploy is not defined
- name: add srv-proxy-6-6-tls-deploy.sh
-  template:
-    src: "srv-proxy-6-6-tls-deploy.sh.j2"
-    dest: "{{nginx_docker_cert_deploy_script}}"
-  when: run_once_srv_proxy_6_6_tls_deploy is not defined
-  notify: restart srv-proxy-6-6-tls-deploy.infinito.service

 - name: "create {{cert_mount_directory}}"
  file:
@ -34,7 +25,3 @@
    service_name: "srv-proxy-6-6-tls-deploy.{{application_id}}"
    persistent: "true"

- name: run the run_once_srv_proxy_6_6_tls_deploy tasks once
-  set_fact:
-    run_once_srv_proxy_6_6_tls_deploy: true
-  when: run_once_srv_proxy_6_6_tls_deploy is not defined
--- a/roles/srv-proxy-7-4-core/tasks/main.yml
+++ b/roles/srv-proxy-7-4-core/tasks/main.yml
@ -1,11 +1,9 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - srv-web-7-6-https
    - srv-web-7-4-core
-  - set_fact:
-      run_once_srv_proxy_7_4_core: true
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_proxy_7_4_core is not defined
--- a/roles/srv-web-6-6-tls-core/tasks/main.yml
+++ b/roles/srv-web-6-6-tls-core/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-web-7-6-https'
+- block:
+  - name: Include dependency 'srv-web-7-6-https'
    include_role:
      name: srv-web-7-6-https
-  - set_fact:
-      run_once_srv_web_6_6_tls_core: true
+    when: run_once_srv_web_7_6_https is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_6_6_tls_core is not defined
+
 - name: "Include flavor '{{ certbot_flavor }}' for '{{ domain }}'"
  include_tasks: "{{ role_path }}/tasks/flavors/{{ certbot_flavor }}.yml"

--- a/roles/srv-web-6-6-tls-renew/tasks/01_core.yml
+++ b/roles/srv-web-6-6-tls-renew/tasks/01_core.yml
@ -1,15 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - srv-web-7-7-certbot
-    - srv-web-7-4-core
-    - sys-alm-compose
-  - set_fact:
-      run_once_srv_web_6_6_tls_renew: true
-  when: run_once_srv_web_6_6_tls_renew is not defined
+- name: Include dependencies
+  include_role:
+    name: '{{ item }}'
+  loop:
+  - srv-web-7-7-certbot
+  - srv-web-7-4-core
+  - sys-alm-compose
+
 - name: install certbot
  community.general.pacman:
    name:
--- a/roles/srv-web-7-6-https/tasks/main.yml
+++ b/roles/srv-web-7-6-https/tasks/main.yml
@ -1,12 +1,10 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - srv-web-7-4-core
    - sys-cln-domains
    - srv-web-7-7-letsencrypt
-  - set_fact:
-      run_once_srv_web_7_6_https: true
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_6_https is not defined
--- a/roles/srv-web-7-7-inj-compose/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-compose/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-web-7-4-core'
+- block:
+  - name: Include dependency 'srv-web-7-4-core'
    include_role:
      name: srv-web-7-4-core
-  - set_fact:
-      run_once_srv_web_7_7_inj_compose: true
+    when: run_once_srv_web_7_4_core is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_7_inj_compose is not defined
+
 - name: Set inj_enabled dictionary
  set_fact:
    inj_enabled:
--- a/roles/srv-web-7-7-inj-css/tasks/01_core.yml
+++ b/roles/srv-web-7-7-inj-css/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-web-7-4-core'
-    include_role:
-      name: srv-web-7-4-core
-  - set_fact:
-      run_once_srv_web_7_7_inj_css: true
-  when: run_once_srv_web_7_7_inj_css is not defined
+- name: Include dependency 'srv-web-7-4-core'
+  include_role:
+    name: srv-web-7-4-core
+  when: run_once_srv_web_7_4_core is not defined
+
 - name: Generate color palette with colorscheme-generator
  set_fact:
    color_palette: "{{ lookup('colorscheme', global_css_base_color, count=global_css_count, shades=global_css_shades) }}"
--- a/roles/srv-web-7-7-inj-javascript/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-javascript/tasks/main.yml
@ -1,11 +1,12 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-web-7-4-core'
+- block:
+
+  - name: Include dependency 'srv-web-7-4-core'
    include_role:
      name: srv-web-7-4-core
-  - set_fact:
-      run_once_srv_web_7_7_inj_javascript: true
+    when: run_once_srv_web_7_4_core is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_7_inj_javascript is not defined
+
 - name: "Load JavaScript code for '{{ application_id }}'"
  set_fact:
    javascript_code: "{{ lookup('template', modifier_javascript_template_file) }}"
--- a/roles/srv-web-7-7-inj-logout/tasks/01_core.yml
+++ b/roles/srv-web-7-7-inj-logout/tasks/01_core.yml
@ -0,0 +1,8 @@
+- name: Include dependency 'srv-web-7-4-core'
+  include_role:
+    name: srv-web-7-4-core
+  when: 
+    - run_once_srv_web_7_4_core is not defined
+  
+- name: "deploy the logout.js"
+  include_tasks: "deploy.yml"
--- a/roles/srv-web-7-7-inj-logout/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-logout/tasks/main.yml
@ -1,14 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-web-7-4-core'
-    include_role:
-      name: srv-web-7-4-core
+- block:
+  - include_tasks: 01_core.yml
  - set_fact:
      run_once_srv_web_7_7_inj_logout: true
  when: run_once_srv_web_7_7_inj_logout is not defined
- name: "deploy the logout.js"
-  include_tasks: "deploy.yml"
-  when: run_once_srv_web_7_7_inj_logout is not defined

 - name: "Load logout code for '{{ application_id }}'"
  set_fact:
@ -22,8 +16,3 @@
  set_fact:
    applications: "{{ applications | append_csp_hash(application_id, logout_code_one_liner) }}"
  changed_when: false
-
- name: mark js as deployed
-  set_fact:
-    run_once_srv_web_7_7_inj_logout: true
-  when: run_once_srv_web_7_7_inj_logout is not defined
--- a/roles/srv-web-7-7-inj-matomo/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-matomo/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-web-7-4-core'
+- block:
+  - name: Include dependency 'srv-web-7-4-core'
    include_role:
      name: srv-web-7-4-core
-  - set_fact:
-      run_once_srv_web_7_7_inj_matomo: true
+    when: run_once_srv_web_7_4_core is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_7_inj_matomo is not defined
+
 - name: "Relevant variables for role: {{ role_path | basename }}"
  debug:
    msg:
--- a/roles/srv-web-7-7-inj-port-ui-desktop/tasks/main.yml
+++ b/roles/srv-web-7-7-inj-port-ui-desktop/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-web-7-4-core'
+- block:
+  - name: Include dependency 'srv-web-7-4-core'
    include_role:
      name: srv-web-7-4-core
-  - set_fact:
-      run_once_srv_web_7_7_inj_port_ui_desktop: true
+    when: run_once_srv_web_7_4_core is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_7_inj_port_ui_desktop is not defined
+
 - name: "Load iFrame handler JS template for '{{ application_id }}'"
  set_fact:
    iframe_code: "{{ lookup('template','iframe-handler.js.j2') }}"
--- a/roles/srv-web-7-7-letsencrypt/tasks/01_core.yml
+++ b/roles/srv-web-7-7-letsencrypt/tasks/01_core.yml
@ -0,0 +1,14 @@
+  - name: Include dependency 'srv-web-6-6-tls-renew'
+    include_role:
+      name: srv-web-6-6-tls-renew
+    when: run_once_srv_web_6_6_tls_renew is not defined
+
+  - name: create nginx letsencrypt config file
+    template:
+      src: "letsencrypt.conf.j2"
+      dest: "{{nginx.directories.http.global}}letsencrypt.conf"
+    notify: restart openresty
+
+  - name: "Set CAA records for all base domains"
+    include_tasks: 01_set-caa-records.yml
+    when: dns_provider == 'cloudflare'
--- a/roles/srv-web-7-7-letsencrypt/tasks/main.yml
+++ b/roles/srv-web-7-7-letsencrypt/tasks/main.yml
@ -1,21 +1,4 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-web-6-6-tls-renew'
-    include_role:
-      name: srv-web-6-6-tls-renew
-  - set_fact:
-      run_once_srv_web_7_7_letsencrypt: true
-  when: run_once_srv_web_7_7_letsencrypt is not defined
 - block:
-  - name: create nginx letsencrypt config file
-    template:
-      src: "letsencrypt.conf.j2"
-      dest: "{{nginx.directories.http.global}}letsencrypt.conf"
-    notify: restart openresty
-
-  - name: "Set CAA records for all base domains"
-    include_tasks: 01_set-caa-records.yml
-    when: dns_provider == 'cloudflare'
-
+  - include_tasks: 01_core.yml
  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_7_letsencrypt is not defined
--- a/roles/svc-bkp-loc-2-usb/tasks/main.yml
+++ b/roles/svc-bkp-loc-2-usb/tasks/main.yml
@ -1,14 +1,13 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - sys-cln-bkps-service
    - sys-lock
-  - set_fact:
-      run_once_svc_bkp_loc_2_usb: true
+  - include_tasks: utils/run_once.yml
  when: run_once_svc_bkp_loc_2_usb is not defined
+
 - name: Fail if any backup_to_usb variable is empty
  assert:
    that:
--- a/roles/svc-bkp-rmt-2-loc/tasks/main.yml
+++ b/roles/svc-bkp-rmt-2-loc/tasks/main.yml
@ -1,6 +1,5 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
@ -9,9 +8,9 @@
    - sys-lock
    - user-root
    - sys-rst-daemon
-  - set_fact:
-      run_once_svc_bkp_rmt_2_loc: true
+  - include_tasks: utils/run_once.yml
  when: run_once_svc_bkp_rmt_2_loc is not defined
+
 - name: "create {{docker_backup_remote_to_local_folder}}"
  file:
    path: "{{docker_backup_remote_to_local_folder}}"
--- a/roles/svc-db-postgres/tasks/01_core.yml
+++ b/roles/svc-db-postgres/tasks/01_core.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'docker-core'
+- block:
+  - name: Include dependency 'docker-core'
    include_role:
      name: docker-core
-  - set_fact:
-      run_once_svc_db_postgres: true
+    when: run_once_docker_core is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_svc_db_postgres is not defined
+
 - name: Create Docker network for PostgreSQL
  community.docker.docker_network:
    name: "{{ postgres_network_name }}"
--- a/roles/svc-opt-swapfile/tasks/main.yml
+++ b/roles/svc-opt-swapfile/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'pkgmgr-install'
+- block:
+  - name: Include dependency 'pkgmgr-install'
    include_role:
      name: pkgmgr-install
-  - set_fact:
-      run_once_svc_opt_swapfile: true
+    when: run_once_pkgmgr_install is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_svc_opt_swapfile is not defined
+
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-alm-compose/tasks/main.yml
+++ b/roles/sys-alm-compose/tasks/main.yml
@ -1,22 +1,14 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - sys-alm-telegram
    - sys-alm-email
-  - set_fact:
-      run_once_sys_alm_compose: true
-  when: run_once_sys_alm_compose is not defined
- name: configure sys-alm-compose.infinito@.service
-  template:
-    src: sys-alm-compose@.service.j2
-    dest: "/etc/systemd/system/sys-alm-compose.infinito@.service"
-  notify: "restart sys-alm-compose service"
-  when: run_once_sys_alm_compose is not defined
-
- name: run the systemd_notifier_service tasks once
-  set_fact:
-    run_once_sys_alm_compose: true
+  - name: configure sys-alm-compose.infinito@.service
+    template:
+      src: sys-alm-compose@.service.j2
+      dest: "/etc/systemd/system/sys-alm-compose.infinito@.service"
+    notify: "restart sys-alm-compose service"
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_alm_compose is not defined
--- a/roles/sys-alm-email/tasks/01_core.yml
+++ b/roles/sys-alm-email/tasks/01_core.yml
@ -1,14 +1,10 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - sys-svc-msmtp
-    - sys-rst-daemon
-  - set_fact:
-      run_once_sys_alm_email: true
-  when: run_once_sys_alm_email is not defined
+- name: Include dependencies
+  include_role:
+    name: '{{ item }}'
+  loop:
+  - sys-svc-msmtp
+  - sys-rst-daemon
+
 - name: "create {{systemd_notifier_email_folder}}"
  file:
    path: "{{systemd_notifier_email_folder}}"
--- a/roles/sys-alm-telegram/tasks/01_core.yml
+++ b/roles/sys-alm-telegram/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-rst-daemon'
-    include_role:
-      name: sys-rst-daemon
-  - set_fact:
-      run_once_sys_alm_telegram: true
-  when: run_once_sys_alm_telegram is not defined
+- name: Include dependency 'sys-rst-daemon'
+  include_role:
+    name: sys-rst-daemon
+  when: run_once_sys_rst_daemon is not defined
+
 - name: Fail if Telegram bot credentials are not set
  assert:
    that:
--- a/roles/sys-bkp-docker-2-loc/tasks/01_core.yml
+++ b/roles/sys-bkp-docker-2-loc/tasks/01_core.yml
@ -1,16 +1,12 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - sys-bkp-provider
-    - sys-alm-compose
-    - sys-lock
-    - sys-bkp-directory-validator
-  - set_fact:
-      run_once_sys_bkp_docker_2_loc: true
-  when: run_once_sys_bkp_docker_2_loc is not defined
+- name: Include dependencies
+  include_role:
+    name: '{{ item }}'
+  loop:
+  - sys-bkp-provider
+  - sys-alm-compose
+  - sys-lock
+  - sys-bkp-directory-validator
+
 - include_tasks: 02_pkgmgr_routines.yml
  when: backup_docker_to_local_folder is not defined

--- a/roles/sys-bkp-provider/tasks/main.yml
+++ b/roles/sys-bkp-provider/tasks/main.yml
@ -1,11 +1,9 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - sys-bkp-provider-user
    - sys-cln-bkps-timer
-  - set_fact:
-      run_once_sys_bkp_provider: true
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_bkp_provider is not defined
--- a/roles/sys-cli/tasks/main.yml
+++ b/roles/sys-cli/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-yay'
+- block:
+  - name: Include dependency 'dev-yay'
    include_role:
      name: dev-yay
-  - set_fact:
-      run_once_sys_cli: true
+    when: run_once_dev_yay is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_cli is not defined
+
 - name: "pkgmgr install infinito"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-cln-bkps-service/tasks/01_core.yml
+++ b/roles/sys-cln-bkps-service/tasks/01_core.yml
@ -1,16 +1,12 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - dev-python-pip
-    - sys-alm-compose
-    - sys-lock
-    - sys-rst-daemon
-  - set_fact:
-      run_once_sys_cln_bkps_service: true
-  when: run_once_sys_cln_bkps_service is not defined
+- name: Include dependencies
+  include_role:
+    name: '{{ item }}'
+  loop:
+  - dev-python-pip
+  - sys-alm-compose
+  - sys-lock
+  - sys-rst-daemon
+
 - name: install lsof and python-psutil
  community.general.pacman:
    name:
--- a/roles/sys-cln-bkps-timer/tasks/01_core.yml
+++ b/roles/sys-cln-bkps-timer/tasks/01_core.yml
@ -0,0 +1,16 @@
+- name: Include dependencies
+  include_role:
+    name: '{{ item }}'
+  loop:
+  - sys-cln-bkps-service
+  - sys-rst-daemon
+
+- name: set service_name to sys-cln-backups
+  set_fact:
+    service_name: "sys-cln-backups"
+
+- name: "include role for sys-timer for {{service_name}}"
+  include_role:
+    name: sys-timer
+  vars:
+    on_calendar: "{{on_calendar_cleanup_backups}}"
--- a/roles/sys-cln-bkps-timer/tasks/main.yml
+++ b/roles/sys-cln-bkps-timer/tasks/main.yml
@ -1,27 +1,6 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - sys-cln-bkps-service
-    - sys-rst-daemon
-  - set_fact:
+- block:
+  - include_tasks: 01_core.yml
+  - name: run the cleanup_backups_timer tasks once
+    set_fact:
      run_once_sys_cln_bkps_timer: true
  when: run_once_sys_cln_bkps_timer is not defined
- name: set service_name to sys-cln-backups
-  set_fact:
-    service_name: "sys-cln-backups"
-  when: run_once_sys_cln_bkps_timer is not defined
-
- name: "include role for sys-timer for {{service_name}}"
-  include_role:
-    name: sys-timer
-  vars:
-    on_calendar: "{{on_calendar_cleanup_backups}}"
-  when: run_once_sys_cln_bkps_timer is not defined
-
- name: run the cleanup_backups_timer tasks once
-  set_fact:
-    run_once_sys_cln_bkps_timer: true
-  when: run_once_sys_cln_bkps_timer is not defined
--- a/roles/sys-cln-certs/tasks/01_core.yml
+++ b/roles/sys-cln-certs/tasks/01_core.yml
@ -1,14 +1,10 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - sys-alm-compose
-    - sys-rst-daemon
-  - set_fact:
-      run_once_sys_cln_certs: true
-  when: run_once_sys_cln_certs is not defined
+- name: Include dependencies
+  include_role:
+    name: '{{ item }}'
+  loop:
+  - sys-alm-compose
+  - sys-rst-daemon
+
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-cln-disc-space/tasks/main.yml
+++ b/roles/sys-cln-disc-space/tasks/main.yml
@ -1,15 +1,14 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - sys-alm-compose
    - sys-lock
    - sys-rst-daemon
-  - set_fact:
-      run_once_sys_cln_disc_space: true
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_cln_disc_space is not defined
+  
 - name: "create {{cleanup_disc_space_folder}}"
  file:
    path: "{{cleanup_disc_space_folder}}"
--- a/roles/sys-cln-domains/tasks/main.yml
+++ b/roles/sys-cln-domains/tasks/main.yml
@ -1,24 +1,20 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - srv-web-7-4-core
    - sys-rst-daemon
-  - set_fact:
-      run_once_sys_cln_domains: true
-  when: run_once_sys_cln_domains is not defined
- name: Include task to remove deprecated nginx configs
-  include_tasks: remove_deprecated_nginx_configs.yml
-  loop: "{{ deprecated_domains }}"
-  loop_control:
-    label: "{{ item }}"
-  vars:
-    domain: "{{ item }}"
-  when:
-  - mode_cleanup | bool
-  - run_once_sys_cln_domains is not defined
+
+  - name: Include task to remove deprecated nginx configs
+    include_tasks: remove_deprecated_nginx_configs.yml
+    loop: "{{ deprecated_domains }}"
+    loop_control:
+      label: "{{ item }}"
+    vars:
+      domain: "{{ item }}"
+    when:
+    - mode_cleanup | bool

 ## The revoking just works for the base domain
 #- name: "Revoke Certbot certificate for {{ item }}"
@ -55,8 +51,5 @@
 #    'No certificate found with name' not in certbot_delete_result.stderr
 #  changed_when: >
 #    certbot_delete_result.rc == 0
-
- name: run the nginx_domains_cleanup role once
-  set_fact:
-    run_once_sys_cln_domains: true
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_cln_domains is not defined
--- a/roles/sys-cln-faild-bkps/tasks/01_core.yml
+++ b/roles/sys-cln-faild-bkps/tasks/01_core.yml
@ -1,16 +1,12 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - sys-alm-compose
-    - sys-lock
-    - sys-bkp-directory-validator
-    - sys-rst-daemon
-  - set_fact:
-      run_once_sys_cln_faild_bkps: true
-  when: run_once_sys_cln_faild_bkps is not defined
+- name: Include dependencies
+  include_role:
+    name: '{{ item }}'
+  loop:
+  - sys-alm-compose
+  - sys-lock
+  - sys-bkp-directory-validator
+  - sys-rst-daemon
+
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-hlth-btrfs/tasks/main.yml
+++ b/roles/sys-hlth-btrfs/tasks/main.yml
@ -1,11 +1,13 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-alm-compose'
+- block:
+
+  - name: Include dependency 'sys-alm-compose'
    include_role:
      name: sys-alm-compose
-  - set_fact:
-      run_once_sys_hlth_btrfs: true
+    when: run_once_sys_alm_compose is not defined
+
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_hlth_btrfs is not defined
+
 - name: "create {{docker_health_btrfs_folder}}"
  file:
    path: "{{docker_health_btrfs_folder}}"
--- a/roles/sys-hlth-csp/tasks/01_core.yml
+++ b/roles/sys-hlth-csp/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-alm-compose'
-    include_role:
-      name: sys-alm-compose
-  - set_fact:
-      run_once_sys_hlth_csp: true
-  when: run_once_sys_hlth_csp is not defined
+- name: Include dependency 'sys-alm-compose'
+  include_role:
+    name: sys-alm-compose
+  when: run_once_sys_alm_compose is not defined
+
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-hlth-disc-space/tasks/main.yml
+++ b/roles/sys-hlth-disc-space/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-alm-compose'
+- block:
+  - name: Include dependency 'sys-alm-compose'
    include_role:
      name: sys-alm-compose
-  - set_fact:
-      run_once_sys_hlth_disc_space: true
+    when: run_once_sys_alm_compose is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_hlth_disc_space is not defined
+
 - name: "create {{health_disc_space_folder}}"
  file:
    path: "{{health_disc_space_folder}}"
--- a/roles/sys-hlth-docker-container/tasks/01_core.yml
+++ b/roles/sys-hlth-docker-container/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-alm-compose'
-    include_role:
-      name: sys-alm-compose
-  - set_fact:
-      run_once_sys_hlth_docker_container: true
-  when: run_once_sys_hlth_docker_container is not defined
+- name: Include dependency 'sys-alm-compose'
+  include_role:
+    name: sys-alm-compose
+  when: run_once_sys_alm_compose is not defined
+  
 - name: "create {{health_docker_container_folder}}"
  file:
    path: "{{health_docker_container_folder}}"
--- a/roles/sys-hlth-docker-volumes/tasks/01_core.yml
+++ b/roles/sys-hlth-docker-volumes/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-alm-compose'
-    include_role:
-      name: sys-alm-compose
-  - set_fact:
-      run_once_sys_hlth_docker_volumes: true
-  when: run_once_sys_hlth_docker_volumes is not defined
+- name: Include dependency 'sys-alm-compose'
+  include_role:
+    name: sys-alm-compose
+  when: run_once_sys_alm_compose is not defined
+  
 - name: "create {{health_docker_volumes_folder}}"
  file:
    path: "{{health_docker_volumes_folder}}"
--- a/roles/sys-hlth-journalctl/tasks/01_core.yml
+++ b/roles/sys-hlth-journalctl/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-alm-compose'
-    include_role:
-      name: sys-alm-compose
-  - set_fact:
-      run_once_sys_hlth_journalctl: true
-  when: run_once_sys_hlth_journalctl is not defined
+- name: Include dependency 'sys-alm-compose'
+  include_role:
+    name: sys-alm-compose
+  when: run_once_sys_alm_compose is not defined
+
 - name: "create {{health_journalctl_folder}}"
  file:
    path: "{{health_journalctl_folder}}"
--- a/roles/sys-hlth-msmtp/tasks/main.yml
+++ b/roles/sys-hlth-msmtp/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-alm-telegram'
+- block:
+  - name: Include dependency 'sys-alm-telegram'
    include_role:
      name: sys-alm-telegram
-  - set_fact:
-      run_once_sys_hlth_msmtp: true
+    when: run_once_sys_alm_telegram is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_hlth_msmtp is not defined
+
 - name: "create {{ health_msmtp_folder }}"
  file:
    path: "{{ health_msmtp_folder }}"
--- a/roles/sys-hlth-webserver/tasks/01_core.yml
+++ b/roles/sys-hlth-webserver/tasks/01_core.yml
@ -1,14 +1,13 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - dev-python-pip
    - sys-alm-compose
-  - set_fact:
-      run_once_sys_hlth_webserver: true
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_hlth_webserver is not defined
+
 - name: Install required Python modules
  community.general.pacman:
    name: python-requests
--- a/roles/sys-postfix/tasks/main.yml
+++ b/roles/sys-postfix/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'user-administrator'
+- block:
+  - name: Include dependency 'user-administrator'
    include_role:
      name: user-administrator
-  - set_fact:
-      run_once_sys_postfix: true
+    when: run_once_user_administrator is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_postfix is not defined
+
 - name: install postfix
  community.general.pacman:
    name: postfix
--- a/roles/sys-rpr-btrfs-blnc/tasks/01_core.yml
+++ b/roles/sys-rpr-btrfs-blnc/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-alm-compose'
-    include_role:
-      name: sys-alm-compose
-  - set_fact:
-      run_once_sys_rpr_btrfs_blnc: true
-  when: run_once_sys_rpr_btrfs_blnc is not defined
+- name: Include dependency 'sys-alm-compose'
+  include_role:
+    name: sys-alm-compose
+  when: run_once_sys_alm_compose is not defined
+
 - name: "pkgmgr install"
  include_role:
    name: pkgmgr-install
--- a/roles/sys-rpr-docker-hard/tasks/01_core.yml
+++ b/roles/sys-rpr-docker-hard/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-lock'
-    include_role:
-      name: sys-lock
-  - set_fact:
-      run_once_sys_rpr_docker_hard: true
-  when: run_once_sys_rpr_docker_hard is not defined
+- name: Include dependency 'sys-lock'
+  include_role:
+    name: sys-lock
+  when: run_once_sys_lock is not defined
+
 - name: "create {{restart_docker_folder}}"
  file:
    path: "{{restart_docker_folder}}"
--- a/roles/sys-rpr-docker-soft/tasks/01_core.yml
+++ b/roles/sys-rpr-docker-soft/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-lock'
-    include_role:
-      name: sys-lock
-  - set_fact:
-      run_once_sys_rpr_docker_soft: true
-  when: run_once_sys_rpr_docker_soft is not defined
+- name: Include dependency 'sys-lock'
+  include_role:
+    name: sys-lock
+  when: run_once_sys_lock is not defined
+
 - name: "create {{heal_docker}}"
  file:
    path: "{{heal_docker}}"
--- a/roles/sys-svc-journalctl/tasks/main.yml
+++ b/roles/sys-svc-journalctl/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-hlth-journalctl'
+- block:
+  - name: Include dependency 'sys-hlth-journalctl'
    include_role:
      name: sys-hlth-journalctl
-  - set_fact:
-      run_once_sys_svc_journalctl: true
+    when: run_once_sys_hlth_journalctl is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_svc_journalctl is not defined
+
 - name: copy journald.conf
  template:
    src: templates/journald.conf.j2
--- a/roles/sys-svc-msmtp/tasks/01_core.yml
+++ b/roles/sys-svc-msmtp/tasks/01_core.yml
@ -0,0 +1,17 @@
+- name: Include dependency 'sys-hlth-msmtp'
+  include_role:
+    name: sys-hlth-msmtp
+  when: run_once_sys_hlth_msmtp is not defined
+  
+- name: install msmtp msmtp-mta
+  community.general.pacman:
+    name:
+    - msmtp
+    - msmtp-mta
+    state: present
+
+- name: configure msmtprc.conf.j2
+  template:
+    src: "msmtprc.conf.j2"
+    dest: "/root/.msmtprc"
+    mode: 600
--- a/roles/sys-svc-msmtp/tasks/main.yml
+++ b/roles/sys-svc-msmtp/tasks/main.yml
@ -1,27 +1,5 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-hlth-msmtp'
-    include_role:
-      name: sys-hlth-msmtp
+- block:
+  - include_tasks: 01_core.yml
  - set_fact:
      run_once_sys_svc_msmtp: true
  when: run_once_sys_svc_msmtp is not defined
- name: install msmtp msmtp-mta
-  community.general.pacman:
-    name:
-    - msmtp
-    - msmtp-mta
-    state: present
-  when: run_once_sys_svc_msmtp is not defined
-
- name: configure msmtprc.conf.j2
-  template:
-    src: "msmtprc.conf.j2"
-    dest: "/root/.msmtprc"
-    mode: 600
-  when: run_once_sys_svc_msmtp is not defined
-
- name: run the msmtp tasks once
-  set_fact:
-    run_once_sys_svc_msmtp: true
-  when: run_once_sys_svc_msmtp is not defined
--- a/roles/sys-svc-sshd/tasks/main.yml
+++ b/roles/sys-svc-sshd/tasks/main.yml
@ -1,12 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'user-administrator'
+- block:
+  - name: Include dependency 'user-administrator'
    include_role:
      name: user-administrator
-  - set_fact:
-      run_once_sys_svc_sshd: true
-  when: run_once_sys_svc_sshd is not defined
- block:
+    when: run_once_user_administrator is not defined
  - name: create sshd_config
    template:
      src: "sshd_config.j2"
@ -15,8 +11,5 @@
      group: root
      mode: '0644'
    notify: sshd restart
-
-  - name: run the sshd tasks once
-    set_fact:
-      run_once_sys_svc_sshd: true
+  - include_tasks: utils/run_once.yml
  when: run_once_sys_svc_sshd is not defined
--- a/roles/update-compose/tasks/01_core.yml
+++ b/roles/update-compose/tasks/01_core.yml
@ -30,7 +30,9 @@
 - name: "Update with yay"
  include_role:
    name: update-yay
-  when: yay_installed.rc == 0
+  when:
+    - yay_installed.rc == 0
+    - run_once_update_yay is not defined

 - name: "Check if pip is installed"
  command: which pip
@ -41,6 +43,8 @@
 - name: "Update with pip"
  include_role:
    name: update-pip
+  when:
+    - run_once_update_pip is not defined

 - name: "Check if pkgmgr command is available"
  command: "which pkgmgr"
--- a/roles/update-docker/tasks/01_core.yml
+++ b/roles/update-docker/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-lock'
-    include_role:
-      name: sys-lock
-  - set_fact:
-      run_once_update_docker: true
-  when: run_once_update_docker is not defined
+- name: Include dependency 'sys-lock'
+  include_role:
+    name: sys-lock
+  when: run_once_sys_lock is not defined
+
 - name: "start sys-bkp-docker-2-loc-everything.infinito.service"
  systemd:
    name: sys-bkp-docker-2-loc-everything.infinito.service
--- a/roles/update-pip/tasks/main.yml
+++ b/roles/update-pip/tasks/main.yml
@ -1,9 +1,7 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-python-pip'
+- block:
+  - name: Include dependency 'dev-python-pip'
    include_role:
      name: dev-python-pip
-  - set_fact:
-      run_once_update_pip: true
+    when: run_once_dev_python_pip is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_update_pip is not defined
- {}
--- a/roles/update-yay/tasks/main.yml
+++ b/roles/update-yay/tasks/main.yml
@ -1,20 +1,14 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-yay'
+- block:
+  - name: Include dependency 'dev-yay'
    include_role:
      name: dev-yay
-  - set_fact:
-      run_once_update_yay: true
-  when: run_once_update_yay is not defined
- name: upgrade the system using yay, only act on AUR packages.
-  become: false
-  kewlfft.aur.aur:
-    upgrade: yes
-    use: yay
-    aur_only: yes
-  when: run_once_update_yay is not defined
+    when: run_once_dev_yay is not defined

- name: run update yay once
-  set_fact:
-    run_once_update_yay: true
+  - name: upgrade the system using yay, only act on AUR packages.
+    become: false
+    kewlfft.aur.aur:
+      upgrade: yes
+      use: yay
+      aur_only: yes
+  - include_tasks: utils/run_once.yml
  when: run_once_update_yay is not defined
--- a/roles/user-administrator/tasks/01_core.yml
+++ b/roles/user-administrator/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-sudo'
-    include_role:
-      name: sys-sudo
-  - set_fact:
-      run_once_user_administrator: true
-  when: run_once_user_administrator is not defined
+- name: Include dependency 'sys-sudo'
+  include_role:
+    name: sys-sudo
+  when: run_once_sys_sudo is not defined
+
 - name: create administrator
  user:
    name: administrator
--- a/roles/util-desk-design/tasks/01_core.yml
+++ b/roles/util-desk-design/tasks/01_core.yml
@ -0,0 +1,18 @@
+- name: Include dependency 'dev-yay'
+  include_role:
+    name: dev-yay
+  when: run_once_dev_yay is not defined
+
+- name: install designer tools
+  community.general.pacman:
+    name:
+    - gimp
+    - blender
+    state: present
+
+- name: install drawio
+  kewlfft.aur.aur:
+    use: yay
+    name:
+    - drawio-desktop
+  become: false
--- a/roles/util-desk-design/tasks/main.yml
+++ b/roles/util-desk-design/tasks/main.yml
@ -1,21 +1,6 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-yay'
-    include_role:
-      name: dev-yay
+- block:
+  - include_tasks: 01_core.yml
  - set_fact:
      run_once_util_desk_design: true
  when: run_once_util_desk_design is not defined
- name: install designer tools
-  community.general.pacman:
-    name:
-    - gimp
-    - blender
-    state: present

- name: install drawio
-  kewlfft.aur.aur:
-    use: yay
-    name:
-    - drawio-desktop
-  become: false
--- a/roles/util-desk-dev-core/tasks/main.yml
+++ b/roles/util-desk-dev-core/tasks/main.yml
@ -1,13 +1,13 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'pkgmgr'
+- block:
+  - name: Include dependency 'pkgmgr'
    include_role:
      name: pkgmgr
-  - set_fact:
-      run_once_util_desk_dev_core: true
+    when: run_once_pkgmgr is not defined
+
+  - name: install base developer tools
+    community.general.pacman:
+      name:
+      - code
+      state: present
+  - include_tasks: utils/run_once.yml
  when: run_once_util_desk_dev_core is not defined
- name: install base developer tools
-  community.general.pacman:
-    name:
-    - code
-    state: present
--- a/roles/util-desk-dev-python/tasks/main.yml
+++ b/roles/util-desk-dev-python/tasks/main.yml
@ -1,8 +1,7 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'dev-python-pip'
+- block:
+  - name: Include dependency 'dev-python-pip'
    include_role:
      name: dev-python-pip
-  - set_fact:
-      run_once_util_desk_dev_python: true
+    when: run_once_dev_python_pip is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_util_desk_dev_python is not defined
--- a/roles/util-dev-admin/tasks/main.yml
+++ b/roles/util-dev-admin/tasks/main.yml
@ -1,19 +1,18 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - dev-gcc
    - dev-yay
-  - set_fact:
-      run_once_util_dev_admin: true
+
+  - name: install administration tools
+    community.general.pacman:
+      name:
+      - base-devel
+      - cmake
+      - fdupes
+      - p7zip
+      state: present
+  - include_tasks: utils/run_once.yml
  when: run_once_util_dev_admin is not defined
- name: install administration tools
-  community.general.pacman:
-    name:
-    - base-devel
-    - cmake
-    - fdupes
-    - p7zip
-    state: present
--- a/roles/web-app-matrix-ansible/tasks/main.yml
+++ b/roles/web-app-matrix-ansible/tasks/main.yml
@ -1,11 +1,12 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-proxy-7-4-core'
+- block:
+  - name: Include dependency 'srv-proxy-7-4-core'
    include_role:
      name: srv-proxy-7-4-core
-  - set_fact:
-      run_once_web_app_matrix_ansible: true
+    when: run_once_srv_proxy_7_4_core is not defined
+
+  - include_tasks: utils/run_once.yml
  when: run_once_web_app_matrix_ansible is not defined
+
 - name: "include role srv-proxy-6-6-domain for {{application_id}}"
  include_role:
    name: srv-proxy-6-6-domain
--- a/roles/web-app-mig/tasks/01_core.yml
+++ b/roles/web-app-mig/tasks/01_core.yml
@ -1,11 +1,8 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'sys-cli'
-    include_role:
-      name: sys-cli
-  - set_fact:
-      run_once_web_app_mig: true
-  when: run_once_web_app_mig is not defined
+- name: Include dependency 'sys-cli'
+  include_role:
+    name: sys-cli
+  when: run_once_sys_cli is not defined
+
 - name: Load docker compose vars
  include_vars:
    file: roles/docker-compose/vars/docker-compose.yml
@ -14,6 +11,7 @@
 - name: Set roles volume variable
  set_fact:
    mig_roles_meta_volume: "{{ mig_docker_compose.docker_compose.directories.volumes }}/roles/"
+
 - name: Set roles list variable
  set_fact:
    mig_roles_meta_list: "{{ mig_roles_meta_volume }}list.json"
--- a/roles/web-app-mybb/tasks/main.yml
+++ b/roles/web-app-mybb/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-proxy-7-4-core'
+- block:
+  - name: Include dependency 'srv-proxy-7-4-core'
    include_role:
      name: srv-proxy-7-4-core
-  - set_fact:
-      run_once_web_app_mybb: true
+    when: run_once_srv_proxy_7_4_core is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_web_app_mybb is not defined
+
 - name: "load docker and db for {{application_id}}"
  include_role:
    name: cmp-db-docker
--- a/roles/web-opt-rdr-domains/tasks/main.yml
+++ b/roles/web-opt-rdr-domains/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-web-7-6-https'
+- block:
+  - name: Include dependency 'srv-web-7-6-https'
    include_role:
      name: srv-web-7-6-https
-  - set_fact:
-      run_once_web_opt_rdr_domains: true
+    when: run_once_srv_web_7_6_https is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_web_opt_rdr_domains is not defined
+
 - name: "Include domains redirects"
  include_tasks: redirect-domain.yml
  vars:
--- a/roles/web-opt-rdr-www/tasks/main.yml
+++ b/roles/web-opt-rdr-www/tasks/main.yml
@ -1,11 +1,11 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependency 'srv-web-7-4-core'
+- block:
+  - name: Include dependency 'srv-web-7-4-core'
    include_role:
      name: srv-web-7-4-core
-  - set_fact:
-      run_once_web_opt_rdr_www: true
+    when: run_once_srv_web_7_4_core is not defined
+  - include_tasks: utils/run_once.yml
  when: run_once_web_opt_rdr_www is not defined
+
 - name: Filter www-prefixed domains from current_play_domains_all
  set_fact:
    www_domains: "{{ current_play_domains_all | select('match', '^www\\.') | list }}"
--- a/roles/web-svc-cdn/tasks/01_core.yml
+++ b/roles/web-svc-cdn/tasks/01_core.yml
@ -0,0 +1,19 @@
+- name: Include dependencies
+  include_role:
+    name: '{{ item }}'
+  loop:
+  - srv-web-7-6-https
+  - dev-git
+  
+- name: "include role for {{application_id}} to receive certs & do modification routines"
+  include_role:
+    name: srv-web-7-6-composer
+  vars:
+    domain: "{{ domains | get_domain(application_id) }}"
+    http_port: "{{ ports.localhost.http[application_id] }}"
+
+- name: "generate {{domains | get_domain(application_id)}}.conf"
+  template:
+    src: "nginx.conf.j2"
+    dest: "{{ nginx.directories.http.servers }}{{ domains | get_domain(application_id) }}.conf"
+  notify: restart openresty
--- a/roles/web-svc-cdn/tasks/main.yml
+++ b/roles/web-svc-cdn/tasks/main.yml
@ -1,28 +1,5 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - srv-web-7-6-https
-    - dev-git
-  - set_fact:
-      run_once_web_svc_cdn: true
-  when: run_once_web_svc_cdn is not defined
 - block:
-  - name: "include role for {{application_id}} to receive certs & do modification routines"
-    include_role:
-      name: srv-web-7-6-composer
-    vars:
-      domain: "{{ domains | get_domain(application_id) }}"
-      http_port: "{{ ports.localhost.http[application_id] }}"
-
-  - name: "generate {{domains | get_domain(application_id)}}.conf"
-    template:
-      src: "nginx.conf.j2"
-      dest: "{{ nginx.directories.http.servers }}{{ domains | get_domain(application_id) }}.conf"
-    notify: restart openresty
-
+  - include_tasks: 01_core.yml
  - include_tasks: utils/run_once.yml
  when: run_once_web_svc_cdn is not defined

--- a/roles/web-svc-file/tasks/main.yml
+++ b/roles/web-svc-file/tasks/main.yml
@ -1,14 +1,13 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - srv-web-7-6-https
    - dev-git
-  - set_fact:
-      run_once_web_svc_file: true
+  - include_tasks: utils/run_once.yml
  when: run_once_web_svc_file is not defined
+
 - name: "include role for {{application_id}} to receive certs & do modification routines"
  include_role:
    name: srv-web-7-6-composer
--- a/roles/web-svc-html/tasks/main.yml
+++ b/roles/web-svc-html/tasks/main.yml
@ -1,14 +1,13 @@
- name: Load former meta dependencies once
-  block:
-  - name: Include moved dependencies
+- block:
+  - name: Include dependencies
    include_role:
      name: '{{ item }}'
    loop:
    - srv-web-7-6-https
    - dev-git
-  - set_fact:
-      run_once_web_svc_html: true
+  - include_tasks: utils/run_once.yml
  when: run_once_web_svc_html is not defined
+
 - name: "include role for {{application_id}} to receive certs & do modification routines"
  include_role:
    name: srv-web-7-6-composer