Improved performance by executing tasks just once per host

README.md

@@ -152,7 +152,7 @@ Focuses on web server roles and applications, covering SSL certificates, Nginx c
 - **[Nginx-Https](./roles/nginx-https/)**: Enables HTTPS configuration for Nginx.
 - **[Nginx-Matomo-Tracking](./roles/nginx-matomo-tracking/)**: Integrates Matomo tracking with Nginx.
 - **[Nginx-Redirect](./roles/nginx-domain-redirect/)**: Manages URL redirects in Nginx.
-- **[Certbot Nginx](./roles/certbot-nginx/)**: Integrates Certbot with Nginx for SSL certificates.
+- **[Certbot Nginx](./roles/nginx-certbot/)**: Integrates Certbot with Nginx for SSL certificates.
 - **[Postfix](./roles/postfix/)**: Setup for the Postfix mail transfer agent.
 
 #### Docker and Containerization

roles/backup-docker-to-local/tasks/main.yml

@@ -4,6 +4,7 @@
       - lsof
       - python-pandas
     state: present
+  when: run_once_backup_docker_to_local is not defined
 
 - name: pull backup-docker-to-local.git
   git:
@@ -12,23 +13,26 @@
     update: yes
   register: git_result
   ignore_errors: true
+  when: run_once_backup_docker_to_local is not defined
 
 - name: Warn if repo is not reachable
   debug:
     msg: "Warning: Repository is not reachable."
-  when: git_result.failed
+  when: git_result is defined and git_result.failed is defined and run_once_cleanup_failed_docker_backups is not defined
 
 - name: configure backup-docker-to-local.service
   template: 
     src: backup-docker-to-local.service.j2
     dest: /etc/systemd/system/backup-docker-to-local.service
   notify: reload backup-docker-to-local.service
+  when: run_once_backup_docker_to_local is not defined
 
 - name: configure backup-docker-to-local.timer.tpl
   template: src=backup-docker-to-local.timer.j2 dest=/etc/systemd/system/backup-docker-to-local.timer
   register: backup_docker_to_local_timer
   changed_when: backup_docker_to_local_timer.changed or activate_all_timers | default(false) | bool
   notify: restart backup-docker-to-local.timer
+  when: run_once_backup_docker_to_local is not defined
 
 - name: create {{backup_docker_to_local_folder}}databases.csv
   copy:
@@ -36,3 +40,9 @@
     dest: "{{backup_docker_to_local_folder}}databases.csv"
     owner: root
     group: root
+  when: run_once_backup_docker_to_local is not defined
+
+- name: run the backup_docker_to_local tasks once
+  set_fact:
+    run_once_backup_docker_to_local: true
+  when: run_once_backup_docker_to_local is not defined

roles/backups-provider-user/tasks/main.yml

@@ -2,6 +2,7 @@
   user:
     name: backup
     create_home: yes
+  when: run_once_backups_provider_user is not defined
 
 - name: create .ssh directory
   file:
@@ -10,6 +11,7 @@
     owner: backup
     group: backup
     mode: '0700'
+  when: run_once_backups_provider_user is not defined
 
 - name: create /home/backup/.ssh/authorized_keys
   template:
@@ -18,6 +20,7 @@
     owner: backup
     group: backup
     mode: '0644'
+  when: run_once_backups_provider_user is not defined
 
 - name: create /home/backup/ssh-wrapper.sh
   copy:
@@ -26,6 +29,7 @@
     owner: backup
     group: backup
     mode: '0700'
+  when: run_once_backups_provider_user is not defined
 
 - name: grant backup sudo rights
   copy:
@@ -35,3 +39,9 @@
     owner: root
     group: root
   notify: sshd restart
+  when: run_once_backups_provider_user is not defined
+  
+- name: run the backups_provider_user tasks once
+  set_fact:
+    run_once_backups_provider_user: true
+  when: run_once_backups_provider_user is not defined

roles/cleanup-backups-service/tasks/main.yml

@@ -4,20 +4,29 @@
       - lsof
       - python-psutil
     state: present
+  when: run_once_cleanup_backups_service is not defined
 
 - name: "create {{docker_cleanup_backups}}"
   file:
     path: "{{docker_cleanup_backups}}"
     state: directory
     mode: 0755
+  when: run_once_cleanup_backups_service is not defined
 
 - name: create cleanup-backups.py
   copy: 
     src:  "cleanup-backups.py"
     dest: "{{docker_cleanup_backups}}cleanup-backups.py"
+  when: run_once_cleanup_backups_service is not defined
 
 - name: create cleanup-backups.service
   template: 
     src:  "cleanup-backups.service.j2"
     dest: "/etc/systemd/system/cleanup-backups.service"
   notify: reload cleanup-backups.service
+  when: run_once_cleanup_backups_service is not defined
+
+- name: run the cleanup_backups_service tasks once
+  set_fact:
+    run_once_cleanup_backups_service: true
+  when: run_once_cleanup_backups_service is not defined

roles/cleanup-backups-timer/handlers/main.yml

@@ -4,3 +4,9 @@
     state: restarted
     enabled: yes
     daemon_reload: yes
+  when: run_once_cleanup_backup_timer is not defined
+
+- name: run the cleanup_backup_timer tasks once
+  set_fact:
+    run_once_cleanup_backup_timer: true
+  when: run_once_cleanup_backup_timer is not defined

roles/cleanup-backups-timer/tasks/main.yml

@@ -5,3 +5,9 @@
   register: cleanup_backups_timer
   changed_when: cleanup_backups_timer.changed or activate_all_timers | default(false) | bool
   notify: restart cleanup-backups.timer
+  when: run_once_cleanup_backups_timer is not defined
+
+- name: run the cleanup_backups_timer tasks once
+  set_fact:
+    run_once_cleanup_backups_timer: true
+  when: run_once_cleanup_backups_timer is not defined

roles/cleanup-failed-docker-backups/tasks/main.yml

@@ -5,14 +5,21 @@
     update: yes
   register: git_result
   ignore_errors: true
+  when: run_once_cleanup_failed_docker_backups is not defined
 
 - name: Warn if repo is not reachable
   debug:
     msg: "Warning: Repository is not reachable."
-  when: git_result.failed
+  when: git_result is defined and git_result.failed is defined and run_once_cleanup_failed_docker_backups is not defined
 
 - name: configure cleanup-failed-docker-backups.service
   template: 
     src: cleanup-failed-docker-backups.service.j2
     dest: /etc/systemd/system/cleanup-failed-docker-backups.service
-  notify: reload cleanup-failed-docker-backups.service daemon
+  notify: reload cleanup-failed-docker-backups.service daemon
+  when: run_once_cleanup_failed_docker_backups is not defined
+
+- name: run the cleanup_failed_docker_backups tasks once
+  set_fact:
+    run_once_cleanup_failed_docker_backups: true
+  when: run_once_cleanup_failed_docker_backups is not defined

roles/docker/tasks/main.yml

@@ -5,6 +5,7 @@
     name: ['docker','docker-compose']
     state: present
   notify: docker restart
+  when: run_once_docker is not defined
 
 - name: "create {{path_docker_compose_instances}}"
   file:
@@ -13,6 +14,7 @@
     mode: 0700
     owner: administrator
     group: administrator
+  when: run_once_docker is not defined
 
 - name: "create {{path_docker_volumes}}"
   file:
@@ -21,6 +23,13 @@
     mode: 0700
     owner: administrator
     group: administrator
+  when: run_once_docker is not defined
 
 - name: flush docker service
   meta: flush_handlers
+  when: run_once_docker is not defined
+
+- name: run the docker tasks once
+  set_fact:
+    run_once_docker: true
+  when: run_once_docker is not defined

roles/git/tasks/main.yml

@@ -1,2 +1,8 @@
 - name: install git
   pacman: name=git state=present
+  when: run_once_git is not defined
+
+- name: run the git tasks once
+  set_fact:
+    run_once_git: true
+  when: run_once_git is not defined

roles/heal-docker/tasks/main.yml

@@ -3,17 +3,20 @@
     path: "{{heal_docker}}"
     state: directory
     mode: 0755
+  when: run_once_heal_docker is not defined
 
 - name: create heal-docker.py
   copy:
     src: heal-docker.py
     dest: "{{heal_docker}}heal-docker.py"
+  when: run_once_heal_docker is not defined
 
 - name: create heal-docker.service
   template: 
     src: heal-docker.service.j2 
     dest: /etc/systemd/system/heal-docker.service
   notify: reload heal-docker.service
+  when: run_once_heal_docker is not defined
 
 - name: create heal-docker.timer
   template:
@@ -21,4 +24,10 @@
     dest: "/etc/systemd/system/heal-docker.timer"
   register: heal_docker_timer
   changed_when: heal_docker_timer.changed or activate_all_timers | default(false) | bool
-  notify: restart heal-docker.timer
+  notify: restart heal-docker.timer
+  when: run_once_heal_docker is not defined
+
+- name: run the heal_docker tasks once
+  set_fact:
+    run_once_heal_docker: true
+  when: run_once_heal_docker is not defined

roles/health-docker-container/tasks/main.yml

@@ -3,15 +3,18 @@
     path: "{{health_docker_container_folder}}"
     state: directory
     mode: 0755
+  when: run_once_health_docker_container is not defined
 
 - name: create health-docker-container.sh
   copy:
     src: health-docker-container.sh
     dest: "{{health_docker_container_folder}}health-docker-container.sh"
+  when: run_once_health_docker_container is not defined
 
 - name: create health-docker-container.service
   template: src=health-docker-container.service.j2 dest=/etc/systemd/system/health-docker-container.service
   notify: reload health-docker-container.service
+  when: run_once_health_docker_container is not defined
 
 - name: create health-docker-container.timer
   template:
@@ -20,3 +23,9 @@
   register: health_docker_container_timer
   changed_when: health_docker_container_timer.changed or activate_all_timers | default(false) | bool
   notify: restart health-docker-container.timer
+  when: run_once_health_docker_container is not defined
+
+- name: run the health_docker_container tasks once
+  set_fact:
+    run_once_health_docker_container: true
+  when: run_once_health_docker_container is not defined

roles/health-docker-volumes/tasks/main.yml

@@ -3,15 +3,18 @@
     path: "{{health_docker_volumes_folder}}"
     state: directory
     mode: 0755
+  when: run_once_health_docker_volumes is not defined
 
 - name: create health-docker-volumes.sh
   copy:
     src: health-docker-volumes.sh
     dest: "{{health_docker_volumes_folder}}health-docker-volumes.sh"
+  when: run_once_health_docker_volumes is not defined
 
 - name: create health-docker-volumes.service
   template: src=health-docker-volumes.service.j2 dest=/etc/systemd/system/health-docker-volumes.service
   notify: reload health-docker-volumes.service
+  when: run_once_health_docker_volumes is not defined
 
 - name: create health-docker-volumes.timer
   template:
@@ -20,3 +23,9 @@
   register: health_docker_volumes_timer
   changed_when: health_docker_volumes_timer.changed or activate_all_timers | default(false) | bool
   notify: restart health-docker-volumes.timer
+  when: run_once_health_docker_volumes is not defined
+
+- name: run the health_docker_volumes tasks once
+  set_fact:
+    run_once_health_docker_volumes: true
+  when: run_once_health_docker_volumes is not defined

roles/health-nginx/tasks/main.yml

@@ -2,23 +2,27 @@
   pacman:
     name: python-requests
     state: present
+  when: run_once_health_nginx is not defined
 
 - name: "create {{ health_nginx_folder }}"
   file:
     path: "{{ health_nginx_folder }}"
     state: directory
     mode: 0755
+  when: run_once_health_nginx is not defined
 
 - name: create health-nginx.py
   copy:
     src: health-nginx.py
     dest: "{{ health_nginx_folder }}health-nginx.py"
+  when: run_once_health_nginx is not defined
 
 - name: create health-nginx.service
   template: 
     src: health-nginx.service.j2
     dest: /etc/systemd/system/health-nginx.service
   notify: reload health-nginx.service
+  when: run_once_health_nginx is not defined
 
 - name: create health-nginx.timer
   template:
@@ -27,3 +31,10 @@
   register: health_nginx_timer
   changed_when: health_nginx_timer.changed or activate_all_timers | default(false) | bool
   notify: restart health-nginx.timer
+  when: run_once_health_nginx is not defined
+
+- name: run the health_nginx tasks once
+  set_fact:
+    run_once_health_nginx: true
+  when: run_once_health_nginx is not defined
+

roles/letsencrypt/meta/main.yml

@@ -1,2 +1,2 @@
 dependencies:
-- certbot-nginx
+- nginx-certbot

roles/letsencrypt/tasks/main.yml

@@ -1,6 +1,13 @@
 - name: create nginx letsencrypt config file
   template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf
   notify: restart nginx
+  when: run_once_letsencrypt is not defined
 
 - name: flush nginx service
   meta: flush_handlers
+  when: run_once_letsencrypt is not defined
+
+- name: run the letsencrypt logic just once
+  set_fact:
+    run_once_letsencrypt: true
+  when: run_once_letsencrypt is not defined

roles/nginx-certbot/tasks/main.yml

@@ -2,12 +2,14 @@
   pacman:
     name: [certbot,certbot-nginx]
     state: present
+  when: run_once_nginx_certbot is not defined
 
 - name: configure certbot.service.tpl
   template: 
     src:  certbot.service.j2
     dest: /etc/systemd/system/certbot.service
   notify: reload certbot service
+  when: run_once_nginx_certbot is not defined
 
 - name: configure certbot.timer.tpl
   template:
@@ -16,3 +18,9 @@
   register: certbot_timer
   changed_when: certbot_timer.changed or activate_all_timers | default(false) | bool
   notify: restart certbot timer
+  when: run_once_nginx_certbot is not defined
+
+- name: run the nginx_certbot tasks once
+  set_fact:
+    run_once_nginx_certbot: true
+  when: run_once_nginx_certbot is not defined

roles/nginx/tasks/main.yml

@@ -2,6 +2,7 @@
 - name: install nginx
   pacman: name=nginx state=present
   notify: restart nginx
+  when: run_once_nginx is not defined
 
 - name: Ensure nginx configuration directories are present
   file:
@@ -12,10 +13,18 @@
     - "{{nginx_servers_directory}}"
     - "{{nginx_maps_directory}}"
     - "{{nginx_upstreams_directory}}"
+  when: run_once_nginx is not defined
 
 - name: create nginx config file
   template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
   notify: restart nginx
+  when: run_once_nginx is not defined
 
 - name: flush nginx service
   meta: flush_handlers
+  when: run_once_nginx is not defined
+
+- name: run the nginx tasks once
+  set_fact:
+    run_once_nginx: true
+  when: run_once_nginx is not defined

roles/python-pip/tasks/main.yml

@@ -3,3 +3,9 @@
   pacman:
     name: python-pip
     state: present
+  when: run_once_python_pip is not defined
+
+- name: run the python_pip tasks once
+  set_fact:
+    run_once_python_pip: true
+  when: run_once_python_pip is not defined

roles/sshd/tasks/main.yml

@@ -6,3 +6,9 @@
     group: root
     mode: '0644'
   notify: sshd restart
+  when: run_once_sshd is not defined
+
+- name: run the sshd tasks once
+  set_fact:
+    run_once_sshd: true
+  when: run_once_sshd is not defined

roles/sudo/tasks/main.yml

@@ -2,3 +2,9 @@
   package:
     name:   sudo
     state:  present
+  when: run_once_sudo is not defined
+
+- name: run the sudo tasks once
+  set_fact:
+    run_once_sudo: true
+  when: run_once_sudo is not defined

roles/systemd-notifier-email/tasks/main.yml

@@ -1,18 +1,28 @@
 - name: install smtp-forwarder
   pacman: name=smtp-forwarder state=present
+  when: run_once_systemd_notifier_email is not defined
 
 - name: configure msmtprc.conf.j2
   template: src=msmtprc.conf.j2 dest=/root/.msmtprc
+  when: run_once_systemd_notifier_email is not defined
 
 - name: "create {{systemd_notifier_email_folder}}"
   file:
     path: "{{systemd_notifier_email_folder}}"
     state: directory
     mode: 0755
+  when: run_once_systemd_notifier_email is not defined
 
 - name: configure systemd-notifier-email.sh
   template: src=systemd-notifier-email.sh.j2 dest={{systemd_notifier_email_folder}}systemd-notifier-email.sh
+  when: run_once_systemd_notifier_email is not defined
 
 - name: configure systemd-notifier-email.service
   template: src=systemd-notifier-email@.service.j2 dest=/etc/systemd/system/systemd-notifier-email@.service
   notify: restart systemd-notifier-email service
+  when: run_once_systemd_notifier_email is not defined
+
+- name: run the systemd_notifier_email tasks once
+  set_fact:
+    run_once_systemd_notifier_email: true
+  when: run_once_systemd_notifier_email is not defined

roles/systemd-notifier-telegram/tasks/main.yml

@@ -2,20 +2,29 @@
   pacman: 
     name: curl
     state: present
+  when: run_once_systemd_notifier_telegram is not defined
 
 - name: Create a directory with a subdirectory
   ansible.builtin.file:
     path: "{{systemd_telegram_folder}}"
     state: directory
     mode: '0755'
+  when: run_once_systemd_notifier_telegram is not defined
 
 - name: configure systemd-notifier-telegram.sh
   template: 
     src: systemd-notifier-telegram.sh.j2 
     dest: "{{ systemd_telegram_script }}"
+  when: run_once_systemd_notifier_telegram is not defined  
 
 - name: configure systemd-notifier-telegram.service
   template: 
     src: systemd-notifier-telegram@.service.j2 
     dest: "/etc/systemd/system/systemd-notifier-telegram@.service"
   notify: "restart systemd-notifier-telegram service"
+  when: run_once_systemd_notifier_telegram is not defined
+
+- name: run the systemd_notifier_telegram tasks once
+  set_fact:
+    run_once_systemd_notifier_telegram: true
+  when: run_once_systemd_notifier_telegram is not defined

roles/systemd-notifier/handlers/main.yml

@@ -2,3 +2,9 @@
   systemd:
     name: systemd-notifier.service
     daemon_reload: yes
+  when: run_once_systemd_notifier_service is not defined
+
+- name: run the systemd_notifier_service tasks once
+  set_fact:
+    run_once_systemd_notifier_service: true
+  when: run_once_systemd_notifier_service is not defined

roles/systemd-notifier/tasks/main.yml

@@ -4,3 +4,9 @@
     src: systemd-notifier@.service.j2 
     dest: "/etc/systemd/system/systemd-notifier@.service"
   notify: "restart systemd-notifier service"
+  when: run_once_systemd_notifier_service is not defined
+
+- name: run the systemd_notifier_service tasks once
+  set_fact:
+    run_once_systemd_notifier_service: true
+  when: run_once_systemd_notifier_service is not defined

roles/user-administrator/tasks/main.yml

@@ -7,6 +7,7 @@
     generate_ssh_key: yes
     ssh_key_type: rsa
     ssh_key_bits: 8192
+  when: run_once_user_administrator is not defined
     
 - name: "create {{path_administrator_scripts}}"
   file:
@@ -15,6 +16,7 @@
     owner: administrator
     group: administrator
     mode: 0700
+  when: run_once_user_administrator is not defined
     
 - name: create {{path_administrator_home}}.ssh/authorized_keys
   copy:
@@ -23,6 +25,7 @@
     owner: administrator
     group: administrator
     mode: '0644'
+  when: run_once_user_administrator is not defined
 
 - name: grant administrator sudo rights with password
   copy:
@@ -32,6 +35,7 @@
     owner: root
     group: root
   notify: sshd restart
+  when: run_once_user_administrator is not defined
 
 - name: "create {{path_administrator_home}}volumes/"
   file:
@@ -40,3 +44,9 @@
     owner: administrator
     group: administrator
     mode: 0700
+  when: run_once_user_administrator is not defined
+
+- name: run the user_administrator tasks once
+  set_fact:
+    run_once_user_administrator: true
+  when: run_once_user_administrator is not defined