feat(services): add CPU/RAM/PIDs defaults for heavy roles and align service names

Add per-service resource overrides (cpus, mem_reservation, mem_limit, pids_limit) for ollama, mariadb, postgres, confluence, gitlab, jira, keycloak, nextcloud; light formatting fixes in wordpress.

Rename service keys from generic 'application/web' to concrete names (jira, confluence, gitlab, keycloak) and update compose templates accordingly.

Jira: introduce JIRA_STORAGE_PATH and switch mounts/README accordingly.

https://chatgpt.com/share/68d2d96c-9bf4-800f-bbec-d4f2c0051c06

roles/svc-ai-ollama/config/main.yml

@@ -5,10 +5,14 @@ docker:
     ollama:
       backup:
         no_stop_required: true
-      image:    ollama/ollama
-      version:  latest
-      name:     ollama
-      port:     11434
+      image:              ollama/ollama
+      version:            latest
+      name:               ollama
+      port:               11434
+      cpus:               "4.0"
+      mem_reservation:    "6g"
+      mem_limit:          "8g"
+      pids_limit:         2048
   volumes:
     models:     "ollama_models"
   network:      "ollama"

roles/svc-db-mariadb/config/main.yml

@@ -1,11 +1,16 @@
 docker:
   services:
     mariadb:
-      version:          "latest"
-      image:            "mariadb"
-      name:             "mariadb"
+      version:            "latest"
+      image:              "mariadb"
+      name:               "mariadb"
       backup:
         database_routine: true
+      # Performance Variables aren't used yet, but will be in the future as soon as an docker file is implemented
+      cpus:               "2.0"
+      mem_reservation:    "2g"
+      mem_limit:          "4g"
+      pids_limit:         1024
   network:              "mariadb"
   volumes:
     data:               "mariadb_data"

roles/svc-db-postgres/config/main.yml

@@ -2,13 +2,17 @@ docker:
   services:
     postgres:
       # Postgis is necessary for mobilizon
-      image:    postgis/postgis
-      name:     postgres
+      image:              postgis/postgis
+      name:               postgres
       # Please set an version in your inventory file! 
       # Rolling release isn't recommended
-      version:  "latest"
+      version:            "latest"
       backup:
         database_routine: true
+      cpus:               "2.0"
+      mem_reservation:    "4g"
+      mem_limit:          "6g"
+      pids_limit:         1024
   volumes:
     data:     "postgres_data"
   network:    "postgres"

roles/web-app-confluence/config/main.yml

@@ -3,10 +3,14 @@ docker:
   services:
     database:
       enabled:      true
-    application:
-      image:        atlassian/confluence
-      version:      latest
-      name:         confluence
+    confluence:
+      image:            atlassian/confluence
+      version:          latest
+      name:             confluence
+      cpus:             "3.0"
+      mem_reservation:  "6g"
+      mem_limit:        "8g"
+      pids_limit:       2048
   volumes:
     data:           "confluence_data"
 features:

roles/web-app-confluence/templates/docker-compose.yml.j2

@@ -1,5 +1,5 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
-  application:
+  confluence:
     {{ lookup('template', 'roles/docker-container/templates/build.yml.j2') | indent(4) }}
     image: "{{ CONFLUENCE_CUSTOM_IMAGE }}"
     container_name: "{{ CONFLUENCE_CONTAINER }}"

roles/web-app-confluence/vars/main.yml

@@ -28,9 +28,9 @@ CONFLUENCE_OIDC_SCOPES:           "openid,email,profile"
 CONFLUENCE_OIDC_UNIQUE_ATTRIBUTE: "{{ OIDC.ATTRIBUTES.USERNAME }}"
 
 ## Docker
-CONFLUENCE_VERSION:               "{{ applications | get_app_conf(application_id, 'docker.services.application.version') }}"
-CONFLUENCE_IMAGE:                 "{{ applications | get_app_conf(application_id, 'docker.services.application.image') }}"
-CONFLUENCE_CONTAINER:             "{{ applications | get_app_conf(application_id, 'docker.services.application.name') }}"
+CONFLUENCE_VERSION:               "{{ applications | get_app_conf(application_id, 'docker.services.confluence.version') }}"
+CONFLUENCE_IMAGE:                 "{{ applications | get_app_conf(application_id, 'docker.services.confluence.image') }}"
+CONFLUENCE_CONTAINER:             "{{ applications | get_app_conf(application_id, 'docker.services.confluence.name') }}"
 CONFLUENCE_DATA_VOLUME:           "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
 CONFLUENCE_CUSTOM_IMAGE:          "{{ CONFLUENCE_IMAGE }}_custom"
 

roles/web-app-gitlab/config/main.yml

@@ -12,9 +12,13 @@ docker:
     database: 
       enabled:      true
     gitlab:
-      image:        "gitlab/gitlab-ee"
-      version:      "latest"
-      name:         "gitlab"
+      image:            "gitlab/gitlab-ee"
+      version:          "latest"
+      name:             "gitlab"
+      cpus:             "4.0"
+      mem_reservation:  "8g"
+      mem_limit:        "12g"
+      pids_limit:        4096
   volumes:
     data:           "gitlab_data"
     logs:           "gitlab_logs"

roles/web-app-gitlab/templates/docker-compose.yml.j2

@@ -1,6 +1,6 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
 
-  web:
+  gitlab:
     image: "{{ GITLAB_IMAGE }}:{{ GITLAB_VERSION }}"
     hostname: '{{ GITLAB_HOSTNAME }}'
     container_name:  "{{ GITLAB_CONTAINER }}"

roles/web-app-jira/README.md

@@ -17,7 +17,7 @@ The role builds a lean custom image on top of the official Jira Software image,
 * **JVM Auto-Tuning:** Safe calculation of `JVM_MINIMUM_MEMORY` / `JVM_MAXIMUM_MEMORY` with caps to avoid VM init errors.
 * **Health Checks:** Container healthcheck for quicker failure detection and stable automation.
 * **CSP & Canonical Domains:** Integrates with platform CSP and domain management.
-* **Backup Ready:** Persistent data under `/var/atlassian/application-data/jira`.
+* **Backup Ready:** Persistent data under `{{ JIRA_STORAGE_PATH }}`.
 
 ## Further Resources
 

roles/web-app-jira/config/main.yml

@@ -4,10 +4,14 @@ docker:
   services:
     database:
       enabled:      true
-    application:
-      image:        atlassian/jira-software
-      version:      latest
-      name:         jira
+    jira:
+      image:            atlassian/jira-software
+      version:          latest
+      name:             jira
+      cpus:             "2.0"
+      mem_reservation:  "4g"
+      mem_limit:        "6g"
+      pids_limit:       2048
   volumes:
     data:           "jira_data"
 features:

roles/web-app-jira/templates/Dockerfile.j2

@@ -4,5 +4,5 @@ FROM "{{ JIRA_IMAGE }}:{{ JIRA_VERSION }}"
 # COPY ./plugins/atlassian-sso-dc-latest.obr /opt/atlassian/jira/atlassian-bundled-plugins/
 
 # Ensure proper permissions for app data
-RUN mkdir -p /var/atlassian/application-data/jira && \
-    chown -R 2001:2001 /var/atlassian/application-data/jira
+RUN mkdir -p {{ JIRA_STORAGE_PATH }} && \
+    chown -R 2001:2001 {{ JIRA_STORAGE_PATH }}

roles/web-app-jira/templates/docker-compose.yml.j2

@@ -1,6 +1,6 @@
 
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
-  application:
+  jira:
     {{ lookup('template', 'roles/docker-container/templates/build.yml.j2') | indent(4) }}
     image: "{{ JIRA_CUSTOM_IMAGE }}"
     container_name: "{{ JIRA_CONTAINER }}"
@@ -8,7 +8,7 @@
     ports:
       - "127.0.0.1:{{ ports.localhost.http[application_id] }}:8080"
     volumes:
-      - 'data:/var/atlassian/application-data/jira'
+      - 'data:{{ JIRA_STORAGE_PATH }}'
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
 {% include 'roles/docker-container/templates/base.yml.j2' %}
 {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}

roles/web-app-jira/vars/main.yml

@@ -11,6 +11,7 @@ container_hostname:           "{{ domains | get_domain(application_id) }}"
 ## URLs
 JIRA_URL:                     "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 JIRA_HOSTNAME:                "{{ container_hostname }}"
+JIRA_STORAGE_PATH:            "/var/atlassian/application-data/jira"
 
 ## OIDC
 JIRA_OIDC_ENABLED:            "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
@@ -27,9 +28,9 @@ JIRA_OIDC_SCOPES:             "openid,email,profile"
 JIRA_OIDC_UNIQUE_ATTRIBUTE:   "{{ OIDC.ATTRIBUTES.USERNAME }}"
 
 ## Docker
-JIRA_VERSION:                 "{{ applications | get_app_conf(application_id, 'docker.services.application.version') }}"
-JIRA_IMAGE:                   "{{ applications | get_app_conf(application_id, 'docker.services.application.image') }}"
-JIRA_CONTAINER:               "{{ applications | get_app_conf(application_id, 'docker.services.application.name') }}"
+JIRA_VERSION:                 "{{ applications | get_app_conf(application_id, 'docker.services.jira.version') }}"
+JIRA_IMAGE:                   "{{ applications | get_app_conf(application_id, 'docker.services.jira.image') }}"
+JIRA_CONTAINER:               "{{ applications | get_app_conf(application_id, 'docker.services.jira.name') }}"
 JIRA_DATA_VOLUME:             "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
 JIRA_CUSTOM_IMAGE:            "{{ JIRA_IMAGE }}_custom"
 

roles/web-app-keycloak/config/main.yml

@@ -36,9 +36,13 @@ scopes:
 docker:
   services:
     keycloak:
-      image:    "quay.io/keycloak/keycloak"
-      version:  "latest"
-      name:     "keycloak"
+      image:            "quay.io/keycloak/keycloak"
+      version:          "latest"
+      name:             "keycloak"
+      cpus:             "2.0"
+      mem_reservation:  "2g"
+      mem_limit:        "4g"
+      pids_limit:       1024
     database:
       enabled: true
 

roles/web-app-keycloak/templates/docker-compose.yml.j2

@@ -1,6 +1,6 @@
 {% include 'roles/docker-compose/templates/base.yml.j2' %}
 
-  application:
+  keycloak:
     image: "{{ KEYCLOAK_IMAGE }}:{{ KEYCLOAK_VERSION }}"
     container_name: {{ KEYCLOAK_CONTAINER }}
     command: start{% if KEYCLOAK_REALM_IMPORT_ENABLED %} --import-realm{% endif %}{% if KEYCLOAK_DEBUG_ENABLED %} --verbose{% endif %}

roles/web-app-nextcloud/config/main.yml

@@ -25,7 +25,7 @@ docker:
   services:
     redis:
       enabled: true
-    database: 
+    database:
       enabled: true
     nextcloud:
       name:     "nextcloud"
@@ -33,6 +33,10 @@ docker:
       version:  "production-fpm-alpine"
       backup:
         no_stop_required: true
+      cpus:               "2.0"
+      mem_reservation:    "2g"
+      mem_limit:          "3g"
+      pids_limit:         512
     proxy: 
       name:     "nextcloud-proxy"
       image:    "nginx"

roles/web-app-wordpress/config/main.yml

@@ -45,11 +45,11 @@ server:
 docker:
   services:
     database:
-      enabled:          true
+      enabled:            true
     wordpress:
-      version:          latest 
-      image:            wordpress
-      name:             wordpress 
+      version:            latest 
+      image:              wordpress
+      name:               wordpress 
       backup:
         no_stop_required: true
   volumes: