Moved blocks to include_tasks to raise performance. Deploy was really slow

2025-08-15 08:30:46 +02:00 · 2025-08-11 12:28:31 +02:00 · 2025-08-11 12:28:31 +02:00 · 6e04ac58d2
commit 6e04ac58d2
parent b6e571a496
52 changed files with 609 additions and 628 deletions
--- a/roles/cmp-rdbms/tasks/main.yml
+++ b/roles/cmp-rdbms/tasks/main.yml
@ -23,4 +23,4 @@
  when: applications | get_app_conf(application_id, 'features.central_database', False)
 - name: "For '{{ application_id }}': Add Entry for Backup Procedure"
-  include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/03_seed-database-to-backup.yml"
+  include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml"
--- a/roles/docker-core/tasks/01_core.yml
+++ b/roles/docker-core/tasks/01_core.yml
@ -0,0 +1,13 @@
 - name: docker & docker compose install
  pacman:
    name: ['docker','docker-compose']
    state: present
  notify: docker restart
 - name: "create {{path_docker_compose_instances}}"
  file:
    path: "{{path_docker_compose_instances}}"
    state: directory
    mode: 0700
    owner: root
    group: root
--- a/roles/docker-core/tasks/main.yml
+++ b/roles/docker-core/tasks/main.yml
@ -1,22 +1,5 @@
 ---
 - block:
-  - name: docker & docker compose install
+    - include_tasks: 01_core.yml
-    pacman:
+    - include_tasks: utils/run_once.yml
      name: ['docker','docker-compose']
      state: present
    notify: docker restart
  - name: "create {{path_docker_compose_instances}}"
    file:
      path: "{{path_docker_compose_instances}}"
      state: directory
      mode: 0700
      owner: administrator
      group: administrator
  - name: Set docker_enabled to true, to activate svc-opt-ssd-hdd
    set_fact:
      docker_enabled: true
  - include_tasks: utils/run_once.yml
  when: run_once_docker_core is not defined
--- a/roles/srv-web-6-6-tls-renew/tasks/01_core.yml
+++ b/roles/srv-web-6-6-tls-renew/tasks/01_core.yml
@ -0,0 +1,22 @@
 - name: install certbot
  pacman:
    name:
      - certbot-nginx
    state: present
 - name: configure srv-web-6-6-tls-renew.infinito.service
  template: 
    src:  srv-web-6-6-tls-renew.service.j2
    dest: /etc/systemd/system/srv-web-6-6-tls-renew.infinito.service
  notify: reload certbot service
 - name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
 - name: "include role for sys-timer for {{service_name}}"
  include_role:
    name: sys-timer
  vars:
    on_calendar:  "{{on_calendar_renew_lets_encrypt_certificates}}"
    persistent:   "true"
--- a/roles/srv-web-6-6-tls-renew/tasks/main.yml
+++ b/roles/srv-web-6-6-tls-renew/tasks/main.yml
@ -1,26 +1,4 @@
 - block:
-    - name: install certbot
+    - include_tasks: 01_core.yml
      pacman:
        name:
          - certbot-nginx
        state: present
    - name: configure srv-web-6-6-tls-renew.infinito.service
      template: 
        src:  srv-web-6-6-tls-renew.service.j2
        dest: /etc/systemd/system/srv-web-6-6-tls-renew.infinito.service
      notify: reload certbot service
    - name: "set 'service_name' to '{{ role_name }}'"
      set_fact:
        service_name: "{{ role_name }}"
    - name: "include role for sys-timer for {{service_name}}"
      include_role:
        name: sys-timer
      vars:
        on_calendar:  "{{on_calendar_renew_lets_encrypt_certificates}}"
        persistent:   "true"
    - include_tasks: utils/run_once.yml
  when: run_once_srv_web_6_6_tls_renew is not defined
--- a/roles/srv-web-7-4-core/tasks/01_core.yml
+++ b/roles/srv-web-7-4-core/tasks/01_core.yml
@ -0,0 +1,49 @@
 - name: Include openresty
  # Outside of run_once block is necessary for handler loading
  # Otherwise the when: condition from the block is added to the handlers
  # Inside openresty their is a validation that it doesn't run multiple times
  include_role:
    name: svc-prx-openresty
    public: false
    # Explicit set to guaranty that application_id will not be overwritten.
    # Should be anyhow the default case
 - name: "reset (if enabled)"
  include_tasks: 02_reset.yml
  when: mode_reset | bool
 - name: Ensure nginx configuration directories are present
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{nginx.user}}"
    group: "{{nginx.user}}"
    mode: '0755'
    recurse: yes
  loop: >
    {{
      [ nginx.directories.configuration ] +
      ( nginx.directories.http.values() | list ) +
      [ nginx.directories.streams ] 
    }}
 - name: Ensure nginx data storage directories are present
  file:
    path: "{{ item }}"
    state: directory
    recurse: yes
    owner: "{{nginx.user}}"
    group: "{{nginx.user}}"
    mode:  '0755'
  loop: >
    {{ nginx.directories.data.values() | list }}
 - name: "Include tasks to create cache directories"
  include_tasks: 03_cache_directories.yml
 - name: create nginx config file
  template: 
    src:  nginx.conf.j2 
    dest: "{{ nginx.files.configuration }}"
  notify: restart openresty
--- a/roles/srv-web-7-4-core/tasks/02_reset.yml
+++ b/roles/srv-web-7-4-core/tasks/02_reset.yml
--- a/roles/srv-web-7-4-core/tasks/03_cache_directories.yml
+++ b/roles/srv-web-7-4-core/tasks/03_cache_directories.yml
--- a/roles/srv-web-7-4-core/tasks/main.yml
+++ b/roles/srv-web-7-4-core/tasks/main.yml
@ -1,53 +1,5 @@
 ---
- name: Include openresty
+- block:
-  # Outside of run_once block is necessary for handler loading
+  - include_tasks: 01_core.yml
  # Otherwise the when: condition from the block is added to the handlers
  # Inside openresty their is a validation that it doesn't run multiple times
  include_role:
    name: svc-prx-openresty
    public: false
    # Explicit set to guaranty that application_id will not be overwritten.
    # Should be anyhow the default case
 - block:  
  - name: "reset (if enabled)"
    include_tasks: 01_reset.yml
    when: mode_reset | bool
  - name: Ensure nginx configuration directories are present
    file:
      path: "{{ item }}"
      state: directory
      owner: "{{nginx.user}}"
      group: "{{nginx.user}}"
      mode: '0755'
      recurse: yes
    loop: >
      {{
        [ nginx.directories.configuration ] +
        ( nginx.directories.http.values() | list ) +
        [ nginx.directories.streams ] 
      }}
  - name: Ensure nginx data storage directories are present
    file:
      path: "{{ item }}"
      state: directory
      recurse: yes
      owner: "{{nginx.user}}"
      group: "{{nginx.user}}"
      mode:  '0755'
    loop: >
      {{ nginx.directories.data.values() | list }}
  - name: "Include tasks to create cache directories"
    include_tasks: 02_cache_directories.yml
  - name: create nginx config file
    template: 
      src:  nginx.conf.j2 
      dest: "{{ nginx.files.configuration }}"
    notify: restart openresty
  - include_tasks: utils/run_once.yml
  when: run_once_srv_web_7_4_core is not defined
--- a/roles/svc-db-mariadb/tasks/01_core.yml
+++ b/roles/svc-db-mariadb/tasks/01_core.yml
@ -0,0 +1,48 @@
 - name: Create Docker network for MariaDB
  docker_network:
    name: "{{ mariadb_network_name }}"
    state: present
    ipam_config:
      - subnet: "{{ mariadb_subnet }}"
 - name: install MariaDB
  docker_container:
    name: "{{ mariadb_name }}"
    image: "{{ mariadb_image }}:{{ mariadb_version}}"
    detach: yes
    env:
      MARIADB_ROOT_PASSWORD:  "{{ mariadb_root_pwd }}"
      MARIADB_AUTO_UPGRADE:   "1"
    networks:
      - name: "{{ mariadb_network_name }}"
    volumes:
      - "{{ mariadb_volume }}:/var/lib/mysql"
    published_ports:
      - "127.0.0.1:{{ mariadb_port }}:3306" # can be that this will be removed if all applications use sockets
    command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud
    restart_policy: "{{ DOCKER_RESTART_POLICY }}"
    healthcheck:
      test: "/usr/bin/mariadb --user=root --password={{ mariadb_root_pwd }} --execute \"SHOW DATABASES;\""
      interval: 10s
      timeout: 5s
      retries: 18
  register: setup_mariadb_container_result
 - name: install python-mysqlclient
  pacman: 
    name: python-mysqlclient
    state: present
 - name: "Wait until the MariaDB container with hostname '{{ mariadb_name }}' is healthy"
  community.docker.docker_container_info:
    name: "{{ mariadb_name }}"
  register: db_info
  until:
  - db_info.container is defined
  - db_info.container.State.Health.Status == "healthy"
  retries: 30
  delay: 5
  when:
    - setup_mariadb_container_result is defined
    - setup_mariadb_container_result.changed
--- a/roles/svc-db-mariadb/tasks/02_init.yml
+++ b/roles/svc-db-mariadb/tasks/02_init.yml
--- a/roles/svc-db-mariadb/tasks/main.yml
+++ b/roles/svc-db-mariadb/tasks/main.yml
@ -1,60 +1,8 @@
- name: Create Docker network for MariaDB
+- block:
-  docker_network:
+  - include_tasks: 01_core.yml
-    name: "{{ mariadb_network_name }}"
+  - include_tasks: utils/run_once.yml
    state: present
    ipam_config:
      - subnet: "{{ mariadb_subnet }}"
  when: run_once_svc_db_mariadb is not defined
 - name: install MariaDB
  docker_container:
    name: "{{ mariadb_name }}"
    image: "{{ mariadb_image }}:{{ mariadb_version}}"
    detach: yes
    env:
      MARIADB_ROOT_PASSWORD:  "{{ mariadb_root_pwd }}"
      MARIADB_AUTO_UPGRADE:   "1"
    networks:
      - name: "{{ mariadb_network_name }}"
    volumes:
      - "{{ mariadb_volume }}:/var/lib/mysql"
    published_ports:
      - "127.0.0.1:{{ mariadb_port }}:3306" # can be that this will be removed if all applications use sockets
    command: "--transaction-isolation=READ-COMMITTED --binlog-format=ROW" #for nextcloud
    restart_policy: "{{ DOCKER_RESTART_POLICY }}"
    healthcheck:
      test: "/usr/bin/mariadb --user=root --password={{ mariadb_root_pwd }} --execute \"SHOW DATABASES;\""
      interval: 10s
      timeout: 5s
      retries: 18
  when: run_once_svc_db_mariadb is not defined
  register: setup_mariadb_container_result
 - name: install python-mysqlclient
  pacman: 
    name: python-mysqlclient
    state: present
  when: run_once_svc_db_mariadb is not defined
 - name: "Wait until the MariaDB container with hostname '{{ mariadb_name }}' is healthy"
  community.docker.docker_container_info:
    name: "{{ mariadb_name }}"
  register: db_info
  until:
  - db_info.container is defined
  - db_info.container.State.Health.Status == "healthy"
  retries: 30
  delay: 5
  when:
    - setup_mariadb_container_result is defined
    - setup_mariadb_container_result.changed
    - run_once_svc_db_mariadb is not defined
 - name: "Initialize database for '{{ database_name }}'"
-  include_tasks: init.yml
+  include_tasks: 02_init.yml
-  when: "{{ mariadb_init }}"
+  when: "{{ mariadb_init }}"
 - name: run the docker_mariadb tasks once
  set_fact:
    run_once_svc_db_mariadb: true
  when: run_once_svc_db_mariadb is not defined
--- a/roles/svc-db-postgres/tasks/01_core.yml
+++ b/roles/svc-db-postgres/tasks/01_core.yml
@ -0,0 +1,22 @@
 - name: Create Docker network for PostgreSQL
  docker_network:
    name: "{{ postgres_network_name }}"
    state: present
    ipam_config:
      - subnet: "{{ postgres_subnet }}"
 - name: "include docker-compose role"
  include_role: 
    name: docker-compose
 - name: Wait for Postgres inside the container
  shell: "docker exec {{ postgres_name }} pg_isready -U postgres"
  register: pg_ready
  until: pg_ready.rc == 0
  retries: 30
  delay: 5
 - name: install python-psycopg2
  pacman: 
    name: python-psycopg2
    state: present
--- a/roles/svc-db-postgres/tasks/02_init.yml
+++ b/roles/svc-db-postgres/tasks/02_init.yml
--- a/roles/svc-db-postgres/tasks/main.yml
+++ b/roles/svc-db-postgres/tasks/main.yml
@ -1,27 +1,5 @@
 - block:
-  - name: Create Docker network for PostgreSQL
+  - include_tasks: 01_core.yml
    docker_network:
      name: "{{ postgres_network_name }}"
      state: present
      ipam_config:
        - subnet: "{{ postgres_subnet }}"
  - name: "include docker-compose role"
    include_role: 
      name: docker-compose
  - name: Wait for Postgres inside the container
    shell: "docker exec {{ postgres_name }} pg_isready -U postgres"
    register: pg_ready
    until: pg_ready.rc == 0
    retries: 30
    delay: 5
  - name: install python-psycopg2
    pacman: 
      name: python-psycopg2
      state: present
  - include_tasks: utils/run_once.yml
  when: run_once_svc_db_postgres is not defined
@ -31,5 +9,5 @@
    handler_role_name: "docker-compose"
 - name: "Initialize database for '{{ database_name }}'"
-  include_tasks: init.yml
+  include_tasks: 02_init.yml
  when: "{{ postgres_init }}"
--- a/roles/sys-bkp-docker-2-loc/tasks/01_core.yml
+++ b/roles/sys-bkp-docker-2-loc/tasks/01_core.yml
@ -0,0 +1,28 @@
 - include_tasks: 02_pkgmgr_routines.yml
  when: backup_docker_to_local_folder is not defined
 - name: "reset (if enabled)"
  include_tasks: 03_reset.yml
  when: mode_reset | bool
 - name: configure sys-bkp-docker-2-loc-everything.infinito.service
  template: 
    src: sys-bkp-docker-2-loc-everything.service.j2
    dest: /etc/systemd/system/sys-bkp-docker-2-loc-everything.infinito.service
  notify: reload sys-bkp-docker-2-loc-everything.infinito.service
 - name: configure sys-bkp-docker-2-loc.infinito.service
  template: 
    src: sys-bkp-docker-2-loc.service.j2
    dest: /etc/systemd/system/sys-bkp-docker-2-loc.infinito.service
  notify: reload sys-bkp-docker-2-loc.infinito.service
 - name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
 - name: "include role for sys-timer for {{service_name}}"
  include_role:
    name: sys-timer
  vars:
    on_calendar:  "{{on_calendar_backup_docker_to_local}}"
--- a/roles/sys-bkp-docker-2-loc/tasks/02_pkgmgr_routines.yml
+++ b/roles/sys-bkp-docker-2-loc/tasks/02_pkgmgr_routines.yml
--- a/roles/sys-bkp-docker-2-loc/tasks/03_reset.yml
+++ b/roles/sys-bkp-docker-2-loc/tasks/03_reset.yml
--- a/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml
+++ b/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml
@ -1,4 +1,4 @@
- include_tasks: 01_pkgmgr_routines.yml
+- include_tasks: 02_pkgmgr_routines.yml
  when: backup_docker_to_local_folder is not defined
 - name: "Display all database variables"
--- a/roles/sys-bkp-docker-2-loc/tasks/main.yml
+++ b/roles/sys-bkp-docker-2-loc/tasks/main.yml
@ -1,39 +1,11 @@
 - block:
-    - include_tasks: 01_pkgmgr_routines.yml
+    - include_tasks: 01_core.yml
-      when: backup_docker_to_local_folder is not defined
+    - include_tasks: utils/run_once.yml
    - name: "reset (if enabled)"
      include_tasks: 02_reset.yml
      when: mode_reset | bool
    - name: configure sys-bkp-docker-2-loc-everything.infinito.service
      template: 
        src: sys-bkp-docker-2-loc-everything.service.j2
        dest: /etc/systemd/system/sys-bkp-docker-2-loc-everything.infinito.service
      notify: reload sys-bkp-docker-2-loc-everything.infinito.service
    - name: configure sys-bkp-docker-2-loc.infinito.service
      template: 
        src: sys-bkp-docker-2-loc.service.j2
        dest: /etc/systemd/system/sys-bkp-docker-2-loc.infinito.service
      notify: reload sys-bkp-docker-2-loc.infinito.service
    - name: "set 'service_name' to '{{ role_name }}'"
      set_fact:
        service_name: "{{ role_name }}"
    - name: "include role for sys-timer for {{service_name}}"
      include_role:
        name: sys-timer
      vars:
        on_calendar:  "{{on_calendar_backup_docker_to_local}}"
    - include_tasks: "{{ playbook_dir }}/tasks/utils/load_handlers.yml"
  when: 
    - run_once_sys_bkp_docker_2_loc is not defined
    - database_enabled | bool
- name: "include 03_seed-database-to-backup.yml"
+- name: "include 04_seed-database-to-backup.yml"
-  include_tasks: 03_seed-database-to-backup.yml
+  include_tasks: 04_seed-database-to-backup.yml
  when:
    - database_enabled | bool
--- a/roles/sys-cln-disc-space/vars/main.yml
+++ b/roles/sys-cln-disc-space/vars/main.yml
@ -1 +1 @@
-cleanup_disc_space_folder: '{{path_administrator_scripts}}sys-cln-disc-space/'
+cleanup_disc_space_folder: '{{ path_administrator_scripts }}sys-cln-disc-space/'
--- a/roles/sys-rpr-docker-hard/tasks/01_core.yml
+++ b/roles/sys-rpr-docker-hard/tasks/01_core.yml
@ -0,0 +1,26 @@
 - name: "create {{restart_docker_folder}}"
  file:
    path: "{{restart_docker_folder}}"
    state: directory
    mode: 0755
 - name: create {{restart_docker_script}}
  copy:
    src: sys-rpr-docker-hard.py
    dest: "{{restart_docker_script}}"
 - name: configure sys-rpr-docker-hard.infinito.service
  template: 
    src: sys-rpr-docker-hard.service.j2
    dest: /etc/systemd/system/sys-rpr-docker-hard.infinito.service
  notify: "reload sys-rpr-docker-hard.infinito.service"
 - name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
 - name: "include role for sys-timer for {{service_name}}"
  include_role:
    name: sys-timer
  vars:
    on_calendar:  "{{on_calendar_restart_docker}}"
--- a/roles/sys-rpr-docker-hard/tasks/main.yml
+++ b/roles/sys-rpr-docker-hard/tasks/main.yml
@ -1,30 +1,4 @@
 - block:
-  - name: "create {{restart_docker_folder}}"
+    - include_tasks: 01_core.yml
-    file:
+    - include_tasks: utils/run_once.yml
      path: "{{restart_docker_folder}}"
      state: directory
      mode: 0755
  - name: create {{restart_docker_script}}
    copy:
      src: sys-rpr-docker-hard.py
      dest: "{{restart_docker_script}}"
  - name: configure sys-rpr-docker-hard.infinito.service
    template: 
      src: sys-rpr-docker-hard.service.j2
      dest: /etc/systemd/system/sys-rpr-docker-hard.infinito.service
    notify: "reload sys-rpr-docker-hard.infinito.service"
  - name: "set 'service_name' to '{{ role_name }}'"
    set_fact:
      service_name: "{{ role_name }}"
  - name: "include role for sys-timer for {{service_name}}"
    include_role:
      name: sys-timer
    vars:
      on_calendar:  "{{on_calendar_restart_docker}}"
  - include_tasks: utils/run_once.yml
  when: run_once_sys_rpr_docker_hard is not defined
--- a/roles/web-app-bigbluebutton/tasks/main.yml
+++ b/roles/web-app-bigbluebutton/tasks/main.yml
@ -3,8 +3,8 @@
  include_role:
    name: cmp-docker-proxy
- name: "include 03_seed-database-to-backup.yml"
+- name: "include 04_seed-database-to-backup.yml"
-  include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/03_seed-database-to-backup.yml"
+  include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml"
 - name: configure websocket_upgrade.conf
  copy: 
--- a/roles/web-app-discourse/tasks/01_core.yml
+++ b/roles/web-app-discourse/tasks/01_core.yml
@ -0,0 +1,75 @@
 - name: "reset (if enabled)"
  include_tasks: 02_reset.yml
  when: mode_reset | bool
 # Necessary for building: https://chat.openai.com/share/99d258cc-294b-4924-8eef-02fe419bb838
 - name: install which
  pacman:
    name: which
    state: present
 - name: "load docker, db and proxy for {{application_id}}"
  include_role: 
    name: cmp-db-docker-proxy
 - name: pull docker repository
  git:
    repo: "https://github.com/discourse/discourse_docker.git"
    dest: "{{docker_repository_directory }}"
    update: yes
  notify: recreate discourse
  become: true
  ignore_errors: true
 - name: set chmod 700 for {{docker_repository_directory }}containers
  ansible.builtin.file:
    path: "{{docker_repository_directory }}/containers"
    mode: '700'
    state: directory
 - name: "copy configuration to {{discourse_application_yml_destination}}"
  template: 
    src: config.yml.j2
    dest: "{{ discourse_application_yml_destination }}"
    mode: '0640'
  notify: recreate discourse
 - name: "Verify that '{{ discourse_container }}' is running"
  command:      docker compose ps --filter status=running --format '{{"{{"}}.Name{{"}}"}}' | grep -x {{ discourse_container }}
  register:     docker_ps
  changed_when: docker_ps.rc == 1
  failed_when:  docker_ps.rc not in [0, 1]
  notify:       recreate discourse
 - name: flush, to recreate discourse app
  meta: flush_handlers
 - name: Set error string for network already exists
  set_fact:
    docker_discourse_already_in_net: "Error response from daemon: endpoint with name {{ discourse_container }} already exists in network {{ discourse_pg_network }}"
 - name: "Connect {{ discourse_container }} to network {{ discourse_pg_network }}"
  command: >
    docker network connect {{ discourse_pg_network }} {{ discourse_container }}
  register: network_connect
  failed_when: >
    network_connect.rc != 0 and
    docker_discourse_already_in_net not in network_connect.stderr
  changed_when: network_connect.rc == 0
  when:
    - applications | get_app_conf(application_id, 'features.central_database', False)
 - name: Set error string for network not connected
  set_fact:
    docker_discourse_not_connected: 'is not connected to network {{ discourse_network }}'
 - name: "Remove {{ discourse_network }} from {{ database_host }}"
  command: >
    docker network disconnect {{ discourse_network }} {{ database_host }}
  register: network_disconnect
  failed_when: >
    network_disconnect.rc != 0 and
    docker_discourse_not_connected not in network_disconnect.stderr
  changed_when: network_disconnect.rc == 0
  when:
    - applications | get_app_conf(application_id, 'features.central_database', False)
--- a/roles/web-app-discourse/tasks/02_reset.yml
+++ b/roles/web-app-discourse/tasks/02_reset.yml
--- a/roles/web-app-discourse/tasks/main.yml
+++ b/roles/web-app-discourse/tasks/main.yml
@ -2,80 +2,5 @@
 - name: "Setup {{ application_id }}"
  when: run_once_web_app_discourse is not defined
  block:
-  - name: "reset (if enabled)"
+  - include_tasks: 01_core.yml
    include_tasks: reset.yml 
    when: mode_reset | bool
  # Necessary for building: https://chat.openai.com/share/99d258cc-294b-4924-8eef-02fe419bb838
  - name: install which
    pacman:
      name: which
      state: present
  - name: "load docker, db and proxy for {{application_id}}"
    include_role: 
      name: cmp-db-docker-proxy
  - name: pull docker repository
    git:
      repo: "https://github.com/discourse/discourse_docker.git"
      dest: "{{docker_repository_directory }}"
      update: yes
    notify: recreate discourse
    become: true
    ignore_errors: true
  - name: set chmod 700 for {{docker_repository_directory }}containers
    ansible.builtin.file:
      path: "{{docker_repository_directory }}/containers"
      mode: '700'
      state: directory
  - name: "copy configuration to {{discourse_application_yml_destination}}"
    template: 
      src: config.yml.j2
      dest: "{{ discourse_application_yml_destination }}"
      mode: '0640'
    notify: recreate discourse
  - name: "Verify that '{{ discourse_container }}' is running"
    command:      docker compose ps --filter status=running --format '{{"{{"}}.Name{{"}}"}}' | grep -x {{ discourse_container }}
    register:     docker_ps
    changed_when: docker_ps.rc == 1
    failed_when:  docker_ps.rc not in [0, 1]
    notify:       recreate discourse
  - name: flush, to recreate discourse app
    meta: flush_handlers
  - name: Set error string for network already exists
    set_fact:
      docker_discourse_already_in_net: "Error response from daemon: endpoint with name {{ discourse_container }} already exists in network {{ discourse_pg_network }}"
  - name: "Connect {{ discourse_container }} to network {{ discourse_pg_network }}"
    command: >
      docker network connect {{ discourse_pg_network }} {{ discourse_container }}
    register: network_connect
    failed_when: >
      network_connect.rc != 0 and
      docker_discourse_already_in_net not in network_connect.stderr
    changed_when: network_connect.rc == 0
    when:
      - applications | get_app_conf(application_id, 'features.central_database', False)
  - name: Set error string for network not connected
    set_fact:
      docker_discourse_not_connected: 'is not connected to network {{ discourse_network }}'
  - name: "Remove {{ discourse_network }} from {{ database_host }}"
    command: >
      docker network disconnect {{ discourse_network }} {{ database_host }}
    register: network_disconnect
    failed_when: >
      network_disconnect.rc != 0 and
      docker_discourse_not_connected not in network_disconnect.stderr
    changed_when: network_disconnect.rc == 0
    when:
      - applications | get_app_conf(application_id, 'features.central_database', False)
  - include_tasks: utils/run_once.yml
--- a/roles/web-app-espocrm/tasks/01_patch_config.yml
+++ b/roles/web-app-espocrm/tasks/01_patch_config.yml
@ -0,0 +1,23 @@
 - name: Update DB host
  command: >
    docker exec --user root {{ espocrm_name }}
    sed -i "s/'host' => .*/'host' => '{{ database_host }}',/" {{ espocrm_config_file }}
  notify: docker compose up
 - name: Update DB name
  command: >
    docker exec --user root {{ espocrm_name }}
    sed -i "s/'dbname' => .*/'dbname' => '{{ database_name }}',/" {{ espocrm_config_file }}
  notify: docker compose up
 - name: Update DB user
  command: >
    docker exec --user root {{ espocrm_name }}
    sed -i "s/'user' => .*/'user' => '{{ database_username }}',/" {{ espocrm_config_file }}
  notify: docker compose up
 - name: Update DB password
  command: >
    docker exec --user root {{ espocrm_name }}
    sed -i "s/'password' => .*/'password' => '{{ database_password }}',/" {{ espocrm_config_file }}
  notify: docker compose up
--- a/roles/web-app-espocrm/tasks/database.yml
+++ b/roles/web-app-espocrm/tasks/database.yml
@ -1,32 +0,0 @@
 - name: Check if config.php exists in EspoCRM
  command: docker exec --user root {{ espocrm_name }} test -f {{ espocrm_config_file }}
  register: config_file_exists
  changed_when: false
  failed_when: false
 - name: Patch EspoCRM config.php with updated DB credentials
  when: config_file_exists.rc == 0
  block:
    - name: Update DB host
      command: >
        docker exec --user root {{ espocrm_name }}
        sed -i "s/'host' => .*/'host' => '{{ database_host }}',/" {{ espocrm_config_file }}
      notify: docker compose up
    - name: Update DB name
      command: >
        docker exec --user root {{ espocrm_name }}
        sed -i "s/'dbname' => .*/'dbname' => '{{ database_name }}',/" {{ espocrm_config_file }}
      notify: docker compose up
    - name: Update DB user
      command: >
        docker exec --user root {{ espocrm_name }}
        sed -i "s/'user' => .*/'user' => '{{ database_username }}',/" {{ espocrm_config_file }}
      notify: docker compose up
    - name: Update DB password
      command: >
        docker exec --user root {{ espocrm_name }}
        sed -i "s/'password' => .*/'password' => '{{ database_password }}',/" {{ espocrm_config_file }}
      notify: docker compose up
--- a/roles/web-app-espocrm/tasks/main.yml
+++ b/roles/web-app-espocrm/tasks/main.yml
@ -3,8 +3,15 @@
  include_role: 
    name: cmp-db-docker-proxy
- name: Update database credentials
+- name: Check if config.php exists in EspoCRM
-  include_tasks: database.yml
+  command: docker exec --user root {{ espocrm_name }} test -f {{ espocrm_config_file }}
  register: config_file_exists
  changed_when: false
  failed_when: false
 - name: Patch EspoCRM config.php with updated DB credentials
  include_tasks: 01_patch_config.yml
  when: config_file_exists.rc == 0
 - name: Flush handlers to make DB available before password reset
  meta: flush_handlers
--- a/roles/web-app-friendica/tasks/02_database.yml
+++ b/roles/web-app-friendica/tasks/02_database.yml
@ -1,35 +0,0 @@
 - name: flush handlers to ensure that friendica is up before friendica addon configuration
  meta: flush_handlers
 - name: Check if Friendica local.config.php exists
  command: docker exec --user {{ friendica_user }} {{ friendica_container }} test -f {{ friendica_config_file }}
  register: friendica_config_exists
  changed_when: false
  failed_when: false
 - name: Patch Friendica local.config.php with updated DB credentials
  when: friendica_config_exists.rc == 0
  block:
    - name: Update DB host
      command: >
        docker exec --user {{ friendica_user }} {{ friendica_container }}
        sed -ri "s/('hostname'\s*=>\s*')[^']*(',)/\1{{ database_host }}:{{ database_port }}\2/" {{ friendica_config_file }}
      notify: docker compose up
    - name: Update DB name
      command: >
        docker exec --user {{ friendica_user }} {{ friendica_container }}
        sed -ri "s/('database'\s*=>\s*')[^']*(',)/\1{{ database_name }}\2/" {{ friendica_config_file }}
      notify: docker compose up
    - name: Update DB user
      command: >
        docker exec --user {{ friendica_user }} {{ friendica_container }}
        sed -ri "s/('username'\s*=>\s*')[^']*(',)/\1{{ database_username }}\2/" {{ friendica_config_file }}
      notify: docker compose up
    - name: Update DB password
      command: >
        docker exec --user {{ friendica_user }} {{ friendica_container }}
        sed -ri "s/('password'\s*=>\s*')[^']*(',)/\1{{ database_password }}\2/" {{ friendica_config_file }}
      notify: docker compose up
--- a/roles/web-app-friendica/tasks/02_patch_config.yml
+++ b/roles/web-app-friendica/tasks/02_patch_config.yml
@ -0,0 +1,23 @@
 - name: Update DB host
  command: >
    docker exec --user {{ friendica_user }} {{ friendica_container }}
    sed -ri "s/('hostname'\s*=>\s*')[^']*(',)/\1{{ database_host }}:{{ database_port }}\2/" {{ friendica_config_file }}
  notify: docker compose up
 - name: Update DB name
  command: >
    docker exec --user {{ friendica_user }} {{ friendica_container }}
    sed -ri "s/('database'\s*=>\s*')[^']*(',)/\1{{ database_name }}\2/" {{ friendica_config_file }}
  notify: docker compose up
 - name: Update DB user
  command: >
    docker exec --user {{ friendica_user }} {{ friendica_container }}
    sed -ri "s/('username'\s*=>\s*')[^']*(',)/\1{{ database_username }}\2/" {{ friendica_config_file }}
  notify: docker compose up
 - name: Update DB password
  command: >
    docker exec --user {{ friendica_user }} {{ friendica_container }}
    sed -ri "s/('password'\s*=>\s*')[^']*(',)/\1{{ database_password }}\2/" {{ friendica_config_file }}
  notify: docker compose up
--- a/roles/web-app-friendica/tasks/main.yml
+++ b/roles/web-app-friendica/tasks/main.yml
@ -7,8 +7,19 @@
  include_tasks: 01_ldap.yml
  when: applications | get_app_conf(application_id, 'features.ldap', False)
- name: Update Friendica DB credentials
+# General
-  include_tasks: 02_database.yml
+- name: "flush handlers to ensure that '{{ friendica_container }}' is up before executing container tasks"
  meta: flush_handlers
 - name: Check if Friendica local.config.php exists
  command: docker exec --user {{ friendica_user }} {{ friendica_container }} test -f {{ friendica_config_file }}
  register: friendica_config_exists
  changed_when: false
  failed_when: false
 - name: Patch Friendica local.config.php with updated DB credentials
  include_tasks: 02_patch_config.yml
  when: friendica_config_exists.rc == 0
 - name: Add Friendica Add Ons
  include_tasks: 03_addons.yml
--- a/roles/web-app-mailu/tasks/01_core.yml
+++ b/roles/web-app-mailu/tasks/01_core.yml
@ -0,0 +1,36 @@
 - name: "load docker, db and proxy for {{application_id}}"
  include_role: 
    name: cmp-db-docker-proxy
 - name: "Include the srv-proxy-6-6-tls-deploy role"
  include_role:
    name: srv-proxy-6-6-tls-deploy
 - name: Flush docker service handlers
  meta: flush_handlers
 - name: "Create Mailu accounts"
  include_tasks: 02_create-mailu-user.yml
  vars:
    mailu_compose_dir:        "{{ docker_compose.directories.instance }}"
    mailu_domain:             "{{ primary_domain }}"
    mailu_api_base_url:       "http://127.0.0.1:8080/api/v1"
    mailu_global_api_token:   "{{ applications | get_app_conf(application_id, 'credentials.api_token') }}"
    mailu_action: >-
      {{
        (
          'administrator' in (item.value.get('roles', []))
        )
        | ternary('admin','user')
      }}
    mailu_user_key:           "{{ item.key }}"
    mailu_user_name:          "{{ item.value.username }}"
    mailu_password:           "{{ item.value.password }}"
    mailu_token_ip:           "{{ item.value.ip | default('') }}"
  loop:                       "{{ users | dict2items }}"
  loop_control:
    loop_var: item
 - name: Set Mailu DNS records
  include_tasks: 04_set-mailu-dns-records.yml
  when: dns_provider == 'cloudflare'
--- a/roles/web-app-mailu/tasks/01_00_create-mailu-user.yml
+++ b/roles/web-app-mailu/tasks/01_00_create-mailu-user.yml
@ -23,5 +23,5 @@
  when: "'mail-bot' in item.value.roles or 'administrator' in item.value.roles"
 - name: "Create Mailu API Token for {{ mailu_user_name }}"
-  include_tasks: 01_0A_create-mailu-token.yml
+  include_tasks: 03_create-mailu-token.yml
  when: "{{ 'mail-bot' in item.value.roles }}"
--- a/roles/web-app-mailu/tasks/01_0A_create-mailu-token.yml
+++ b/roles/web-app-mailu/tasks/01_0A_create-mailu-token.yml
--- a/roles/web-app-mailu/tasks/02_00_set-mailu-dns-records.yml
+++ b/roles/web-app-mailu/tasks/02_00_set-mailu-dns-records.yml
@ -2,7 +2,7 @@
  include_vars: vars/mailu-dns.yml
 - name: Generate DKIM public key
-  include_tasks: 02_0A_generate-and-read-dkim.yml
+  include_tasks: 05_generate-and-read-dkim.yml
 - name: "Set A record for mail server"
  community.general.cloudflare_dns:
--- a/roles/web-app-mailu/tasks/02_0A_generate-and-read-dkim.yml
+++ b/roles/web-app-mailu/tasks/02_0A_generate-and-read-dkim.yml
--- a/roles/web-app-mailu/tasks/main.yml
+++ b/roles/web-app-mailu/tasks/main.yml
@ -1,41 +1,5 @@
 ---
 - block:
-    - name: "load docker, db and proxy for {{application_id}}"
+    - include_tasks: 01_core.yml
      include_role: 
        name: cmp-db-docker-proxy
    - name: "Include the srv-proxy-6-6-tls-deploy role"
      include_role:
        name: srv-proxy-6-6-tls-deploy
    - name: Flush docker service handlers
      meta: flush_handlers
    - name: "Create Mailu accounts"
      include_tasks: 01_00_create-mailu-user.yml
      vars:
        mailu_compose_dir:        "{{ docker_compose.directories.instance }}"
        mailu_domain:             "{{ primary_domain }}"
        mailu_api_base_url:       "http://127.0.0.1:8080/api/v1"
        mailu_global_api_token:   "{{ applications | get_app_conf(application_id, 'credentials.api_token') }}"
        mailu_action: >-
          {{
            (
              'administrator' in (item.value.get('roles', []))
            )
            | ternary('admin','user')
          }}
        mailu_user_key:           "{{ item.key }}"
        mailu_user_name:          "{{ item.value.username }}"
        mailu_password:           "{{ item.value.password }}"
        mailu_token_ip:           "{{ item.value.ip | default('') }}"
      loop:                       "{{ users | dict2items }}"
      loop_control:
        loop_var: item
    - name: Set Mailu DNS records
      include_tasks: 02_00_set-mailu-dns-records.yml
      when: dns_provider == 'cloudflare'
    - include_tasks: utils/run_once.yml
  when: run_once_web_app_mailu is not defined
--- a/roles/web-app-matrix/tasks/create-and-seed-database.yml
+++ b/roles/web-app-matrix/tasks/create-and-seed-database.yml
@ -9,5 +9,5 @@
    name: svc-db-postgres
  when: applications | get_app_conf(application_id, 'features.central_database', False)
- name: "include 03_seed-database-to-backup.yml"
+- name: "include 04_seed-database-to-backup.yml"
-  include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/03_seed-database-to-backup.yml"
+  include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml"
--- a/roles/web-app-mig/tasks/01_core.yml
+++ b/roles/web-app-mig/tasks/01_core.yml
@ -0,0 +1,26 @@
 - name: Load docker compose vars
  include_vars:
    file: roles/docker-compose/vars/docker-compose.yml
    name: mig_docker_compose
 - name: Set roles volume variable
  set_fact:
    mig_roles_meta_volume:  "{{ mig_docker_compose.docker_compose.directories.volumes }}/roles/"
 - name: Set roles list variable
  set_fact:
    mig_roles_meta_list:    "{{ mig_roles_meta_volume }}list.json"
 - name: "load docker, proxy for '{{application_id}}'"
  include_role:
    name: cmp-docker-proxy
 - name: Create tree
  command: "infinito build tree --no-signal --alarm-timeout 0 -s {{  mig_roles_meta_volume }}"
  when: 
    - mig_build_data
 - name: Create roles list
  command: "infinito build roles_list --no-signal --alarm-timeout 0 -o {{ mig_roles_meta_list }}"
  when: 
    - mig_build_data
--- a/roles/web-app-mig/tasks/main.yml
+++ b/roles/web-app-mig/tasks/main.yml
@ -1,31 +1,6 @@
 ---
 - block: 
-  - name: Load docker compose vars
+  - include_tasks: 01_core.yml
    include_vars:
      file: roles/docker-compose/vars/docker-compose.yml
      name: mig_docker_compose
  - name: Set roles volume variable
    set_fact:
      mig_roles_meta_volume:  "{{ mig_docker_compose.docker_compose.directories.volumes }}/roles/"
  - name: Set roles list variable
    set_fact:
      mig_roles_meta_list:    "{{ mig_roles_meta_volume }}list.json"
  - name: "load docker, proxy for '{{application_id}}'"
    include_role:
      name: cmp-docker-proxy
  - name: Create tree
    command: "infinito build tree --no-signal --alarm-timeout 0 -s {{  mig_roles_meta_volume }}"
    when: 
      - mig_build_data
  - name: Create roles list
    command: "infinito build roles_list --no-signal --alarm-timeout 0 -o {{ mig_roles_meta_list }}"
    when: 
      - mig_build_data
  - include_tasks: utils/run_once.yml
  name: "Setup Meta Infinite Graph"
  when: run_once_web_app_mig is not defined
--- a/roles/web-app-moodle/tasks/01_patch_config.yml
+++ b/roles/web-app-moodle/tasks/01_patch_config.yml
@ -1,48 +1,24 @@
- name: Check if config.php exists
+- name: Update DB host
-  command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }}
+  command: >
-  register: config_file_exists
+    docker exec --user root {{ moodle_container }}
-  changed_when: false
+    sed -i "s/^\$CFG->dbhost *= *.*/\$CFG->dbhost = '{{ database_host }}';/" {{ moodle_config }}
  failed_when: false
- name: Backup config.php to host
+- name: Update DB name
-  when: config_file_exists.rc == 0
+  command: >
-  block:
+    docker exec --user root {{ moodle_container }}
-    - name: Create backup directory on host
+    sed -i "s/^\$CFG->dbname *= *.*/\$CFG->dbname = '{{ database_name }}';/" {{ moodle_config }}
      ansible.builtin.file:
        path: "/opt/docker/moodle/_backup"
        state: directory
        mode: "0755"
- name: Check if config.php exists
+- name: Update DB user
-  command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }}
+  command: >
-  register: config_file_exists
+    docker exec --user root {{ moodle_container }}
-  changed_when: false
+    sed -i "s/^\$CFG->dbuser *= *.*/\$CFG->dbuser = '{{ database_username }}';/" {{ moodle_config }}
  failed_when: false
- name: Patch Moodle config.php with updated DB and wwwroot credentials
+- name: Update DB password
-  when: config_file_exists.rc == 0
+  command: >
-  block:
+    docker exec --user root {{ moodle_container }}
-    - name: Update DB host
+    sed -i "s/^\$CFG->dbpass *= *.*/\$CFG->dbpass = '{{ database_password }}';/" {{ moodle_config }}
      command: >
        docker exec --user root {{ moodle_container }}
        sed -i "s/^\$CFG->dbhost *= *.*/\$CFG->dbhost = '{{ database_host }}';/" {{ moodle_config }}
-    - name: Update DB name
+- name: Update CFG->wwwroot via sed in container
-      command: >
+  command: >
-        docker exec --user root {{ moodle_container }}
+    docker exec --user root {{ moodle_container }}
-        sed -i "s/^\$CFG->dbname *= *.*/\$CFG->dbname = '{{ database_name }}';/" {{ moodle_config }}
+    sed -i -E "s|^(\$CFG->wwwroot[[:space:]]*=[[:space:]]*).*$|\1'{{ domains | get_url(application_id, WEB_PROTOCOL) }}';|" {{ moodle_config }}
    - name: Update DB user
      command: >
        docker exec --user root {{ moodle_container }}
        sed -i "s/^\$CFG->dbuser *= *.*/\$CFG->dbuser = '{{ database_username }}';/" {{ moodle_config }}
    - name: Update DB password
      command: >
        docker exec --user root {{ moodle_container }}
        sed -i "s/^\$CFG->dbpass *= *.*/\$CFG->dbpass = '{{ database_password }}';/" {{ moodle_config }}
    - name: Update CFG->wwwroot via sed in container
      command: >
        docker exec --user root {{ moodle_container }}
        sed -i -E "s|^(\$CFG->wwwroot[[:space:]]*=[[:space:]]*).*$|\1'{{ domains | get_url(application_id, WEB_PROTOCOL) }}';|" {{ moodle_config }}
--- a/roles/web-app-moodle/tasks/main.yml
+++ b/roles/web-app-moodle/tasks/main.yml
@ -3,8 +3,21 @@
  include_role: 
    name: cmp-db-docker-proxy
 - name: Check if config.php exists
  command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }}
  register: config_file_exists
  changed_when: false
  failed_when: false
 - name: Check if config.php exists
  command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }}
  register: config_file_exists
  changed_when: false
  failed_when: false
 - name: "Update database credentials"
  include_tasks: 01_patch_config.yml
  when: config_file_exists.rc == 0
 - name: flush docker service
  meta: flush_handlers
--- a/roles/web-app-nextcloud/tasks/02_plugin.yml
+++ b/roles/web-app-nextcloud/tasks/02_plugin.yml
@ -1,74 +1,9 @@
- name: "Disable incompatible plugins for {{plugin_key}}."
+- block:
-  command: "{{nextcloud_docker_exec_occ}} app:disable {{incompatible_plugin}}"
+    - include_tasks: 03_plugin_routines.yml
-  loop: "{{plugin_value.incompatible_plugins}}"
+  when: plugin_value.enabled | bool
  loop_control: 
    loop_var: incompatible_plugin
  register: disable_incompatible_plugin_result
  changed_when: disable_incompatible_plugin_result.rc == 0 and ("No such app enabled" not in disable_incompatible_plugin_result.stdout)
  when: 
    - plugin_value.incompatible_plugins is defined and plugin_value.incompatible_plugins | length > 0
    - plugin_value.enabled | bool
 - name: disable {{ plugin_key }} nextcloud plugin
  command: "{{nextcloud_docker_exec_occ}} app:disable {{ plugin_key }}"
  register: disable_result
  changed_when: disable_result.rc == 0 and ("No such app enabled" not in disable_result.stdout)
-  when: not (plugin_value.enabled | bool)
+  when: not (plugin_value.enabled | bool)
 - name: install {{ plugin_key }} nextcloud plugin
  command: "{{ nextcloud_docker_exec_occ }} app:install {{ plugin_key }}"
  register: install_result
  failed_when: >
    install_result.rc != 0
    and
    ("already installed" not in install_result.stdout)
    and
    ("not compatible with this version of the server" not in install_result.stdout)
  changed_when: >
    install_result.rc == 0
    and
    ("already installed" not in install_result.stdout)
  when: plugin_value.enabled | bool
 - block:
  - name: enable {{plugin_key}} nextcloud plugin
    command: "{{nextcloud_docker_exec_occ}} app:enable {{plugin_key}}"
    register: enable_result
    changed_when: enable_result.rc == 0 and ("already enabled" not in enable_result.stdout)
  - name: Check if {{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml exists
    stat:
      path: "{{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml"
    delegate_to: localhost
    become: false
    register: plugin_vars_file
  - name: "Load {{ plugin_key }} configuration variables"
    include_vars:
      file: "{{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml"
    when: plugin_vars_file.stat.exists
  - name: "Set {{ item.configkey }} for {{ item.appid }}"
    loop: "{{ plugin_configuration }}"
    command: >
      {{ nextcloud_docker_exec_occ }} config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'
    register: config_set_result
    changed_when: (config_set_result.stdout is defined) and ("Config value were not updated" not in config_set_result.stdout)
    when: plugin_vars_file.stat.exists
  - name: Check if {{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml exists
    stat:
      path: "{{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml"
    delegate_to: localhost
    become: false
    register: plugin_tasks_file
  - name: "include {{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml"
    include_tasks: "{{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml"
    when: plugin_tasks_file.stat.exists
  when:
    - plugin_value.enabled | bool
    - install_result is defined
    - >
      install_result.rc == 0
      or "already installed" in install_result.stdout
--- a/roles/web-app-nextcloud/tasks/03_plugin_routines.yml
+++ b/roles/web-app-nextcloud/tasks/03_plugin_routines.yml
@ -0,0 +1,31 @@
 - name: "Disable incompatible plugins for {{plugin_key}}."
  command: "{{nextcloud_docker_exec_occ}} app:disable {{incompatible_plugin}}"
  loop: "{{plugin_value.incompatible_plugins}}"
  loop_control: 
    loop_var: incompatible_plugin
  register: disable_incompatible_plugin_result
  changed_when: disable_incompatible_plugin_result.rc == 0 and ("No such app enabled" not in disable_incompatible_plugin_result.stdout)
  when:
    - plugin_value.incompatible_plugins is defined
    - plugin_value.incompatible_plugins | length > 0
 - name: install {{ plugin_key }} nextcloud plugin
  command: "{{ nextcloud_docker_exec_occ }} app:install {{ plugin_key }}"
  register: install_result
  failed_when: >
    install_result.rc != 0
    and
    ("already installed" not in install_result.stdout)
    and
    ("not compatible with this version of the server" not in install_result.stdout)
  changed_when: >
    install_result.rc == 0
    and
    ("already installed" not in install_result.stdout)
 - include_tasks: 04_plugin_enable_and_configure.yml
  when:
    - install_result is defined 
    - >
      install_result.rc == 0
      or "already installed" in install_result.stdout
--- a/roles/web-app-nextcloud/tasks/04_plugin_enable_and_configure.yml
+++ b/roles/web-app-nextcloud/tasks/04_plugin_enable_and_configure.yml
@ -0,0 +1,35 @@
 - name: enable {{plugin_key}} nextcloud plugin
  command: "{{nextcloud_docker_exec_occ}} app:enable {{plugin_key}}"
  register: enable_result
  changed_when: enable_result.rc == 0 and ("already enabled" not in enable_result.stdout)
 - name: Check if {{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml exists
  stat:
    path: "{{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml"
  delegate_to: localhost
  become: false
  register: plugin_vars_file
 - name: "Load {{ plugin_key }} configuration variables"
  include_vars:
    file: "{{nextcloud_control_node_plugin_vars_directory}}{{ plugin_key }}.yml"
  when: plugin_vars_file.stat.exists
 - name: "Set {{ item.configkey }} for {{ item.appid }}"
  loop: "{{ plugin_configuration }}"
  command: >
    {{ nextcloud_docker_exec_occ }} config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'
  register: config_set_result
  changed_when: (config_set_result.stdout is defined) and ("Config value were not updated" not in config_set_result.stdout)
  when: plugin_vars_file.stat.exists
 - name: Check if {{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml exists
  stat:
    path: "{{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml"
  delegate_to: localhost
  become: false
  register: plugin_tasks_file
 - name: "include {{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml"
  include_tasks: "{{nextcloud_control_node_plugin_tasks_directory}}{{ plugin_key }}.yml"
  when: plugin_tasks_file.stat.exists
--- a/roles/web-app-nextcloud/tasks/05_system.yml
+++ b/roles/web-app-nextcloud/tasks/05_system.yml
--- a/roles/web-app-nextcloud/tasks/main.yml
+++ b/roles/web-app-nextcloud/tasks/main.yml
@ -52,7 +52,7 @@
  when: nextcloud_plugins_enabled
 - name: Load system configuration
-  include_tasks: 03_system.yml
+  include_tasks: 05_system.yml
 - name: Add missing database indices in Nextcloud
  command: >
--- a/roles/web-app-port-ui/tasks/01_core.yml
+++ b/roles/web-app-port-ui/tasks/01_core.yml
@ -0,0 +1,60 @@
 - name: "Validate configuration"
  include_tasks: "02_validate.yml"
 - name: "load docker, proxy for '{{application_id}}'"
  include_role:
    name: cmp-docker-proxy
 - name: "Check if host-specific config.yaml exists in {{ config_inventory_path }}"
  stat:
    path: "{{ config_inventory_path }}"
  delegate_to: localhost
  become: false
  register: config_file
 - name: Load menu categories
  include_vars:
    file: "menu_categories.yml"
 - name: Load docker cards
  set_fact:
    portfolio_cards: "{{ lookup('docker_cards', 'roles') }}"
 - name: "Load images for applications feature simpleicons is enabled "
  set_fact:
    portfolio_cards: "{{ portfolio_cards | add_simpleicon_source(domains, WEB_PROTOCOL) }}"
  when:
    - (applications | get_app_conf(application_id, 'features.simpleicons', False))
 - name: Group docker cards
  set_fact:
    portfolio_menu_data: "{{ lookup('docker_cards_grouped', portfolio_cards, portfolio_menu_categories) }}"
 - name: Debug portfolio data
  debug:
    msg:
      portfolio_cards:            "{{ portfolio_cards }}"
      portfolio_menu_categories:  "{{ portfolio_menu_categories}}"
      portfolio_menu_data:        "{{ portfolio_menu_data }}"
      service_provider:           "{{ service_provider }}"
  when: enable_debug | bool
 - name: Copy host-specific config.yaml if it exists
  template:
    src: "{{ config_inventory_path }}"
    dest: "{{docker_repository_path}}/app/config.yaml"
  notify: docker compose up
  when: config_file.stat.exists
 - name: Copy default config.yaml from the role template if host-specific file does not exist
  template:
    src: "config.yaml.j2"
    dest: "{{docker_repository_path}}/app/config.yaml"
  notify: docker compose up
  when: not config_file.stat.exists
 - name: add docker-compose.yml
  template:
    src:  docker-compose.yml.j2 
    dest: "{docker_compose.directories.instance}}docker-compose.yml"
  notify: docker compose up
--- a/roles/web-app-port-ui/tasks/02_validate.yml
+++ b/roles/web-app-port-ui/tasks/02_validate.yml
--- a/roles/web-app-port-ui/tasks/main.yml
+++ b/roles/web-app-port-ui/tasks/main.yml
@ -1,65 +1,5 @@
 ---
 - block:
-  - name: "Validate configuration"
+    - include_tasks: 01_core.yml
-    include_tasks: "validate.yml"
+    - include_tasks: utils/run_once.yml
  - name: "load docker, proxy for '{{application_id}}'"
    include_role:
      name: cmp-docker-proxy
  - name: "Check if host-specific config.yaml exists in {{ config_inventory_path }}"
    stat:
      path: "{{ config_inventory_path }}"
    delegate_to: localhost
    become: false
    register: config_file
  - name: Load menu categories
    include_vars:
      file: "menu_categories.yml"
  - name: Load docker cards
    set_fact:
      portfolio_cards: "{{ lookup('docker_cards', 'roles') }}"
  - name: "Load images for applications feature simpleicons is enabled "
    set_fact:
      portfolio_cards: "{{ portfolio_cards | add_simpleicon_source(domains, WEB_PROTOCOL) }}"
    when:
      - (applications | get_app_conf(application_id, 'features.simpleicons', False))
  - name: Group docker cards
    set_fact:
      portfolio_menu_data: "{{ lookup('docker_cards_grouped', portfolio_cards, portfolio_menu_categories) }}"
  - name: Debug portfolio data
    debug:
      msg:
        portfolio_cards:            "{{ portfolio_cards }}"
        portfolio_menu_categories:  "{{ portfolio_menu_categories}}"
        portfolio_menu_data:        "{{ portfolio_menu_data }}"
        service_provider:           "{{ service_provider }}"
    when: enable_debug | bool
  - name: Copy host-specific config.yaml if it exists
    template:
      src: "{{ config_inventory_path }}"
      dest: "{{docker_repository_path}}/app/config.yaml"
    notify: docker compose up
    when: config_file.stat.exists
  - name: Copy default config.yaml from the role template if host-specific file does not exist
    template:
      src: "config.yaml.j2"
      dest: "{{docker_repository_path}}/app/config.yaml"
    notify: docker compose up
    when: not config_file.stat.exists
  - name: add docker-compose.yml
    template:
      src:  docker-compose.yml.j2 
      dest: "{docker_compose.directories.instance}}docker-compose.yml"
    notify: docker compose up
  - include_tasks: utils/run_once.yml
  when: run_once_web_app_port_ui is not defined
`@ -1 +1 @@`
	`cleanup_disc_space_folder: '{{path_administrator_scripts}}sys-cln-disc-space/'`	`cleanup_disc_space_folder: '{{ path_administrator_scripts }}sys-cln-disc-space/'`