From 716ebef33b037170a220e11d8b9c90731df980e5 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 3 Dec 2025 11:02:34 +0100 Subject: [PATCH] Refactor task includes and update variable handling for Ansible 2.20 migration This commit updates multiple roles to ensure compatibility with Ansible 2.20. Several include paths and task-loading mechanisms required adjustments, as Ansible 2.20 applies stricter evaluation rules for complex Jinja expressions and no longer resolves certain relative include paths the way Ansible 2.18 did. Key changes: - Replaced legacy once_finalize.yml and once_flag.yml with the new structure under tasks/utils/once/finalize.yml and tasks/utils/once/flag.yml. - Updated all include_tasks statements to use 'path_join' with playbook_dir, ensuring deterministic and absolute file resolution across roles. - Fixed all network helper includes by converting direct relative paths such as 'roles/docker-compose/tasks/utils/network.yml' to proper Jinja-evaluated paths. - Normalized MATOMO_* variable names for consistency with the updated variable scope behavior in Ansible 2.20. - Removed deprecated patterns that were implicitly supported in Ansible 2.18 but break under the more strict variable and path resolution model in 2.20. These changes are part of the full migration step required to ensure the infinito-nexus roles remain stable, deterministic, and forward-compatible with Ansible 2.20. Details of the discussion and reasoning can be found in this conversation: https://chatgpt.com/share/69300a8d-24d4-800f-bec0-e895a695618a --- roles/desk-git/tasks/main.yml | 2 +- roles/desk-gnome-caffeine/tasks/01_core.yml | 2 +- roles/desk-qbittorrent/tasks/main.yml | 2 +- roles/desk-spotify/tasks/main.yml | 2 +- roles/desk-ssh/tasks/01_core.yml | 2 +- roles/desk-zoom/tasks/main.yml | 2 +- roles/dev-fakeroot/tasks/main.yml | 2 +- roles/dev-git/tasks/main.yml | 2 +- roles/dev-python-pip/tasks/main.yml | 2 +- roles/dev-python-yaml/tasks/main.yml | 2 +- roles/dev-shell/tasks/01_core.yml | 2 +- roles/dev-yay/tasks/01_core.yml | 2 +- roles/docker-compose/defaults/main.yml | 1 - roles/docker-compose/tasks/01_core.yml | 2 +- roles/docker-compose/tasks/04_files.yml | 10 ++++---- roles/docker-compose/tasks/main.yml | 2 +- roles/docker-compose/tasks/utils/network.yml | 17 +++++++++++++ .../tasks/{05_ensure_up.yml => utils/up.yml} | 20 +++++++++------ roles/docker-container/tasks/01_core.yml | 2 +- .../drv-epson-multiprinter/tasks/01_core.yml | 2 +- roles/pkgmgr-install/tasks/01_core.yml | 2 +- roles/pkgmgr/tasks/01_core.yml | 2 +- roles/svc-ai-ollama/tasks/01_core.yml | 21 ++++------------ roles/svc-ai-ollama/vars/main.yml | 3 --- roles/svc-bkp-loc-2-usb/tasks/main.yml | 2 +- roles/svc-bkp-rmt-2-loc/tasks/main.yml | 2 +- roles/svc-db-mariadb/tasks/01_core.yml | 14 +++++------ roles/svc-db-openldap/tasks/main.yml | 18 ++++--------- roles/svc-db-postgres/tasks/01_core.yml | 22 ++++------------ roles/svc-db-postgres/vars/main.yml | 3 --- .../svc-opt-keyboard-color/tasks/01_core.yml | 2 +- roles/svc-opt-swapfile/tasks/01_core.yml | 2 +- roles/svc-prx-openresty/tasks/main.yml | 2 +- roles/sys-bkp-provider-user/tasks/01_core.yml | 2 +- roles/sys-bkp-provider/tasks/01_core.yml | 2 +- roles/sys-cli/tasks/main.yml | 2 +- roles/sys-ctl-alm-compose/tasks/01_core.yml | 2 +- roles/sys-ctl-alm-email/tasks/01_core.yml | 2 +- roles/sys-ctl-alm-telegram/tasks/01_core.yml | 2 +- .../tasks/01_core.yml | 2 +- roles/sys-ctl-cln-anon-volumes/tasks/main.yml | 2 +- roles/sys-ctl-cln-bkps/tasks/01_core.yml | 2 +- roles/sys-ctl-cln-certs/tasks/01_core.yml | 2 +- .../sys-ctl-cln-disc-space/tasks/01_core.yml | 2 +- roles/sys-ctl-cln-docker/tasks/main.yml | 2 +- .../sys-ctl-cln-faild-bkps/tasks/01_core.yml | 2 +- roles/sys-ctl-hlth-btrfs/tasks/01_core.yml | 2 +- roles/sys-ctl-hlth-csp/tasks/01_core.yml | 2 +- .../sys-ctl-hlth-disc-space/tasks/01_core.yml | 2 +- .../tasks/01_core.yml | 2 +- .../tasks/01_core.yml | 2 +- .../sys-ctl-hlth-journalctl/tasks/01_core.yml | 2 +- roles/sys-ctl-hlth-msmtp/tasks/01_core.yml | 2 +- .../sys-ctl-hlth-webserver/tasks/01_core.yml | 2 +- .../sys-ctl-mtn-cert-deploy/tasks/01_core.yml | 2 +- .../sys-ctl-mtn-cert-renew/tasks/01_core.yml | 2 +- .../tasks/01_core.yml | 2 +- .../sys-ctl-rpr-docker-hard/tasks/01_core.yml | 2 +- .../sys-ctl-rpr-docker-soft/tasks/01_core.yml | 2 +- roles/sys-daemon/tasks/main.yml | 2 +- roles/sys-dns-wildcards/tasks/01_core.yml | 2 +- roles/sys-front-inj-all/tasks/main.yml | 4 ++- roles/sys-front-inj-all/vars/main.yml | 1 - roles/sys-front-inj-css/tasks/01_core.yml | 2 +- roles/sys-front-inj-desktop/tasks/01_core.yml | 2 +- roles/sys-lock/tasks/main.yml | 2 +- roles/sys-postfix/tasks/main.yml | 2 +- roles/sys-service/tasks/01_core.yml | 2 +- roles/sys-stk-front-base/tasks/main.yml | 2 +- roles/sys-svc-cdn/tasks/main.yml | 2 +- roles/sys-svc-certbot/tasks/01_core.yml | 2 +- roles/sys-svc-certs/tasks/main.yml | 2 +- roles/sys-svc-cln-domains/tasks/main.yml | 2 +- roles/sys-svc-dns/tasks/01_core.yml | 2 +- roles/sys-svc-docker/tasks/01_core.yml | 2 +- roles/sys-svc-journalctl/tasks/main.yml | 2 +- roles/sys-svc-letsencrypt/tasks/01_core.yml | 2 +- roles/sys-svc-msmtp/tasks/01_core.yml | 4 +-- roles/sys-svc-rdbms/tasks/main.yml | 3 ++- roles/sys-svc-rdbms/vars/main.yml | 1 - roles/sys-svc-sshd/tasks/main.yml | 2 +- .../sys-svc-webserver-core/tasks/01_core.yml | 2 +- roles/sys-svc-webserver-https/tasks/main.yml | 2 +- roles/sys-timer-cln-bkps/tasks/01_core.yml | 2 +- roles/update-apt/tasks/main.yml | 2 +- roles/update-compose/tasks/01_core.yml | 2 +- roles/update-pacman/tasks/main.yml | 2 +- roles/user-administrator/tasks/01_core.yml | 2 +- roles/user-root/tasks/01_core.yml | 2 +- roles/util-desk-design/tasks/01_core.yml | 2 +- roles/util-desk-dev-core/tasks/main.yml | 2 +- roles/util-desk-dev-python/tasks/main.yml | 2 +- roles/util-dev-admin/tasks/main.yml | 2 +- roles/web-app-akaunting/tasks/main.yml | 5 ++++ roles/web-app-akaunting/vars/main.yml | 6 ----- roles/web-app-bigbluebutton/tasks/main.yml | 6 ++++- roles/web-app-bigbluebutton/vars/main.yml | 6 ----- roles/web-app-bookwyrm/tasks/main.yml | 2 +- roles/web-app-bridgy-fed/tasks/01_core.yml | 2 +- roles/web-app-chess/tasks/01_core.yml | 2 +- roles/web-app-confluence/tasks/main.yml | 2 +- roles/web-app-desktop/tasks/01_core.yml | 6 +++-- roles/web-app-desktop/vars/main.yml | 5 ---- roles/web-app-discourse/tasks/01_core.yml | 2 +- roles/web-app-friendica/tasks/main.yml | 2 ++ roles/web-app-friendica/vars/main.yml | 3 --- roles/web-app-gitea/tasks/main.yml | 2 ++ roles/web-app-gitea/vars/main.yml | 1 - roles/web-app-jira/tasks/main.yml | 2 +- roles/web-app-littlejs/tasks/01_core.yml | 7 ++++-- roles/web-app-littlejs/vars/main.yml | 5 ---- roles/web-app-magento/tasks/01_core.yml | 4 +-- roles/web-app-mailu/tasks/01_core.yml | 2 +- roles/web-app-matomo/config/main.yml | 2 +- roles/web-app-matomo/tasks/01_core.yml | 8 +++--- .../web-app-matomo/tasks/02_configuration.yml | 25 +++++++++++-------- .../templates/docker-compose.yml.j2 | 6 ++--- roles/web-app-matomo/vars/main.yml | 21 ++++++++-------- roles/web-app-mig/tasks/01_core.yml | 3 ++- roles/web-app-mig/vars/main.yml | 3 --- roles/web-app-mini-qr/tasks/01_core.yml | 5 ++-- roles/web-app-mini-qr/vars/main.yml | 14 ++++------- roles/web-app-minio/tasks/main.yml | 4 ++- roles/web-app-minio/vars/main.yml | 4 --- roles/web-app-mobilizon/tasks/main.yml | 2 ++ roles/web-app-mobilizon/vars/main.yml | 3 --- roles/web-app-moodle/config/main.yml | 4 +-- .../web-app-moodle/tasks/01_patch_config.yml | 20 +++++++-------- roles/web-app-moodle/tasks/02_ownership.yml | 18 ++++++------- roles/web-app-moodle/tasks/03_oidc.yml | 12 ++++----- roles/web-app-moodle/tasks/main.yml | 20 +++++---------- roles/web-app-moodle/templates/Dockerfile.j2 | 8 +++--- .../templates/docker-compose.yml.j2 | 12 ++++----- roles/web-app-moodle/vars/main.yml | 25 +++++++++---------- roles/web-app-openproject/tasks/main.yml | 6 ++++- roles/web-app-openproject/vars/main.yml | 6 ----- roles/web-app-openwebui/tasks/main.yml | 3 +++ roles/web-app-openwebui/vars/main.yml | 4 --- roles/web-app-peertube/tasks/main.yml | 2 ++ roles/web-app-peertube/vars/main.yml | 3 --- roles/web-app-pretix/tasks/main.yml | 2 +- roles/web-app-roulette-wheel/tasks/main.yml | 5 +++- roles/web-app-roulette-wheel/vars/main.yml | 4 --- roles/web-app-shopware/vars/main.yml | 1 - roles/web-app-snipe-it/tasks/ldap.yml | 14 +++++------ roles/web-app-snipe-it/tasks/main.yml | 2 ++ .../templates/docker-compose.yml.j2 | 6 ++--- roles/web-app-snipe-it/templates/env.j2 | 2 +- roles/web-app-snipe-it/vars/main.yml | 17 ++++++------- roles/web-app-taiga/tasks/main.yml | 4 ++- roles/web-app-taiga/vars/main.yml | 4 --- roles/web-app-xwiki/tasks/01_core.yml | 2 +- roles/web-opt-rdr-domains/tasks/main.yml | 2 +- roles/web-svc-cdn/tasks/01_core.yml | 4 +-- roles/web-svc-collabora/tasks/01_core.yml | 2 +- roles/web-svc-coturn/tasks/01_core.yml | 2 +- roles/web-svc-file/tasks/main.yml | 2 +- roles/web-svc-html/tasks/main.yml | 2 +- roles/web-svc-libretranslate/tasks/main.yml | 2 +- roles/web-svc-logout/tasks/01_core.yml | 11 ++++---- roles/web-svc-logout/vars/main.yml | 2 -- roles/web-svc-onlyoffice/tasks/01_core.yml | 2 +- roles/web-svc-simpleicons/tasks/main.yml | 2 +- tasks/utils/compose_up.yml | 10 -------- tasks/utils/once/README.md | 2 ++ .../{once_finalize.yml => once/finalize.yml} | 4 +-- tasks/utils/{once_flag.yml => once/flag.yml} | 0 .../integration/test_run_once_global_usage.py | 14 +++++------ tests/integration/test_run_once_inclusion.py | 8 +++--- 169 files changed, 348 insertions(+), 399 deletions(-) create mode 100644 roles/docker-compose/tasks/utils/network.yml rename roles/docker-compose/tasks/{05_ensure_up.yml => utils/up.yml} (59%) delete mode 100644 tasks/utils/compose_up.yml create mode 100644 tasks/utils/once/README.md rename tasks/utils/{once_finalize.yml => once/finalize.yml} (50%) rename tasks/utils/{once_flag.yml => once/flag.yml} (100%) diff --git a/roles/desk-git/tasks/main.yml b/roles/desk-git/tasks/main.yml index 7650f107..25e7a7cb 100644 --- a/roles/desk-git/tasks/main.yml +++ b/roles/desk-git/tasks/main.yml @@ -16,6 +16,6 @@ command: gitconfig --merge-option rebase --name "{{users.client.full_name}}" --email "{{users.client.email}}" --website "{{users.client.website}}" --signing gpg --gpg-key "{{users.client.gpg}}" become: false - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml vars: flush_handlers: false \ No newline at end of file diff --git a/roles/desk-gnome-caffeine/tasks/01_core.yml b/roles/desk-gnome-caffeine/tasks/01_core.yml index 2a02d020..eddaa889 100644 --- a/roles/desk-gnome-caffeine/tasks/01_core.yml +++ b/roles/desk-gnome-caffeine/tasks/01_core.yml @@ -20,4 +20,4 @@ src: caffeine.desktop.j2 dest: "{{auto_start_directory}}caffeine.desktop" -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/desk-qbittorrent/tasks/main.yml b/roles/desk-qbittorrent/tasks/main.yml index 109557fb..c525ce54 100644 --- a/roles/desk-qbittorrent/tasks/main.yml +++ b/roles/desk-qbittorrent/tasks/main.yml @@ -10,5 +10,5 @@ use: yay name: - qbittorrent - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_desk_qbittorrent is not defined diff --git a/roles/desk-spotify/tasks/main.yml b/roles/desk-spotify/tasks/main.yml index 52694d26..0b7c1fbc 100644 --- a/roles/desk-spotify/tasks/main.yml +++ b/roles/desk-spotify/tasks/main.yml @@ -9,5 +9,5 @@ use: yay name: - spotify - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_desk_spotify is not defined diff --git a/roles/desk-ssh/tasks/01_core.yml b/roles/desk-ssh/tasks/01_core.yml index cbcdc6e5..ecf8c34d 100644 --- a/roles/desk-ssh/tasks/01_core.yml +++ b/roles/desk-ssh/tasks/01_core.yml @@ -50,4 +50,4 @@ mode: "0644" become: false -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/desk-zoom/tasks/main.yml b/roles/desk-zoom/tasks/main.yml index 909a473b..082c60e2 100644 --- a/roles/desk-zoom/tasks/main.yml +++ b/roles/desk-zoom/tasks/main.yml @@ -9,5 +9,5 @@ name: - zoom become: false - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_desk_zoom is not defined diff --git a/roles/dev-fakeroot/tasks/main.yml b/roles/dev-fakeroot/tasks/main.yml index 5d105425..2cf22a59 100644 --- a/roles/dev-fakeroot/tasks/main.yml +++ b/roles/dev-fakeroot/tasks/main.yml @@ -6,6 +6,6 @@ name: fakeroot state: present - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml vars: flush_handlers: false \ No newline at end of file diff --git a/roles/dev-git/tasks/main.yml b/roles/dev-git/tasks/main.yml index 99635aa7..dd6835b2 100644 --- a/roles/dev-git/tasks/main.yml +++ b/roles/dev-git/tasks/main.yml @@ -4,7 +4,7 @@ name: git state: present - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml vars: flush_handlers: false when: run_once_dev_git is not defined \ No newline at end of file diff --git a/roles/dev-python-pip/tasks/main.yml b/roles/dev-python-pip/tasks/main.yml index 11fadd63..e1722159 100644 --- a/roles/dev-python-pip/tasks/main.yml +++ b/roles/dev-python-pip/tasks/main.yml @@ -9,7 +9,7 @@ name: python-pip state: present - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml vars: flush_handlers: false when: run_once_dev_python_pip is not defined diff --git a/roles/dev-python-yaml/tasks/main.yml b/roles/dev-python-yaml/tasks/main.yml index f57486b0..7d8dccf9 100644 --- a/roles/dev-python-yaml/tasks/main.yml +++ b/roles/dev-python-yaml/tasks/main.yml @@ -6,6 +6,6 @@ name: python-yaml state: present - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml vars: flush_handlers: false diff --git a/roles/dev-shell/tasks/01_core.yml b/roles/dev-shell/tasks/01_core.yml index 15bf0fc1..22ff2482 100644 --- a/roles/dev-shell/tasks/01_core.yml +++ b/roles/dev-shell/tasks/01_core.yml @@ -18,4 +18,4 @@ mode: "0644" become: false -- include_tasks: utils/once_flag.yml \ No newline at end of file +- include_tasks: utils/once/flag.yml \ No newline at end of file diff --git a/roles/dev-yay/tasks/01_core.yml b/roles/dev-yay/tasks/01_core.yml index f3e8be98..9bef39d5 100644 --- a/roles/dev-yay/tasks/01_core.yml +++ b/roles/dev-yay/tasks/01_core.yml @@ -55,4 +55,4 @@ aur_only: yes when: MODE_UPDATE | bool -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/docker-compose/defaults/main.yml b/roles/docker-compose/defaults/main.yml index 16d7ecf7..cd394959 100644 --- a/roles/docker-compose/defaults/main.yml +++ b/roles/docker-compose/defaults/main.yml @@ -1,3 +1,2 @@ docker_compose_file_creation_enabled: true # If set to true the file creation will be skipped -docker_pull_git_repository: false # Activates docker repository download and routine docker_compose_flush_handlers: false # Set to true in the vars/main.yml of the including role to autoflush after docker compose routine \ No newline at end of file diff --git a/roles/docker-compose/tasks/01_core.yml b/roles/docker-compose/tasks/01_core.yml index 9fd74696..0237303e 100644 --- a/roles/docker-compose/tasks/01_core.yml +++ b/roles/docker-compose/tasks/01_core.yml @@ -1,4 +1,4 @@ -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml - name: Remove all docker compose pull locks file: diff --git a/roles/docker-compose/tasks/04_files.yml b/roles/docker-compose/tasks/04_files.yml index ea8e8615..13a814b8 100644 --- a/roles/docker-compose/tasks/04_files.yml +++ b/roles/docker-compose/tasks/04_files.yml @@ -49,9 +49,9 @@ - "{{ application_id | abs_role_path_by_application_id }}/files/docker-compose.override.yml" skip: true -- name: "Create (obligatoric) '{{ docker_compose.files.docker_compose }}'" +- name: "Create (obligatoric) '{{ docker_compose.files.docker_compose }}'" template: - src: "docker-compose.yml.j2" - dest: "{{ docker_compose.files.docker_compose }}" - notify: docker compose up - register: docker_compose_template \ No newline at end of file + src: "docker-compose.yml.j2" + dest: "{{ docker_compose.files.docker_compose }}" + notify: docker compose up + register: docker_compose_template \ No newline at end of file diff --git a/roles/docker-compose/tasks/main.yml b/roles/docker-compose/tasks/main.yml index d207cd5e..b36f1495 100644 --- a/roles/docker-compose/tasks/main.yml +++ b/roles/docker-compose/tasks/main.yml @@ -21,7 +21,7 @@ - name: "Include file management routines for '{{ application_id }}'." include_tasks: "04_files.yml" - name: "Ensure that {{ docker_compose.directories.instance }} is up" - include_tasks: "05_ensure_up.yml" + include_tasks: "utils/up.yml" when: docker_compose_file_creation_enabled | bool - name: "flush docker compose for '{{ application_id }}'" diff --git a/roles/docker-compose/tasks/utils/network.yml b/roles/docker-compose/tasks/utils/network.yml new file mode 100644 index 00000000..4ce15d03 --- /dev/null +++ b/roles/docker-compose/tasks/utils/network.yml @@ -0,0 +1,17 @@ +- name: Include docker to setup docker + include_role: + name: sys-svc-docker + when: run_once_sys_svc_docker is not defined + +- name: create docker network for Ollama, so that other applications can access it + community.docker.docker_network: + name: "{{ docker_network_name }}" + state: present + ipam_config: + - subnet: "{{ docker_network_subnet }}" + +- name: "include docker-compose role" + include_role: + name: docker-compose + vars: + docker_compose_flush_handlers: true \ No newline at end of file diff --git a/roles/docker-compose/tasks/05_ensure_up.yml b/roles/docker-compose/tasks/utils/up.yml similarity index 59% rename from roles/docker-compose/tasks/05_ensure_up.yml rename to roles/docker-compose/tasks/utils/up.yml index 13b72856..1c0d38e1 100644 --- a/roles/docker-compose/tasks/05_ensure_up.yml +++ b/roles/docker-compose/tasks/utils/up.yml @@ -13,10 +13,16 @@ (docker_ps.stderr | default('')) | regex_search('(no configuration file provided|no such file or directory|env file .* not found)') is none ) - when: > - not ( - docker_compose_template.changed | default(false) - or - env_template.changed | default(false) - ) - notify: docker compose up + when: + - > + not ( + docker_compose_template.changed | default(false) + or + env_template.changed | default(false) + ) + - docker_compose is defined # @todo remove in the future, non docker roles shouldn't include this file + - (application_id | get_entity_name) == (docker_compose.directories.instance | basename) + notify: docker compose up + +- meta: flush_handlers + when: flush_handlers | default(true) | bool \ No newline at end of file diff --git a/roles/docker-container/tasks/01_core.yml b/roles/docker-container/tasks/01_core.yml index 13fcac66..b8bc2d5f 100644 --- a/roles/docker-container/tasks/01_core.yml +++ b/roles/docker-container/tasks/01_core.yml @@ -2,4 +2,4 @@ name: sys-svc-docker when: run_once_sys_svc_docker is not defined -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/drv-epson-multiprinter/tasks/01_core.yml b/roles/drv-epson-multiprinter/tasks/01_core.yml index 988f3b1e..d98646f0 100644 --- a/roles/drv-epson-multiprinter/tasks/01_core.yml +++ b/roles/drv-epson-multiprinter/tasks/01_core.yml @@ -18,4 +18,4 @@ name: imagescan state: present -- include_tasks: utils/once_flag.yml \ No newline at end of file +- include_tasks: utils/once/flag.yml \ No newline at end of file diff --git a/roles/pkgmgr-install/tasks/01_core.yml b/roles/pkgmgr-install/tasks/01_core.yml index db2bfabe..de8fbc63 100644 --- a/roles/pkgmgr-install/tasks/01_core.yml +++ b/roles/pkgmgr-install/tasks/01_core.yml @@ -10,4 +10,4 @@ register: pkgmgr_update changed_when: "'already up to date' not in (pkgmgr_update.stdout | lower)" -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml diff --git a/roles/pkgmgr/tasks/01_core.yml b/roles/pkgmgr/tasks/01_core.yml index 195e3ac1..57ebc739 100644 --- a/roles/pkgmgr/tasks/01_core.yml +++ b/roles/pkgmgr/tasks/01_core.yml @@ -48,4 +48,4 @@ command: "pkgmgr pull --all" when: MODE_UPDATE | bool -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/svc-ai-ollama/tasks/01_core.yml b/roles/svc-ai-ollama/tasks/01_core.yml index ac34227f..d9526afa 100644 --- a/roles/svc-ai-ollama/tasks/01_core.yml +++ b/roles/svc-ai-ollama/tasks/01_core.yml @@ -1,20 +1,9 @@ -- name: create docker network for Ollama, so that other applications can access it - community.docker.docker_network: - name: "{{ OLLAMA_NETWORK }}" - state: present - ipam_config: - - subnet: "{{ networks.local[application_id].subnet }}" -- name: Include dependency 'sys-svc-docker' - include_role: - name: sys-svc-docker - when: run_once_sys_svc_docker is not defined - -- name: "include docker-compose role" - include_role: - name: docker-compose +- name: "Setup docker network for {{ application_id }}" + include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/network.yml' ] | path_join }}" vars: - docker_compose_flush_handlers: true + docker_network_name: "{{ OLLAMA_NETWORK }}" + docker_network_subnet: "{{ networks.local[application_id].subnet }}" - name: Pre-pull Ollama models vars: @@ -35,4 +24,4 @@ (pull_result.rc | default(0)) != 0 and ('up to date' not in (pull_result.stdout | default(''))) -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/svc-ai-ollama/vars/main.yml b/roles/svc-ai-ollama/vars/main.yml index 49ac27e6..e751d832 100644 --- a/roles/svc-ai-ollama/vars/main.yml +++ b/roles/svc-ai-ollama/vars/main.yml @@ -1,9 +1,6 @@ # General application_id: "svc-ai-ollama" -# Docker -docker_compose_flush_handlers: true - # Ollama # https://ollama.com/ OLLAMA_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.ollama.version') }}" diff --git a/roles/svc-bkp-loc-2-usb/tasks/main.yml b/roles/svc-bkp-loc-2-usb/tasks/main.yml index a4226b7e..de194a5c 100644 --- a/roles/svc-bkp-loc-2-usb/tasks/main.yml +++ b/roles/svc-bkp-loc-2-usb/tasks/main.yml @@ -5,7 +5,7 @@ loop: - sys-ctl-cln-bkps - sys-lock - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_svc_bkp_loc_2_usb is not defined - name: Fail if any backup_to_usb variable is empty diff --git a/roles/svc-bkp-rmt-2-loc/tasks/main.yml b/roles/svc-bkp-rmt-2-loc/tasks/main.yml index 234e3575..ad122936 100644 --- a/roles/svc-bkp-rmt-2-loc/tasks/main.yml +++ b/roles/svc-bkp-rmt-2-loc/tasks/main.yml @@ -7,7 +7,7 @@ - sys-ctl-alm-compose - sys-lock - sys-timer-cln-bkps - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_svc_bkp_rmt_2_loc is not defined - name: "Create Directory '{{ DOCKER_BACKUP_REMOTE_2_LOCAL_DIR }}'" diff --git a/roles/svc-db-mariadb/tasks/01_core.yml b/roles/svc-db-mariadb/tasks/01_core.yml index 1eea25f3..6caf6d64 100644 --- a/roles/svc-db-mariadb/tasks/01_core.yml +++ b/roles/svc-db-mariadb/tasks/01_core.yml @@ -1,10 +1,8 @@ - -- name: Create Docker network for MariaDB - community.docker.docker_network: - name: "{{ mariadb_network }}" - state: present - ipam_config: - - subnet: "{{ mariadb_subnet }}" +- name: "Setup docker network for {{ application_id }}" + include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/network.yml' ] | path_join }}" + vars: + docker_network_name: "{{ mariadb_network }}" + docker_network_subnet: "{{ mariadb_subnet }}" - name: install MariaDB community.docker.docker_container: @@ -47,4 +45,4 @@ - setup_mariadb_container_result is defined - setup_mariadb_container_result.changed -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/svc-db-openldap/tasks/main.yml b/roles/svc-db-openldap/tasks/main.yml index a987bad0..d459e21b 100644 --- a/roles/svc-db-openldap/tasks/main.yml +++ b/roles/svc-db-openldap/tasks/main.yml @@ -1,8 +1,9 @@ --- - -- name: "include docker-compose role" - include_role: - name: docker-compose +- name: "Setup docker network for {{ application_id }}" + include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/network.yml' ] | path_join }}" + vars: + docker_network_name: "{{ OPENLDAP_NETWORK }}" + docker_network_subnet: "{{ networks.local[application_id].subnet }}" - name: Create {{ domains | get_domain(application_id) }}.conf if LDAP is exposed to internet template: @@ -17,15 +18,6 @@ state: absent when: not OPENLDAP_NETWORK_SWITCH_PUBLIC | bool -- name: create docker network for LDAP, so that other applications can access it - community.docker.docker_network: - name: "{{ OPENLDAP_NETWORK }}" - state: present - ipam_config: - - subnet: "{{ networks.local[application_id].subnet }}" - -- meta: flush_handlers - - name: "Wait for LDAP to be available" wait_for: host: "127.0.0.1" diff --git a/roles/svc-db-postgres/tasks/01_core.yml b/roles/svc-db-postgres/tasks/01_core.yml index 23b2d872..514cb904 100644 --- a/roles/svc-db-postgres/tasks/01_core.yml +++ b/roles/svc-db-postgres/tasks/01_core.yml @@ -3,27 +3,15 @@ POSTGRES_ALLOWED_AVG_CONNECTIONS: "{{ (POSTGRES_MAX_CONNECTIONS | split_postgres_connections(playbook_dir ~ '/roles')) | int }}" run_once: true -- name: Include dependency 'sys-svc-docker' - include_role: - name: sys-svc-docker - when: run_once_sys_svc_docker is not defined - -- name: Create Docker network for PostgreSQL - community.docker.docker_network: - name: "{{ POSTGRES_NETWORK_NAME }}" - state: present - ipam_config: - - subnet: "{{ POSTGRES_SUBNET }}" - -- name: "include docker-compose role" - include_role: - name: docker-compose +- name: "Setup docker network for {{ application_id }}" + include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/network.yml' ] | path_join }}" vars: - docker_compose_flush_handlers: true + docker_network_name: "{{ POSTGRES_NETWORK_NAME }}" + docker_network_subnet: "{{ POSTGRES_SUBNET }}" - name: install python-psycopg2 community.general.pacman: name: python-psycopg2 state: present -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/svc-db-postgres/vars/main.yml b/roles/svc-db-postgres/vars/main.yml index cbe7508a..d654fa89 100644 --- a/roles/svc-db-postgres/vars/main.yml +++ b/roles/svc-db-postgres/vars/main.yml @@ -2,9 +2,6 @@ application_id: svc-db-postgres entity_name: "{{ application_id | get_entity_name }}" -# Docker -docker_compose_flush_handlers: true - # Docker Compose database_type: "{{ entity_name }}" diff --git a/roles/svc-opt-keyboard-color/tasks/01_core.yml b/roles/svc-opt-keyboard-color/tasks/01_core.yml index cec77a55..793f13ba 100644 --- a/roles/svc-opt-keyboard-color/tasks/01_core.yml +++ b/roles/svc-opt-keyboard-color/tasks/01_core.yml @@ -17,4 +17,4 @@ system_service_timer_enabled: true persistent: true -- include_tasks: utils/once_flag.yml \ No newline at end of file +- include_tasks: utils/once/flag.yml \ No newline at end of file diff --git a/roles/svc-opt-swapfile/tasks/01_core.yml b/roles/svc-opt-swapfile/tasks/01_core.yml index 56a6989f..9ea1e44b 100644 --- a/roles/svc-opt-swapfile/tasks/01_core.yml +++ b/roles/svc-opt-swapfile/tasks/01_core.yml @@ -11,4 +11,4 @@ async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/svc-prx-openresty/tasks/main.yml b/roles/svc-prx-openresty/tasks/main.yml index 88058c99..51cfe400 100644 --- a/roles/svc-prx-openresty/tasks/main.yml +++ b/roles/svc-prx-openresty/tasks/main.yml @@ -5,5 +5,5 @@ vars: docker_compose_flush_handlers: true docker_pull_git_repository: false # Deactivated here to deactivate inhirement - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_svc_prx_openresty is not defined \ No newline at end of file diff --git a/roles/sys-bkp-provider-user/tasks/01_core.yml b/roles/sys-bkp-provider-user/tasks/01_core.yml index a73805b4..a1033b97 100644 --- a/roles/sys-bkp-provider-user/tasks/01_core.yml +++ b/roles/sys-bkp-provider-user/tasks/01_core.yml @@ -16,4 +16,4 @@ - include_tasks: 03_permissions_folders.yml -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-bkp-provider/tasks/01_core.yml b/roles/sys-bkp-provider/tasks/01_core.yml index 87b4e605..949d59c1 100644 --- a/roles/sys-bkp-provider/tasks/01_core.yml +++ b/roles/sys-bkp-provider/tasks/01_core.yml @@ -4,4 +4,4 @@ loop: - sys-bkp-provider-user - sys-timer-cln-bkps -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-cli/tasks/main.yml b/roles/sys-cli/tasks/main.yml index f24e0346..9afaf50d 100644 --- a/roles/sys-cli/tasks/main.yml +++ b/roles/sys-cli/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: dev-yay when: run_once_dev_yay is not defined - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_sys_cli is not defined - name: "pkgmgr install infinito" diff --git a/roles/sys-ctl-alm-compose/tasks/01_core.yml b/roles/sys-ctl-alm-compose/tasks/01_core.yml index 93161913..2b66fba7 100644 --- a/roles/sys-ctl-alm-compose/tasks/01_core.yml +++ b/roles/sys-ctl-alm-compose/tasks/01_core.yml @@ -1,4 +1,4 @@ -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml - name: "Include dependent services for '{{ system_service_id }}'" include_role: diff --git a/roles/sys-ctl-alm-email/tasks/01_core.yml b/roles/sys-ctl-alm-email/tasks/01_core.yml index 143defe3..e03a054f 100644 --- a/roles/sys-ctl-alm-email/tasks/01_core.yml +++ b/roles/sys-ctl-alm-email/tasks/01_core.yml @@ -1,4 +1,4 @@ -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml - name: Include dependencies include_role: diff --git a/roles/sys-ctl-alm-telegram/tasks/01_core.yml b/roles/sys-ctl-alm-telegram/tasks/01_core.yml index 3b255a30..aac83203 100644 --- a/roles/sys-ctl-alm-telegram/tasks/01_core.yml +++ b/roles/sys-ctl-alm-telegram/tasks/01_core.yml @@ -22,4 +22,4 @@ name: curl state: present -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml b/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml index 5a31387b..0410e30b 100644 --- a/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml +++ b/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml @@ -28,4 +28,4 @@ system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" # system_service_tpl_exec_start_post: "/usr/bin/systemctl start {{ SYS_SERVICE_CLEANUP_BACKUPS }}" # Not possible to use it because it's a deathlock. Keep this line for documentation purposes -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-cln-anon-volumes/tasks/main.yml b/roles/sys-ctl-cln-anon-volumes/tasks/main.yml index b060a417..1f944a4b 100644 --- a/roles/sys-ctl-cln-anon-volumes/tasks/main.yml +++ b/roles/sys-ctl-cln-anon-volumes/tasks/main.yml @@ -14,6 +14,6 @@ system_service_copy_files: false system_service_force_linear_sync: false - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: - run_once_sys_ctl_cln_anon_volumes is not defined diff --git a/roles/sys-ctl-cln-bkps/tasks/01_core.yml b/roles/sys-ctl-cln-bkps/tasks/01_core.yml index 018a7590..1885ee9b 100644 --- a/roles/sys-ctl-cln-bkps/tasks/01_core.yml +++ b/roles/sys-ctl-cln-bkps/tasks/01_core.yml @@ -22,6 +22,6 @@ system_service_copy_files: true system_service_force_linear_sync: false -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml vars: flush_handlers: true \ No newline at end of file diff --git a/roles/sys-ctl-cln-certs/tasks/01_core.yml b/roles/sys-ctl-cln-certs/tasks/01_core.yml index 9a1f98a9..79a6b0d6 100644 --- a/roles/sys-ctl-cln-certs/tasks/01_core.yml +++ b/roles/sys-ctl-cln-certs/tasks/01_core.yml @@ -19,4 +19,4 @@ system_service_copy_files: false system_service_force_linear_sync: false -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/sys-ctl-cln-disc-space/tasks/01_core.yml b/roles/sys-ctl-cln-disc-space/tasks/01_core.yml index c58385e8..69ea4984 100644 --- a/roles/sys-ctl-cln-disc-space/tasks/01_core.yml +++ b/roles/sys-ctl-cln-disc-space/tasks/01_core.yml @@ -16,4 +16,4 @@ system_service_tpl_exec_start_pre: '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ") }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(" ") }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"' system_service_force_linear_sync: false -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-cln-docker/tasks/main.yml b/roles/sys-ctl-cln-docker/tasks/main.yml index d79973b1..b8151e7d 100644 --- a/roles/sys-ctl-cln-docker/tasks/main.yml +++ b/roles/sys-ctl-cln-docker/tasks/main.yml @@ -19,5 +19,5 @@ system_service_force_linear_sync: false system_service_force_flush: "{{ MODE_CLEANUP }}" - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_sys_ctl_cln_docker is not defined diff --git a/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml b/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml index 64c8d86e..2aaeea71 100644 --- a/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml +++ b/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml @@ -22,4 +22,4 @@ system_service_tpl_exec_start_pre: '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ") }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(" ") }} --timeout "{{ SYS_TIMEOUT_CLEANUP_SERVICES }}"' system_service_tpl_exec_start: '/bin/sh -c "{{ CLEANUP_FAILED_BACKUPS_PKG }} --all --workers {{ CLEANUP_FAILED_BACKUPS_WORKERS }} --yes"' system_service_force_linear_sync: false -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/sys-ctl-hlth-btrfs/tasks/01_core.yml b/roles/sys-ctl-hlth-btrfs/tasks/01_core.yml index 675862b3..e37a2dc1 100644 --- a/roles/sys-ctl-hlth-btrfs/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-btrfs/tasks/01_core.yml @@ -10,4 +10,4 @@ system_service_timer_enabled: true system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-hlth-csp/tasks/01_core.yml b/roles/sys-ctl-hlth-csp/tasks/01_core.yml index 255fbad0..973d5d3f 100644 --- a/roles/sys-ctl-hlth-csp/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-csp/tasks/01_core.yml @@ -23,4 +23,4 @@ --nginx-config-dir={{ NGINX.DIRECTORIES.HTTP.SERVERS }} --ignore-network-blocks-from {{ HEALTH_CSP_IGNORE_NETWORK_BLOCKS_FROM | join(' ') }} -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/sys-ctl-hlth-disc-space/tasks/01_core.yml b/roles/sys-ctl-hlth-disc-space/tasks/01_core.yml index 4c343f64..b56166e8 100644 --- a/roles/sys-ctl-hlth-disc-space/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-disc-space/tasks/01_core.yml @@ -11,4 +11,4 @@ system_service_tpl_exec_start: "{{ system_service_script_exec }} {{ SIZE_PERCENT_CLEANUP_DISC_SPACE }}" system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_CLEANUP_DISC_SPACE }}" -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/sys-ctl-hlth-docker-container/tasks/01_core.yml b/roles/sys-ctl-hlth-docker-container/tasks/01_core.yml index b8c243fb..0b40032e 100644 --- a/roles/sys-ctl-hlth-docker-container/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-docker-container/tasks/01_core.yml @@ -15,4 +15,4 @@ system_service_on_calendar: "{{ SYS_SCHEDULE_HEALTH_DOCKER_CONTAINER }}" system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_REPAIR_DOCKER_SOFT }}" -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml b/roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml index 57447b19..fbb7c5f1 100644 --- a/roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml @@ -11,4 +11,4 @@ system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_CLEANUP_ANONYMOUS_VOLUMES }}" system_service_tpl_exec_start: '{{ system_service_script_exec }} "{{ DOCKER_WHITELISTET_ANON_VOLUMES | join(" ") }}"' -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-hlth-journalctl/tasks/01_core.yml b/roles/sys-ctl-hlth-journalctl/tasks/01_core.yml index aab9e31f..ad48cdac 100644 --- a/roles/sys-ctl-hlth-journalctl/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-journalctl/tasks/01_core.yml @@ -11,4 +11,4 @@ system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" system_service_suppress_flush: true # There are almost allways errors in the journalctl logs so suppression is neccessary to let playbook run -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-hlth-msmtp/tasks/01_core.yml b/roles/sys-ctl-hlth-msmtp/tasks/01_core.yml index a57818c6..c710b150 100644 --- a/roles/sys-ctl-hlth-msmtp/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-msmtp/tasks/01_core.yml @@ -13,4 +13,4 @@ - not MODE_RESET | bool - users['no-reply'].mailu_token is defined -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-hlth-webserver/tasks/01_core.yml b/roles/sys-ctl-hlth-webserver/tasks/01_core.yml index 00bbc6d7..3bfdfc4b 100644 --- a/roles/sys-ctl-hlth-webserver/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-webserver/tasks/01_core.yml @@ -26,4 +26,4 @@ --expectations '{{ applications | web_health_expectations(www_enabled=WWW_REDIRECT_ENABLED | bool, group_names=group_names) | to_json }}' system_service_suppress_flush: true # The healthcheck will just work after all routines passed -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml b/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml index 8a5e709d..6edff748 100644 --- a/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml +++ b/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml @@ -21,4 +21,4 @@ system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" system_service_force_linear_sync: false -- include_tasks: utils/once_flag.yml \ No newline at end of file +- include_tasks: utils/once/flag.yml \ No newline at end of file diff --git a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml index 8883e49b..8eeb4a28 100644 --- a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml +++ b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml @@ -22,4 +22,4 @@ system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" system_service_force_linear_sync: false -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml b/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml index bf4e6562..ff624f5a 100644 --- a/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml +++ b/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml @@ -20,4 +20,4 @@ system_service_tpl_exec_start: "/bin/sh -c 'btrfs-auto-balancer 90 10'" system_service_force_linear_sync: true -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml b/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml index 4bc11178..005e63ec 100644 --- a/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml +++ b/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml @@ -14,4 +14,4 @@ system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" system_service_force_linear_sync: true -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml b/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml index 59b44776..11d6487a 100644 --- a/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml +++ b/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml @@ -12,4 +12,4 @@ /bin/sh -c '{{ system_service_script_exec }} --manipulation-string "{{ SYS_SERVICE_GROUP_MANIPULATION | join(" ") }}" {{ PATH_DOCKER_COMPOSE_INSTANCES }}' system_service_force_linear_sync: true -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/sys-daemon/tasks/main.yml b/roles/sys-daemon/tasks/main.yml index 7dcfd059..80d69e9a 100644 --- a/roles/sys-daemon/tasks/main.yml +++ b/roles/sys-daemon/tasks/main.yml @@ -4,5 +4,5 @@ when: MODE_RESET | bool and run_once_sys_daemon is not defined - name: Apply systemd manager defaults include_tasks: 02_defaults.yml - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_sys_daemon is not defined \ No newline at end of file diff --git a/roles/sys-dns-wildcards/tasks/01_core.yml b/roles/sys-dns-wildcards/tasks/01_core.yml index 6f0dd88d..b171ee33 100644 --- a/roles/sys-dns-wildcards/tasks/01_core.yml +++ b/roles/sys-dns-wildcards/tasks/01_core.yml @@ -9,4 +9,4 @@ cloudflare_async_poll: "{{ ASYNC_POLL }}" when: DNS_PROVIDER == 'cloudflare' -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/sys-front-inj-all/tasks/main.yml b/roles/sys-front-inj-all/tasks/main.yml index a709a5a5..a538971c 100644 --- a/roles/sys-front-inj-all/tasks/main.yml +++ b/roles/sys-front-inj-all/tasks/main.yml @@ -2,8 +2,10 @@ - name: Include dependency 'sys-svc-webserver-core' include_role: name: sys-svc-webserver-core + vars: + docker_pull_git_repository: false # Deactivated here to don't inhire this when: run_once_sys_svc_webserver_core is not defined - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_sys_front_inj_all is not defined - name: Build inj_enabled for '{{ domain }}'" diff --git a/roles/sys-front-inj-all/vars/main.yml b/roles/sys-front-inj-all/vars/main.yml index ad0ff388..26a74401 100644 --- a/roles/sys-front-inj-all/vars/main.yml +++ b/roles/sys-front-inj-all/vars/main.yml @@ -1,5 +1,4 @@ # Docker -docker_pull_git_repository: false # Deactivated here to don't inhire this SRV_WEB_INJ_COMP_FEATURES_ALL: - 'javascript' diff --git a/roles/sys-front-inj-css/tasks/01_core.yml b/roles/sys-front-inj-css/tasks/01_core.yml index 51521e90..a931ee4d 100644 --- a/roles/sys-front-inj-css/tasks/01_core.yml +++ b/roles/sys-front-inj-css/tasks/01_core.yml @@ -29,4 +29,4 @@ mode: '0644' loop: "{{ CSS_FILES }}" -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-front-inj-desktop/tasks/01_core.yml b/roles/sys-front-inj-desktop/tasks/01_core.yml index 52255198..0053abcc 100644 --- a/roles/sys-front-inj-desktop/tasks/01_core.yml +++ b/roles/sys-front-inj-desktop/tasks/01_core.yml @@ -6,4 +6,4 @@ group: "{{ NGINX.USER }}" mode: '0644' -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-lock/tasks/main.yml b/roles/sys-lock/tasks/main.yml index a219f382..10bb057d 100644 --- a/roles/sys-lock/tasks/main.yml +++ b/roles/sys-lock/tasks/main.yml @@ -5,7 +5,7 @@ src: sys-lock.py dest: "{{ PATH_SYSTEM_LOCK_SCRIPT }}" - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml vars: flush_handlers: false when: run_once_sys_lock is not defined diff --git a/roles/sys-postfix/tasks/main.yml b/roles/sys-postfix/tasks/main.yml index 4b8a99a4..645296bc 100644 --- a/roles/sys-postfix/tasks/main.yml +++ b/roles/sys-postfix/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: user-administrator when: run_once_user_administrator is not defined - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_sys_postfix is not defined - name: install postfix diff --git a/roles/sys-service/tasks/01_core.yml b/roles/sys-service/tasks/01_core.yml index 2b1f2ebf..661460ec 100644 --- a/roles/sys-service/tasks/01_core.yml +++ b/roles/sys-service/tasks/01_core.yml @@ -7,4 +7,4 @@ include_tasks: 02_reset.yml when: MODE_RESET | bool -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-stk-front-base/tasks/main.yml b/roles/sys-stk-front-base/tasks/main.yml index 3904c130..3aeafb72 100644 --- a/roles/sys-stk-front-base/tasks/main.yml +++ b/roles/sys-stk-front-base/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: sys-svc-webserver-https when: run_once_sys_svc_webserver_https is not defined - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_sys_stk_front_base is not defined - include_tasks: "01_cloudflare.yml" diff --git a/roles/sys-svc-cdn/tasks/main.yml b/roles/sys-svc-cdn/tasks/main.yml index 330a7b1a..1aa99d8a 100644 --- a/roles/sys-svc-cdn/tasks/main.yml +++ b/roles/sys-svc-cdn/tasks/main.yml @@ -8,7 +8,7 @@ group: "{{ NGINX.USER }}" mode: "0755" loop: "{{ CDN_DIRS_GLOBAL }}" - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: - run_once_sys_svc_cdn is not defined diff --git a/roles/sys-svc-certbot/tasks/01_core.yml b/roles/sys-svc-certbot/tasks/01_core.yml index 2f1da9bf..e786c6ea 100644 --- a/roles/sys-svc-certbot/tasks/01_core.yml +++ b/roles/sys-svc-certbot/tasks/01_core.yml @@ -7,4 +7,4 @@ include_tasks: 02_no_webroot.yml when: CERTBOT_ACME_CHALLENGE_METHOD != 'webroot' -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-svc-certs/tasks/main.yml b/roles/sys-svc-certs/tasks/main.yml index 9c9e861b..1f6b7f33 100644 --- a/roles/sys-svc-certs/tasks/main.yml +++ b/roles/sys-svc-certs/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: sys-svc-webserver-https when: run_once_sys_svc_webserver_https is not defined - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_sys_svc_certs is not defined - name: "Include flavor '{{ CERTBOT_FLAVOR }}' for '{{ domain }}'" diff --git a/roles/sys-svc-cln-domains/tasks/main.yml b/roles/sys-svc-cln-domains/tasks/main.yml index feb69644..40647697 100644 --- a/roles/sys-svc-cln-domains/tasks/main.yml +++ b/roles/sys-svc-cln-domains/tasks/main.yml @@ -50,5 +50,5 @@ # 'No certificate found with name' not in certbot_delete_result.stderr # changed_when: > # certbot_delete_result.rc == 0 - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_sys_svc_cln_domains is not defined diff --git a/roles/sys-svc-dns/tasks/01_core.yml b/roles/sys-svc-dns/tasks/01_core.yml index 036ed0c1..a14e582f 100644 --- a/roles/sys-svc-dns/tasks/01_core.yml +++ b/roles/sys-svc-dns/tasks/01_core.yml @@ -36,4 +36,4 @@ parent_dns_proxied: false when: run_once_sys_dns_wildcards is not defined -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-svc-docker/tasks/01_core.yml b/roles/sys-svc-docker/tasks/01_core.yml index 0cad0124..2c54b018 100644 --- a/roles/sys-svc-docker/tasks/01_core.yml +++ b/roles/sys-svc-docker/tasks/01_core.yml @@ -1,4 +1,4 @@ -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml - name: docker & docker compose install community.general.pacman: diff --git a/roles/sys-svc-journalctl/tasks/main.yml b/roles/sys-svc-journalctl/tasks/main.yml index 978fac23..500d8fb6 100644 --- a/roles/sys-svc-journalctl/tasks/main.yml +++ b/roles/sys-svc-journalctl/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: sys-ctl-hlth-journalctl when: run_once_sys_ctl_hlth_journalctl is not defined - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_sys_svc_journalctl is not defined - name: copy journald.conf diff --git a/roles/sys-svc-letsencrypt/tasks/01_core.yml b/roles/sys-svc-letsencrypt/tasks/01_core.yml index cbd60f41..a710c08d 100644 --- a/roles/sys-svc-letsencrypt/tasks/01_core.yml +++ b/roles/sys-svc-letsencrypt/tasks/01_core.yml @@ -9,4 +9,4 @@ dest: "{{ [ NGINX.DIRECTORIES.HTTP.GLOBAL, 'letsencrypt.conf' ] | path_join }}" notify: restart openresty -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/sys-svc-msmtp/tasks/01_core.yml b/roles/sys-svc-msmtp/tasks/01_core.yml index 5cd3b980..f40da166 100644 --- a/roles/sys-svc-msmtp/tasks/01_core.yml +++ b/roles/sys-svc-msmtp/tasks/01_core.yml @@ -1,4 +1,4 @@ -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml - name: "Check if Mail Host is reachable" uri: @@ -45,4 +45,4 @@ name: sys-ctl-hlth-msmtp when: run_once_sys_ctl_hlth_msmtp is not defined -- include_tasks: utils/compose_up.yml \ No newline at end of file +- include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/up.yml' ] | path_join }}" \ No newline at end of file diff --git a/roles/sys-svc-rdbms/tasks/main.yml b/roles/sys-svc-rdbms/tasks/main.yml index 3bb78f02..bf7fadc2 100644 --- a/roles/sys-svc-rdbms/tasks/main.yml +++ b/roles/sys-svc-rdbms/tasks/main.yml @@ -22,7 +22,8 @@ name: "svc-db-{{ database_type }}" when: SYS_SVC_RDBMS_CENTRAL_DB_ENABLED | bool vars: - database_init: true # Initialize a custom database for the application + database_init: true # Initialize a custom database for the application + docker_pull_git_repository: false # Deactivated here to don't inhire the variable - name: "For '{{ application_id }}': Add Entry for Backup Procedure" include_tasks: "{{ playbook_dir }}/roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml" diff --git a/roles/sys-svc-rdbms/vars/main.yml b/roles/sys-svc-rdbms/vars/main.yml index 63e004a7..16e9d15b 100644 --- a/roles/sys-svc-rdbms/vars/main.yml +++ b/roles/sys-svc-rdbms/vars/main.yml @@ -1,3 +1,2 @@ # Docker -docker_pull_git_repository: false # Deactivated here to don't inhire this SYS_SVC_RDBMS_CENTRAL_DB_ENABLED: "{{ applications | get_app_conf(application_id, 'features.central_database', False) }}" \ No newline at end of file diff --git a/roles/sys-svc-sshd/tasks/main.yml b/roles/sys-svc-sshd/tasks/main.yml index a0898974..aeae00a5 100644 --- a/roles/sys-svc-sshd/tasks/main.yml +++ b/roles/sys-svc-sshd/tasks/main.yml @@ -11,5 +11,5 @@ group: root mode: '0644' notify: sshd restart - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_sys_svc_sshd is not defined diff --git a/roles/sys-svc-webserver-core/tasks/01_core.yml b/roles/sys-svc-webserver-core/tasks/01_core.yml index c36e284f..21c4b5a2 100644 --- a/roles/sys-svc-webserver-core/tasks/01_core.yml +++ b/roles/sys-svc-webserver-core/tasks/01_core.yml @@ -53,4 +53,4 @@ vars: flush_handlers: false -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/sys-svc-webserver-https/tasks/main.yml b/roles/sys-svc-webserver-https/tasks/main.yml index 9af323cd..ca7209e3 100644 --- a/roles/sys-svc-webserver-https/tasks/main.yml +++ b/roles/sys-svc-webserver-https/tasks/main.yml @@ -7,5 +7,5 @@ - sys-svc-cln-domains - sys-svc-letsencrypt - sys-svc-dns - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_sys_svc_webserver_https is not defined diff --git a/roles/sys-timer-cln-bkps/tasks/01_core.yml b/roles/sys-timer-cln-bkps/tasks/01_core.yml index c2bec0b0..e6f1f6b9 100644 --- a/roles/sys-timer-cln-bkps/tasks/01_core.yml +++ b/roles/sys-timer-cln-bkps/tasks/01_core.yml @@ -1,4 +1,4 @@ -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml - name: Include dependencies include_role: diff --git a/roles/update-apt/tasks/main.yml b/roles/update-apt/tasks/main.yml index 22678258..de826578 100644 --- a/roles/update-apt/tasks/main.yml +++ b/roles/update-apt/tasks/main.yml @@ -5,7 +5,7 @@ upgrade: dist force_apt_get: yes - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml vars: flush_handlers: false when: run_once_update_apt is not defined \ No newline at end of file diff --git a/roles/update-compose/tasks/01_core.yml b/roles/update-compose/tasks/01_core.yml index ac067acc..1a11cded 100644 --- a/roles/update-compose/tasks/01_core.yml +++ b/roles/update-compose/tasks/01_core.yml @@ -18,4 +18,4 @@ - ansible_facts['distribution'] == "Debian" - run_once_update_apt is not defined -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/update-pacman/tasks/main.yml b/roles/update-pacman/tasks/main.yml index 1d5f35a9..ad958c9a 100644 --- a/roles/update-pacman/tasks/main.yml +++ b/roles/update-pacman/tasks/main.yml @@ -4,7 +4,7 @@ update_cache: yes upgrade: yes - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml vars: flush_handlers: false when: run_once_update_pacman is not defined \ No newline at end of file diff --git a/roles/user-administrator/tasks/01_core.yml b/roles/user-administrator/tasks/01_core.yml index 6bc4f71e..2da6e1da 100644 --- a/roles/user-administrator/tasks/01_core.yml +++ b/roles/user-administrator/tasks/01_core.yml @@ -53,4 +53,4 @@ vars: user_name: "administrator" -- include_tasks: utils/once_flag.yml \ No newline at end of file +- include_tasks: utils/once/flag.yml \ No newline at end of file diff --git a/roles/user-root/tasks/01_core.yml b/roles/user-root/tasks/01_core.yml index f7f98bc2..9916acce 100644 --- a/roles/user-root/tasks/01_core.yml +++ b/roles/user-root/tasks/01_core.yml @@ -25,4 +25,4 @@ vars: user_name: "root" -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml diff --git a/roles/util-desk-design/tasks/01_core.yml b/roles/util-desk-design/tasks/01_core.yml index e4114353..bc650d31 100644 --- a/roles/util-desk-design/tasks/01_core.yml +++ b/roles/util-desk-design/tasks/01_core.yml @@ -17,4 +17,4 @@ - drawio-desktop become: false -- include_tasks: utils/once_flag.yml \ No newline at end of file +- include_tasks: utils/once/flag.yml \ No newline at end of file diff --git a/roles/util-desk-dev-core/tasks/main.yml b/roles/util-desk-dev-core/tasks/main.yml index b195534b..55c2d805 100644 --- a/roles/util-desk-dev-core/tasks/main.yml +++ b/roles/util-desk-dev-core/tasks/main.yml @@ -9,5 +9,5 @@ name: - code state: present - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_util_desk_dev_core is not defined diff --git a/roles/util-desk-dev-python/tasks/main.yml b/roles/util-desk-dev-python/tasks/main.yml index 1ba7bcff..ab010454 100644 --- a/roles/util-desk-dev-python/tasks/main.yml +++ b/roles/util-desk-dev-python/tasks/main.yml @@ -3,5 +3,5 @@ include_role: name: dev-python-pip when: run_once_dev_python_pip is not defined - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_util_desk_dev_python is not defined diff --git a/roles/util-dev-admin/tasks/main.yml b/roles/util-dev-admin/tasks/main.yml index 15741ebb..0894a703 100644 --- a/roles/util-dev-admin/tasks/main.yml +++ b/roles/util-dev-admin/tasks/main.yml @@ -14,5 +14,5 @@ - fdupes - p7zip state: present - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_util_dev_admin is not defined diff --git a/roles/web-app-akaunting/tasks/main.yml b/roles/web-app-akaunting/tasks/main.yml index f836afd1..873658d8 100644 --- a/roles/web-app-akaunting/tasks/main.yml +++ b/roles/web-app-akaunting/tasks/main.yml @@ -11,6 +11,11 @@ - name: "For '{{ application_id }}': load docker, db and proxy" include_role: name: sys-stk-full-stateful + vars: + docker_repository_address: "https://github.com/akaunting/docker.git" + docker_pull_git_repository: true + docker_repository_branch: "master" + docker_compose_file_creation_enabled: true - name: "Akaunting | Create first-run marker to disable future setup" ansible.builtin.file: diff --git a/roles/web-app-akaunting/vars/main.yml b/roles/web-app-akaunting/vars/main.yml index e17de493..5848d3bf 100644 --- a/roles/web-app-akaunting/vars/main.yml +++ b/roles/web-app-akaunting/vars/main.yml @@ -7,12 +7,6 @@ js_application_name: "Akaunting" database_type: "mariadb" database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password') }}" -# Docker -docker_repository_address: "https://github.com/akaunting/docker.git" -docker_pull_git_repository: true -docker_repository_branch: "master" -docker_compose_file_creation_enabled: true - # Akaunting AKAUNTING_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" AKAUNTING_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.akaunting.version') }}" diff --git a/roles/web-app-bigbluebutton/tasks/main.yml b/roles/web-app-bigbluebutton/tasks/main.yml index 0bc6378e..39e46d12 100644 --- a/roles/web-app-bigbluebutton/tasks/main.yml +++ b/roles/web-app-bigbluebutton/tasks/main.yml @@ -13,7 +13,11 @@ include_role: name: sys-stk-full-stateless vars: - docker_compose_flush_handlers: false + docker_compose_flush_handlers: false + docker_compose_file_creation_enabled: false + docker_pull_git_repository: true + docker_repository_address: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.repository') }}" + docker_repository_branch: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}" - name: "Unset 'proxy_extra_configuration'" set_fact: diff --git a/roles/web-app-bigbluebutton/vars/main.yml b/roles/web-app-bigbluebutton/vars/main.yml index c525cf43..22bbc9ca 100644 --- a/roles/web-app-bigbluebutton/vars/main.yml +++ b/roles/web-app-bigbluebutton/vars/main.yml @@ -6,12 +6,6 @@ entity_name: "{{ application_id | get_entity_name }}" domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" -# Docker -docker_compose_file_creation_enabled: false -docker_pull_git_repository: true -docker_repository_address: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.repository') }}" -docker_repository_branch: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}" - # BigBlueButton _BBB_COTURN_ROLE: 'web-svc-coturn' diff --git a/roles/web-app-bookwyrm/tasks/main.yml b/roles/web-app-bookwyrm/tasks/main.yml index 500bdcec..9415da1a 100644 --- a/roles/web-app-bookwyrm/tasks/main.yml +++ b/roles/web-app-bookwyrm/tasks/main.yml @@ -3,5 +3,5 @@ - name: "load docker, db/redis and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_web_app_bookwyrm is not defined \ No newline at end of file diff --git a/roles/web-app-bridgy-fed/tasks/01_core.yml b/roles/web-app-bridgy-fed/tasks/01_core.yml index 2ae2e6f0..f3ef4ccb 100644 --- a/roles/web-app-bridgy-fed/tasks/01_core.yml +++ b/roles/web-app-bridgy-fed/tasks/01_core.yml @@ -9,4 +9,4 @@ domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/web-app-chess/tasks/01_core.yml b/roles/web-app-chess/tasks/01_core.yml index 67e31720..bde9a5d4 100644 --- a/roles/web-app-chess/tasks/01_core.yml +++ b/roles/web-app-chess/tasks/01_core.yml @@ -9,4 +9,4 @@ notify: - docker compose build -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/web-app-confluence/tasks/main.yml b/roles/web-app-confluence/tasks/main.yml index 70ab4894..348353bd 100644 --- a/roles/web-app-confluence/tasks/main.yml +++ b/roles/web-app-confluence/tasks/main.yml @@ -3,5 +3,5 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_web_app_confluence is not defined diff --git a/roles/web-app-desktop/tasks/01_core.yml b/roles/web-app-desktop/tasks/01_core.yml index 510fb565..1db632f0 100644 --- a/roles/web-app-desktop/tasks/01_core.yml +++ b/roles/web-app-desktop/tasks/01_core.yml @@ -18,7 +18,9 @@ include_role: name: sys-stk-full-stateless vars: - docker_compose_flush_handlers: false + docker_compose_flush_handlers: false + docker_repository_address: "https://github.com/kevinveenbirkenbach/port-ui" + docker_pull_git_repository: true - name: "Check if host-specific config.yaml exists in {{ DESKTOP_CONFIG_INV_PATH }}" stat: @@ -71,4 +73,4 @@ delay: 5 until: desktop_http.status == 200 -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/web-app-desktop/vars/main.yml b/roles/web-app-desktop/vars/main.yml index 144b0119..cb8a6bd9 100644 --- a/roles/web-app-desktop/vars/main.yml +++ b/roles/web-app-desktop/vars/main.yml @@ -5,10 +5,6 @@ http_port: "{{ ports.localhost.http[application_id] }}" ## Webserver proxy_extra_configuration: "{{ lookup('template', 'nginx/sso.html.conf.j2') }}" -## Docker -docker_repository_address: "https://github.com/kevinveenbirkenbach/port-ui" -docker_pull_git_repository: true - # Desktop ## Simpleicons @@ -24,7 +20,6 @@ DESKTOP_JS_BASE_URL: "{{ (DESKTOP_JS_CDN_URL | trim('/')) ~ '/' ~ ( ## Webserver DESKTOP_LOCATION_SILENT_CHECK: "/silent-check-sso.html" - ## Configuration DESKTOP_CONFIG_YML_SRC_FILE: "config.yaml.j2" DESKTOP_CONFIG_INV_PATH: "{{ [ inventory_dir, 'files', inventory_hostname ,'docker',application_id,DESKTOP_CONFIG_YML_SRC_FILE] | path_join }}" diff --git a/roles/web-app-discourse/tasks/01_core.yml b/roles/web-app-discourse/tasks/01_core.yml index 59c45162..3ed2f833 100644 --- a/roles/web-app-discourse/tasks/01_core.yml +++ b/roles/web-app-discourse/tasks/01_core.yml @@ -8,4 +8,4 @@ - name: "Setup '{{ application_id }}' network" include_tasks: 04_network.yml -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/web-app-friendica/tasks/main.yml b/roles/web-app-friendica/tasks/main.yml index 84f624e2..45f83a5f 100644 --- a/roles/web-app-friendica/tasks/main.yml +++ b/roles/web-app-friendica/tasks/main.yml @@ -2,6 +2,8 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful + vars: + docker_compose_flush_handlers: false - name: Integrate LDAP include_tasks: 01_ldap.yml diff --git a/roles/web-app-friendica/vars/main.yml b/roles/web-app-friendica/vars/main.yml index 70047483..b6a227d5 100644 --- a/roles/web-app-friendica/vars/main.yml +++ b/roles/web-app-friendica/vars/main.yml @@ -2,9 +2,6 @@ application_id: "web-app-friendica" database_type: "mariadb" -# Docker -docker_compose_flush_handlers: false - # Friendica friendica_container: "friendica" friendica_no_validation: "{{ applications | get_app_conf(application_id, 'features.oidc') }}" # Email validation is not neccessary if OIDC is active diff --git a/roles/web-app-gitea/tasks/main.yml b/roles/web-app-gitea/tasks/main.yml index 41fc3d36..d5dd267e 100644 --- a/roles/web-app-gitea/tasks/main.yml +++ b/roles/web-app-gitea/tasks/main.yml @@ -2,6 +2,8 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful + vars: + docker_compose_flush_handlers: true - name: Wait for Gitea HTTP endpoint wait_for: diff --git a/roles/web-app-gitea/vars/main.yml b/roles/web-app-gitea/vars/main.yml index 82dc73e0..8f1cbc25 100644 --- a/roles/web-app-gitea/vars/main.yml +++ b/roles/web-app-gitea/vars/main.yml @@ -4,7 +4,6 @@ database_type: "mariadb" # Docker container_port: "{{ applications | get_app_conf(application_id, 'docker.services.gitea.port') }}" -docker_compose_flush_handlers: true # Gitea GITEA_LDAP_AUTH_ARGS: diff --git a/roles/web-app-jira/tasks/main.yml b/roles/web-app-jira/tasks/main.yml index 2ef005e5..8e972af9 100644 --- a/roles/web-app-jira/tasks/main.yml +++ b/roles/web-app-jira/tasks/main.yml @@ -3,5 +3,5 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_web_app_jira is not defined diff --git a/roles/web-app-littlejs/tasks/01_core.yml b/roles/web-app-littlejs/tasks/01_core.yml index 4a0f0aa5..a11b64e6 100644 --- a/roles/web-app-littlejs/tasks/01_core.yml +++ b/roles/web-app-littlejs/tasks/01_core.yml @@ -2,7 +2,10 @@ include_role: name: sys-stk-full-stateless vars: - docker_compose_flush_handlers: false + docker_compose_flush_handlers: false + docker_repository_address: "{{ LITTLEJS_REPOSITORY_BASE }}.git" + docker_pull_git_repository: true + docker_repository_branch: "main" - name: "Load LittleJS example metadata" include_vars: @@ -29,4 +32,4 @@ - name: "flush docker compose for '{{ application_id }}'" meta: flush_handlers -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/web-app-littlejs/vars/main.yml b/roles/web-app-littlejs/vars/main.yml index e823e2fd..96538ecc 100644 --- a/roles/web-app-littlejs/vars/main.yml +++ b/roles/web-app-littlejs/vars/main.yml @@ -10,11 +10,6 @@ LITTLEJS_TITLE: "{{ LITTLEJS_HEADLINE }} – {{ PRIMARY_DOMAIN | upp # Base repository URL for LittleJS LITTLEJS_REPOSITORY_BASE: "https://github.com/KilledByAPixel/LittleJS" -# Git repository for LittleJS engine + examples -docker_repository_address: "{{ LITTLEJS_REPOSITORY_BASE }}.git" -docker_pull_git_repository: true -docker_repository_branch: "main" - # Relative path where sys-stk-full-stateless checks out the repo LITTLEJS_APP_REL: "services/repository" LITTLEJS_INDEX_HOST_ABS: "{{ [ docker_compose.directories.volumes, 'index.html' ] | path_join }}" diff --git a/roles/web-app-magento/tasks/01_core.yml b/roles/web-app-magento/tasks/01_core.yml index 6ef5bf27..ed437a5d 100644 --- a/roles/web-app-magento/tasks/01_core.yml +++ b/roles/web-app-magento/tasks/01_core.yml @@ -41,11 +41,11 @@ --admin-user=\"$MAGENTO_ADMIN_USERNAME\" \ --admin-password=\"$MAGENTO_ADMIN_PASSWORD\"" args: - creates: "{{ [ (MAGENTO_VOLUME | docker_volume_path), 'app/etc/env.php' ] | path_join }}" + creates: "{{ [ MAGENTO_VOLUME, 'app/etc/env.php' ] | path_join }}" register: magento_install changed_when: > (magento_install.stdout is defined and ('Magento installation complete' in magento_install.stdout or 'successfully installed' in magento_install.stdout)) -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/web-app-mailu/tasks/01_core.yml b/roles/web-app-mailu/tasks/01_core.yml index 05fe4fc0..20af0f0f 100644 --- a/roles/web-app-mailu/tasks/01_core.yml +++ b/roles/web-app-mailu/tasks/01_core.yml @@ -1,4 +1,4 @@ -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml - name: Ensure MAILU_HOSTNAMES is a list with max 1 entry ansible.builtin.assert: diff --git a/roles/web-app-matomo/config/main.yml b/roles/web-app-matomo/config/main.yml index 43818083..514de922 100644 --- a/roles/web-app-matomo/config/main.yml +++ b/roles/web-app-matomo/config/main.yml @@ -42,4 +42,4 @@ docker: redis: enabled: false volumes: - data: matomo_data + data: MATOMO_DATA diff --git a/roles/web-app-matomo/tasks/01_core.yml b/roles/web-app-matomo/tasks/01_core.yml index 2fd9599c..39e88e88 100644 --- a/roles/web-app-matomo/tasks/01_core.yml +++ b/roles/web-app-matomo/tasks/01_core.yml @@ -1,9 +1,11 @@ # Required to be set on the top to prevent infinite recursions appearing in roles/sys-front-inj-all/tasks/01_dependencies.yml -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful + vars: + docker_compose_flush_handlers: false - name: "Patch Matomo config.ini.php" include_tasks: 02_configuration.yml @@ -20,7 +22,7 @@ body: module: API method: SitesManager.setGlobalExcludedIps - excludedIps: "{{ matomo_excluded_ips | join(',') }}" + excludedIps: "{{ MATOMO_EXCLUDED_IPS | join(',') }}" format: json token_auth: "{{ matomo_auth_token }}" return_content: yes @@ -44,4 +46,4 @@ return_content: yes status_code: 200 -- include_tasks: utils/compose_up.yml +- include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/up.yml' ] | path_join }}" diff --git a/roles/web-app-matomo/tasks/02_configuration.yml b/roles/web-app-matomo/tasks/02_configuration.yml index acc5f07a..ca52a9cb 100644 --- a/roles/web-app-matomo/tasks/02_configuration.yml +++ b/roles/web-app-matomo/tasks/02_configuration.yml @@ -1,25 +1,30 @@ - name: Update DB host command: > - docker exec --user root {{ matomo_name }} - sed -i "s/^host *=.*/host = {{ database_host }}/" {{ matomo_config }} + docker exec --user root {{ MATOMO_NAME }} + sed -i "s/^host *=.*/host = {{ database_host }}/" {{ MATOMO_CONFIG }} + notify: docker compose up - name: Update DB name command: > - docker exec --user root {{ matomo_name }} - sed -i "s/^dbname *=.*/dbname = {{ database_name }}/" {{ matomo_config }} + docker exec --user root {{ MATOMO_NAME }} + sed -i "s/^dbname *=.*/dbname = {{ database_name }}/" {{ MATOMO_CONFIG }} + notify: docker compose up - name: Update DB user command: > - docker exec --user root {{ matomo_name }} - sed -i "s/^username *=.*/username = {{ database_username }}/" {{ matomo_config }} + docker exec --user root {{ MATOMO_NAME }} + sed -i "s/^username *=.*/username = {{ database_username }}/" {{ MATOMO_CONFIG }} + notify: docker compose up - name: Update DB password command: > - docker exec --user root {{ matomo_name }} - sed -i "s/^password *=.*/password = {{ database_password }}/" {{ matomo_config }} + docker exec --user root {{ MATOMO_NAME }} + sed -i "s/^password *=.*/password = {{ database_password }}/" {{ MATOMO_CONFIG }} no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}" + notify: docker compose up - name: Update trusted host command: > - docker exec --user root {{ matomo_name }} - sed -i "s|^trusted_hosts\[\].*|trusted_hosts[] = \"{{ domain }}\"|" {{ matomo_config }} + docker exec --user root {{ MATOMO_NAME }} + sed -i "s|^trusted_hosts\[\].*|trusted_hosts[] = \"{{ domain }}\"|" {{ MATOMO_CONFIG }} + notify: docker compose up \ No newline at end of file diff --git a/roles/web-app-matomo/templates/docker-compose.yml.j2 b/roles/web-app-matomo/templates/docker-compose.yml.j2 index e1c6bc0e..be833f35 100644 --- a/roles/web-app-matomo/templates/docker-compose.yml.j2 +++ b/roles/web-app-matomo/templates/docker-compose.yml.j2 @@ -1,9 +1,9 @@ {% include 'roles/docker-compose/templates/base.yml.j2' %} application: - container_name: {{ matomo_name }} + container_name: {{ MATOMO_NAME }} {% set container_port = 80 %} {% include 'roles/docker-container/templates/base.yml.j2' %} - image: "{{ matomo_image }}:{{ matomo_version }}" + image: "{{ MATOMO_IMAGE }}:{{ MATOMO_VERSION }}" ports: - "127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }}" volumes: @@ -13,6 +13,6 @@ {% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %} {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: - name: {{ matomo_data }} + name: {{ MATOMO_DATA }} {% include 'roles/docker-compose/templates/networks.yml.j2' %} diff --git a/roles/web-app-matomo/vars/main.yml b/roles/web-app-matomo/vars/main.yml index f03f1851..0706cce8 100644 --- a/roles/web-app-matomo/vars/main.yml +++ b/roles/web-app-matomo/vars/main.yml @@ -4,17 +4,18 @@ application_id: "web-app-matomo" database_type: "mariadb" # Matomo -matomo_excluded_ips: "{{ applications | get_app_conf(application_id, 'excluded_ips', True) }}" -matomo_index_php_url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}/index.php" -matomo_auth_token: "{{ applications | get_app_conf(application_id, 'credentials.auth_token', True) }}" -matomo_version: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.version', True) }}" -matomo_image: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image', True) }}" -matomo_name: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.name', True) }}" -matomo_data: "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}" -matomo_config: "/var/www/html/config/config.ini.php" -# Docker -docker_compose_flush_handlers: true +# Contants +MATOMO_EXCLUDED_IPS: "{{ applications | get_app_conf(application_id, 'excluded_ips') }}" +MATOMO_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.version') }}" +MATOMO_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.image') }}" +MATOMO_NAME: "{{ applications | get_app_conf(application_id, 'docker.services.matomo.name') }}" +MATOMO_DATA: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}" +MATOMO_CONFIG: "/var/www/html/config/config.ini.php" + +# Variables +matomo_index_php_url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}/index.php" +matomo_auth_token: "{{ applications | get_app_conf(application_id, 'credentials.auth_token') }}" # I don't know if this is still necessary domain: "{{ domains | get_domain(application_id) }}" diff --git a/roles/web-app-mig/tasks/01_core.yml b/roles/web-app-mig/tasks/01_core.yml index 415ae204..4d064d65 100644 --- a/roles/web-app-mig/tasks/01_core.yml +++ b/roles/web-app-mig/tasks/01_core.yml @@ -9,6 +9,7 @@ vars: docker_compose_flush_handlers: true docker_pull_git_repository: true + docker_repository_address: "https://github.com/kevinveenbirkenbach/meta-infinite-graph" - include_tasks: 02_cleanup.yml when: MODE_CLEANUP | bool @@ -16,4 +17,4 @@ - include_tasks: 03_build_data.yml when: MIG_BUILD_DATA | bool -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/web-app-mig/vars/main.yml b/roles/web-app-mig/vars/main.yml index 0ace50cf..a46e0aad 100644 --- a/roles/web-app-mig/vars/main.yml +++ b/roles/web-app-mig/vars/main.yml @@ -1,9 +1,6 @@ # General application_id: web-app-mig -# Docker -docker_repository_address: "https://github.com/kevinveenbirkenbach/meta-infinite-graph" - # Helper variables MIG_IMAGE: "mig:latest" MIG_CONTAINER: "mig" diff --git a/roles/web-app-mini-qr/tasks/01_core.yml b/roles/web-app-mini-qr/tasks/01_core.yml index 16ad3c38..cd5a0f44 100644 --- a/roles/web-app-mini-qr/tasks/01_core.yml +++ b/roles/web-app-mini-qr/tasks/01_core.yml @@ -2,6 +2,7 @@ include_role: name: sys-stk-full-stateless vars: - docker_compose_flush_handlers: true + docker_compose_flush_handlers: true + docker_pull_git_repository: false -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/web-app-mini-qr/vars/main.yml b/roles/web-app-mini-qr/vars/main.yml index 02437a28..5d565807 100644 --- a/roles/web-app-mini-qr/vars/main.yml +++ b/roles/web-app-mini-qr/vars/main.yml @@ -1,12 +1,8 @@ # General -application_id: web-app-mini-qr -entity_name: "{{ application_id | get_entity_name }}" - -# Docker -docker_compose_flush_handlers: false -docker_pull_git_repository: false +application_id: web-app-mini-qr +entity_name: "{{ application_id | get_entity_name }}" # Helper variables -MINI_QR_IMAGE: "ghcr.io/lyqht/mini-qr" -MINI_QR_VERSION: "latest" -MINI_QR_CONTAINER: "{{ entity_name }}" +MINI_QR_IMAGE: "ghcr.io/lyqht/mini-qr" +MINI_QR_VERSION: "latest" +MINI_QR_CONTAINER: "{{ entity_name }}" diff --git a/roles/web-app-minio/tasks/main.yml b/roles/web-app-minio/tasks/main.yml index 9c6c0a3d..982bd3d9 100644 --- a/roles/web-app-minio/tasks/main.yml +++ b/roles/web-app-minio/tasks/main.yml @@ -3,7 +3,9 @@ include_role: name: sys-stk-back-stateless vars: - docker_compose_flush_handlers: true + docker_compose_flush_handlers: true + docker_pull_git_repository: false + docker_compose_file_creation_enabled: true - name: "Include role sys-stk-front-proxy for '{{ application_id }}'" include_role: diff --git a/roles/web-app-minio/vars/main.yml b/roles/web-app-minio/vars/main.yml index e211728e..c8583ed2 100644 --- a/roles/web-app-minio/vars/main.yml +++ b/roles/web-app-minio/vars/main.yml @@ -1,10 +1,6 @@ # General application_id: "web-app-minio" -# Docker -docker_pull_git_repository: false -docker_compose_file_creation_enabled: true - # MINIO # https://www.min.io/ MINIO_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.minio.version') }}" diff --git a/roles/web-app-mobilizon/tasks/main.yml b/roles/web-app-mobilizon/tasks/main.yml index 4d396871..7140834d 100644 --- a/roles/web-app-mobilizon/tasks/main.yml +++ b/roles/web-app-mobilizon/tasks/main.yml @@ -2,6 +2,8 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful + vars: + docker_compose_flush_handlers: false - name: add config.exs template: diff --git a/roles/web-app-mobilizon/vars/main.yml b/roles/web-app-mobilizon/vars/main.yml index 2b64d313..2fd5bf50 100644 --- a/roles/web-app-mobilizon/vars/main.yml +++ b/roles/web-app-mobilizon/vars/main.yml @@ -6,9 +6,6 @@ container_port: 4000 database_type: "postgres" postgres_gis_enabled: true -# Docker -docker_compose_flush_handlers: false - # Mobilizon mobilizon_host_conf_exs_file: "{{ [ docker_compose.directories.config, 'config.exs' ] | path_join }}" mobilizon_version: "{{ applications | get_app_conf(application_id, 'docker.services.mobilizon.version') }}" diff --git a/roles/web-app-moodle/config/main.yml b/roles/web-app-moodle/config/main.yml index 56d5dd44..310b3124 100644 --- a/roles/web-app-moodle/config/main.yml +++ b/roles/web-app-moodle/config/main.yml @@ -36,6 +36,6 @@ docker: image: bitnamilegacy/moodle name: moodle volumes: - data: moodle_data - code: moodle_code + data: MOODLE_DATA + code: MOODLE_CODE diff --git a/roles/web-app-moodle/tasks/01_patch_config.yml b/roles/web-app-moodle/tasks/01_patch_config.yml index cb1116e3..96a763d1 100644 --- a/roles/web-app-moodle/tasks/01_patch_config.yml +++ b/roles/web-app-moodle/tasks/01_patch_config.yml @@ -1,30 +1,30 @@ - name: Update DB host command: > - docker exec --user root {{ moodle_container }} - sed -i "s/^\$CFG->dbhost *= *.*/\$CFG->dbhost = '{{ database_host }}';/" {{ moodle_config }} + docker exec --user root {{ MOODLE_CONTAINER }} + sed -i "s/^\$CFG->dbhost *= *.*/\$CFG->dbhost = '{{ database_host }}';/" {{ MOODLE_CONFIG }} notify: docker compose restart - name: Update DB name command: > - docker exec --user root {{ moodle_container }} - sed -i "s/^\$CFG->dbname *= *.*/\$CFG->dbname = '{{ database_name }}';/" {{ moodle_config }} + docker exec --user root {{ MOODLE_CONTAINER }} + sed -i "s/^\$CFG->dbname *= *.*/\$CFG->dbname = '{{ database_name }}';/" {{ MOODLE_CONFIG }} notify: docker compose restart - name: Update DB user command: > - docker exec --user root {{ moodle_container }} - sed -i "s/^\$CFG->dbuser *= *.*/\$CFG->dbuser = '{{ database_username }}';/" {{ moodle_config }} + docker exec --user root {{ MOODLE_CONTAINER }} + sed -i "s/^\$CFG->dbuser *= *.*/\$CFG->dbuser = '{{ database_username }}';/" {{ MOODLE_CONFIG }} notify: docker compose restart - name: Update DB password command: > - docker exec --user root {{ moodle_container }} - sed -i "s/^\$CFG->dbpass *= *.*/\$CFG->dbpass = '{{ database_password }}';/" {{ moodle_config }} + docker exec --user root {{ MOODLE_CONTAINER }} + sed -i "s/^\$CFG->dbpass *= *.*/\$CFG->dbpass = '{{ database_password }}';/" {{ MOODLE_CONFIG }} notify: docker compose restart no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}" - name: Update CFG->wwwroot via sed in container command: > - docker exec --user root {{ moodle_container }} - sed -i -E "s|^(\$CFG->wwwroot[[:space:]]*=[[:space:]]*).*$|\1'{{ domains | get_url(application_id, WEB_PROTOCOL) }}';|" {{ moodle_config }} + docker exec --user root {{ MOODLE_CONTAINER }} + sed -i -E "s|^(\$CFG->wwwroot[[:space:]]*=[[:space:]]*).*$|\1'{{ domains | get_url(application_id, WEB_PROTOCOL) }}';|" {{ MOODLE_CONFIG }} notify: docker compose restart diff --git a/roles/web-app-moodle/tasks/02_ownership.yml b/roles/web-app-moodle/tasks/02_ownership.yml index 6f2aaf46..322eb1d0 100644 --- a/roles/web-app-moodle/tasks/02_ownership.yml +++ b/roles/web-app-moodle/tasks/02_ownership.yml @@ -2,18 +2,18 @@ - name: Set ownership and permissions on Moodle directories vars: - moodle_dirs: - - "{{ bitnami_code_dir }}" - - "{{ bitnami_data_dir }}" + MOODLE_DIRS: + - "{{ BITNAMI_CODE_DIR }}" + - "{{ BITNAMI_DATA_DIR }}" block: - name: Ensure ownership is correct - command: "docker exec --user root {{ moodle_container }} chown -R {{ bitnami_user_group }} {{ item }}" - loop: "{{ moodle_dirs }}" + command: "docker exec --user root {{ MOODLE_CONTAINER }} chown -R {{ BITNAMI_USER_GROUP }} {{ item }}" + loop: "{{ MOODLE_DIRS }}" - name: Set directory permissions (770) - command: "docker exec --user root {{ moodle_container }} find {{ item }} -type d -exec chmod 770 {} \\;" - loop: "{{ moodle_dirs }}" + command: "docker exec --user root {{ MOODLE_CONTAINER }} find {{ item }} -type d -exec chmod 770 {} \\;" + loop: "{{ MOODLE_DIRS }}" - name: Set file permissions (660) - command: "docker exec --user root {{ moodle_container }} find {{ item }} -type f -exec chmod 660 {} \\;" - loop: "{{ moodle_dirs }}" + command: "docker exec --user root {{ MOODLE_CONTAINER }} find {{ item }} -type f -exec chmod 660 {} \\;" + loop: "{{ MOODLE_DIRS }}" diff --git a/roles/web-app-moodle/tasks/03_oidc.yml b/roles/web-app-moodle/tasks/03_oidc.yml index 192f494d..095cea9e 100644 --- a/roles/web-app-moodle/tasks/03_oidc.yml +++ b/roles/web-app-moodle/tasks/03_oidc.yml @@ -2,7 +2,7 @@ - name: Check if OIDC plugin is present in container command: > - docker exec --user root {{ moodle_container }} test -d {{ bitnami_oidc_plugin_dir }} + docker exec --user root {{ MOODLE_CONTAINER }} test -d {{ BITNAMI_OIDC_PLUGIN_DIR }} register: oidc_plugin_check ignore_errors: true changed_when: false @@ -13,11 +13,11 @@ when: oidc_plugin_check.rc != 0 #- name: "Upgrade Moodle to apply OIDC plugin" -# command: "docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/upgrade.php --non-interactive" +# command: "docker exec --user {{ BITNAMI_USER }} {{ MOODLE_CONTAINER }} php /opt/bitnami/moodle/admin/cli/upgrade.php --non-interactive" # #- name: Clear Moodle cache # command: > -# docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/purge_caches.php +# docker exec --user {{ BITNAMI_USER }} {{ MOODLE_CONTAINER }} php /opt/bitnami/moodle/admin/cli/purge_caches.php - name: "Set Moodle OIDC configuration via CLI" loop: @@ -43,11 +43,11 @@ loop_control: label: "{{ item.name }}" command: > - docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --component=auth_oidc + docker exec --user {{ BITNAMI_USER }} {{ MOODLE_CONTAINER }} php /opt/bitnami/moodle/admin/cli/cfg.php --component=auth_oidc --name={{ item.name }} --set="{{ item.value }}" - name: "Enable OIDC login" - command: "docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=auth --set=oidc" + command: "docker exec --user {{ BITNAMI_USER }} {{ MOODLE_CONTAINER }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=auth --set=oidc" - name: Set auth = 'oidc' for all users except guest shell: > @@ -57,4 +57,4 @@ executable: /bin/bash #- name: Prevent Account Creation -# command: docker exec --user {{ bitnami_user }} {{ moodle_container }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=authpreventaccountcreation --set=1 \ No newline at end of file +# command: docker exec --user {{ BITNAMI_USER }} {{ MOODLE_CONTAINER }} php /opt/bitnami/moodle/admin/cli/cfg.php --name=authpreventaccountcreation --set=1 \ No newline at end of file diff --git a/roles/web-app-moodle/tasks/main.yml b/roles/web-app-moodle/tasks/main.yml index cf0e3144..66702998 100644 --- a/roles/web-app-moodle/tasks/main.yml +++ b/roles/web-app-moodle/tasks/main.yml @@ -2,15 +2,17 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful + vars: + docker_compose_flush_handlers: false - name: Check if config.php exists - command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }} + command: docker exec --user root {{ MOODLE_CONTAINER }} test -f {{ MOODLE_CONFIG }} register: config_file_exists changed_when: false failed_when: false - name: Check if config.php exists - command: docker exec --user root {{ moodle_container }} test -f {{ moodle_config }} + command: docker exec --user root {{ MOODLE_CONTAINER }} test -f {{ MOODLE_CONFIG }} register: config_file_exists changed_when: false failed_when: false @@ -23,7 +25,7 @@ meta: flush_handlers - name: Wait until the Moodle container is healthy - shell: docker inspect --format '{% raw %}{{.State.Health.Status}}{% endraw %}' {{ moodle_container }} + shell: docker inspect --format '{% raw %}{{.State.Health.Status}}{% endraw %}' {{ MOODLE_CONTAINER }} register: health_check until: health_check.stdout.strip() == "healthy" retries: 120 @@ -34,15 +36,5 @@ - name: "Configure OIDC login for Moodle if enabled" include_tasks: 03_oidc.yml - when: applications | get_app_conf(application_id, 'features.oidc', False) + when: applications | get_app_conf(application_id, 'features.oidc') -# Deactivated because it doesn't give helpfull warnings back -#- name: Run Moodle system check -# command: > -# docker exec --user {{ bitnami_user }} {{ moodle_container }} -# php /opt/bitnami/moodle/admin/cli/checks.php -# register: moodle_checks -# changed_when: false -# failed_when: > -# moodle_checks.rc != 0 or -# "OK: All" not in moodle_checks.stdout diff --git a/roles/web-app-moodle/templates/Dockerfile.j2 b/roles/web-app-moodle/templates/Dockerfile.j2 index 8e9ca0c1..8e871d2e 100644 --- a/roles/web-app-moodle/templates/Dockerfile.j2 +++ b/roles/web-app-moodle/templates/Dockerfile.j2 @@ -1,16 +1,16 @@ -FROM {{ moodle_image }}:{{ moodle_version }} +FROM {{ MOODLE_IMAGE }}:{{ MOODLE_VERSION }} {% if applications | get_app_conf(application_id, 'features.oidc', False) %} RUN install_packages unzip curl jq \ && VERSION=$(curl -s https://api.github.com/repos/microsoft/moodle-auth_oidc/tags \ | jq -r '.[].name' \ - | grep v{{ moodle_version }} \ + | grep v{{ MOODLE_VERSION }} \ | sort -Vr \ | head -n1) \ && echo "Using version $VERSION" \ && curl -L -o /tmp/oidc.zip https://github.com/microsoft/moodle-auth_oidc/archive/refs/tags/${VERSION}.zip \ && unzip /tmp/oidc.zip -d /tmp \ - && mv /tmp/moodle-auth_oidc-* {{ bitnami_oidc_plugin_dir }} \ - && chown -R {{ bitnami_user_group }} {{ bitnami_oidc_plugin_dir }} \ + && mv /tmp/moodle-auth_oidc-* {{ BITNAMI_OIDC_PLUGIN_DIR }} \ + && chown -R {{ BITNAMI_USER_GROUP }} {{ BITNAMI_OIDC_PLUGIN_DIR }} \ && rm -rf /tmp/oidc.zip {% endif %} diff --git a/roles/web-app-moodle/templates/docker-compose.yml.j2 b/roles/web-app-moodle/templates/docker-compose.yml.j2 index 69a42848..ec976de9 100644 --- a/roles/web-app-moodle/templates/docker-compose.yml.j2 +++ b/roles/web-app-moodle/templates/docker-compose.yml.j2 @@ -2,24 +2,24 @@ moodle: {% set container_port = 8080 %} - container_name: {{ moodle_container }} + container_name: {{ MOODLE_CONTAINER }} {{ lookup('template', 'roles/docker-container/templates/build.yml.j2') | indent(4) }} - image: moodle_custom + image: MOODLE_CUSTOM ports: - 127.0.0.1:{{ ports.localhost.http[application_id] }}:{{ container_port }} {% include 'roles/docker-container/templates/base.yml.j2' %} volumes: - - 'code:{{ bitnami_code_link }}' - - 'data:{{ bitnami_data_dir }}' + - 'code:{{ BITNAMI_CODE_LINK }}' + - 'data:{{ BITNAMI_DATA_DIR }}' {% include 'roles/docker-container/templates/healthcheck/tcp.yml.j2' %} {% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %} {% include 'roles/docker-container/templates/networks.yml.j2' %} {% include 'roles/docker-compose/templates/volumes.yml.j2' %} code: - name: {{ moodle_volume_code }} + name: {{ MOODLE_VOLUME_CODE }} data: - name: {{ moodle_volume_data }} + name: {{ MOODLE_VOLUME_DATA }} {% include 'roles/docker-compose/templates/networks.yml.j2' %} \ No newline at end of file diff --git a/roles/web-app-moodle/vars/main.yml b/roles/web-app-moodle/vars/main.yml index 494bdc6e..758a35e9 100644 --- a/roles/web-app-moodle/vars/main.yml +++ b/roles/web-app-moodle/vars/main.yml @@ -1,18 +1,17 @@ --- application_id: "web-app-moodle" database_type: "mariadb" -bitnami_code_link: "/bitnami/moodle" -bitnami_code_dir: "/opt{{bitnami_code_link}}" -bitnami_data_dir: "/bitnami/moodledata" -bitnami_oidc_plugin_dir: "{{ bitnami_code_dir }}/auth/oidc" -bitnami_user: "daemon" -bitnami_user_group: "{{ bitnami_user }}:{{ bitnami_user }}" -docker_compose_flush_handlers: false # Wait for env update +BITNAMI_CODE_LINK: "/bitnami/moodle" +BITNAMI_CODE_DIR: "{{ ['/opt', BITNAMI_CODE_LINK ] | path_join }}" +BITNAMI_DATA_DIR: "/bitnami/moodledata" +BITNAMI_OIDC_PLUGIN_DIR: "{{ [BITNAMI_CODE_DIR,'/auth/oidc'] | path_join }}" +BITNAMI_USER: "daemon" +BITNAMI_USER_GROUP: "{{ BITNAMI_USER }}:{{ BITNAMI_USER }}" -moodle_config: "/bitnami/moodle/config.php" -moodle_version: "{{ applications | get_app_conf(application_id, 'docker.services.moodle.version', True) }}" -moodle_image: "{{ applications | get_app_conf(application_id, 'docker.services.moodle.image', True) }}" -moodle_container: "{{ applications | get_app_conf(application_id, 'docker.services.moodle.name', True) }}" -moodle_volume_data: "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}" -moodle_volume_code: "{{ applications | get_app_conf(application_id, 'docker.volumes.code', True) }}" \ No newline at end of file +MOODLE_CONFIG: "/bitnami/moodle/config.php" +MOODLE_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.moodle.version') }}" +MOODLE_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.moodle.image') }}" +MOODLE_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.moodle.name') }}" +MOODLE_VOLUME_DATA: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}" +MOODLE_VOLUME_CODE: "{{ applications | get_app_conf(application_id, 'docker.volumes.code') }}" \ No newline at end of file diff --git a/roles/web-app-openproject/tasks/main.yml b/roles/web-app-openproject/tasks/main.yml index c2137aa0..bbda9056 100644 --- a/roles/web-app-openproject/tasks/main.yml +++ b/roles/web-app-openproject/tasks/main.yml @@ -3,7 +3,11 @@ include_role: name: sys-stk-full-stateful vars: - client_max_body_size: "30m" + client_max_body_size: "30m" + docker_repository_branch: "stable/{{ OPENPROJECT_VERSION }}" + docker_repository_address: "https://github.com/opf/openproject-deploy" + docker_pull_git_repository: true + docker_compose_flush_handlers: false - name: "Create {{ OPENPROJECT_PLUGINS_FOLDER }}" file: diff --git a/roles/web-app-openproject/vars/main.yml b/roles/web-app-openproject/vars/main.yml index f166840a..15538cc5 100644 --- a/roles/web-app-openproject/vars/main.yml +++ b/roles/web-app-openproject/vars/main.yml @@ -4,12 +4,6 @@ application_id: "web-app-openproject" # Database database_type: "postgres" -# Docker -docker_repository_branch: "stable/{{ OPENPROJECT_VERSION }}" -docker_repository_address: "https://github.com/opf/openproject-deploy" -docker_pull_git_repository: true -docker_compose_flush_handlers: false - # Open Project Specific OPENPROJECT_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.web.version') }}" OPENPROJECT_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.web.image') }}" diff --git a/roles/web-app-openwebui/tasks/main.yml b/roles/web-app-openwebui/tasks/main.yml index e24fb25d..69442126 100644 --- a/roles/web-app-openwebui/tasks/main.yml +++ b/roles/web-app-openwebui/tasks/main.yml @@ -11,3 +11,6 @@ - name: "load docker, proxy for '{{ application_id }}'" include_role: name: sys-stk-full-stateless + vars: + docker_pull_git_repository: false + docker_compose_file_creation_enabled: true diff --git a/roles/web-app-openwebui/vars/main.yml b/roles/web-app-openwebui/vars/main.yml index b55dacf6..d87cd3b3 100644 --- a/roles/web-app-openwebui/vars/main.yml +++ b/roles/web-app-openwebui/vars/main.yml @@ -2,10 +2,6 @@ # General application_id: "web-app-openwebui" -# Docker -docker_pull_git_repository: false -docker_compose_file_creation_enabled: true - # Open WebUI # https://openwebui.com/ OPENWEBUI_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" diff --git a/roles/web-app-peertube/tasks/main.yml b/roles/web-app-peertube/tasks/main.yml index 3f7bbf8b..7555a5e5 100644 --- a/roles/web-app-peertube/tasks/main.yml +++ b/roles/web-app-peertube/tasks/main.yml @@ -12,6 +12,8 @@ - name: "load docker and db for {{ application_id }}" include_role: name: sys-stk-back-stateful + vars: + docker_compose_flush_handlers: true - name: "Install and activate auth-openid-connect plugin if OIDC is enabled" include_tasks: 01_enable-oidc.yml diff --git a/roles/web-app-peertube/vars/main.yml b/roles/web-app-peertube/vars/main.yml index e0270699..1eb2092a 100644 --- a/roles/web-app-peertube/vars/main.yml +++ b/roles/web-app-peertube/vars/main.yml @@ -3,9 +3,6 @@ application_id: "web-app-peertube" database_type: "postgres" entity_name: "{{ application_id | get_entity_name }}" -# Docker -docker_compose_flush_handlers: true - # Role variables PEERTUBE_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.peertube.version') }}" PEERTUBE_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.peertube.image') }}" diff --git a/roles/web-app-pretix/tasks/main.yml b/roles/web-app-pretix/tasks/main.yml index a28c2ba6..dbd3af30 100644 --- a/roles/web-app-pretix/tasks/main.yml +++ b/roles/web-app-pretix/tasks/main.yml @@ -3,5 +3,5 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_web_app_pretix is not defined diff --git a/roles/web-app-roulette-wheel/tasks/main.yml b/roles/web-app-roulette-wheel/tasks/main.yml index a4c7295d..88d817b1 100644 --- a/roles/web-app-roulette-wheel/tasks/main.yml +++ b/roles/web-app-roulette-wheel/tasks/main.yml @@ -2,4 +2,7 @@ include_role: name: sys-stk-full-stateless vars: - docker_compose_flush_handlers: true + docker_compose_flush_handlers: true + docker_repository_address: "https://github.com/kevinveenbirkenbach/roulette-wheel.git" + docker_pull_git_repository: true + docker_repository_branch: "master" diff --git a/roles/web-app-roulette-wheel/vars/main.yml b/roles/web-app-roulette-wheel/vars/main.yml index e23352c8..97d70f5d 100644 --- a/roles/web-app-roulette-wheel/vars/main.yml +++ b/roles/web-app-roulette-wheel/vars/main.yml @@ -1,8 +1,4 @@ application_id: "web-app-roulette-wheel" entity_name: "{{ application_id | get_entity_name }}" -docker_repository_address: "https://github.com/kevinveenbirkenbach/roulette-wheel.git" -docker_pull_git_repository: true -docker_repository_branch: "master" - ROULETTE_WHEEL_APP_REL: "services/repository" \ No newline at end of file diff --git a/roles/web-app-shopware/vars/main.yml b/roles/web-app-shopware/vars/main.yml index eba3d113..884020b8 100644 --- a/roles/web-app-shopware/vars/main.yml +++ b/roles/web-app-shopware/vars/main.yml @@ -5,7 +5,6 @@ entity_name: "{{ application_id | get_entity_name }}" # Docker container_port: "{{ applications | get_app_conf(application_id, 'docker.services.web.port') }}" -docker_compose_flush_handlers: true SHOPWARE_DOMAIN: "{{ domains | get_domain(application_id) }}" diff --git a/roles/web-app-snipe-it/tasks/ldap.yml b/roles/web-app-snipe-it/tasks/ldap.yml index f32efbe0..50a78f02 100644 --- a/roles/web-app-snipe-it/tasks/ldap.yml +++ b/roles/web-app-snipe-it/tasks/ldap.yml @@ -2,7 +2,7 @@ --- - name: "Wait until the Snipe-IT Login is available" uri: - url: "{{ snipe_it_url }}/login" + url: "{{ SNIPE_IT_URL }}/login" method: GET return_content: no status_code: 200 @@ -12,12 +12,12 @@ until: snipeit_admin_check.status == 200 when: not ( applications | get_app_conf(application_id, 'features.oauth2', False)) -- name: "Set all LDAP settings via Laravel Setting model (inside container as {{ snipe_it_user }})" +- name: "Set all LDAP settings via Laravel Setting model (inside container as {{ SNIPE_IT_USER }})" shell: | docker-compose exec -T \ -e APP_KEY='{{ applications | get_app_conf(application_id, 'credentials.app_key', True) }}' \ -e XDG_CONFIG_HOME=/tmp \ - -u {{ snipe_it_user }} application \ + -u {{ SNIPE_IT_USER }} application \ sh -c 'php artisan tinker << "EOF" $s = \App\Models\Setting::getSettings(); $s->ldap_enabled = 1; @@ -53,7 +53,7 @@ - name: Encrypt & save LDAP bind password via Crypt + DB façade shell: | docker-compose exec -T \ - -u {{ snipe_it_user }} \ + -u {{ SNIPE_IT_USER }} \ -e APP_KEY="{{ applications | get_app_conf(application_id, 'credentials.app_key', True) }}" \ -e XDG_CONFIG_HOME=/tmp \ application \ @@ -76,10 +76,10 @@ register: ldap_encrypt failed_when: ldap_encrypt.rc != 0 -- name: "Clear Laravel config & cache (inside container as {{ snipe_it_user }})" +- name: "Clear Laravel config & cache (inside container as {{ SNIPE_IT_USER }})" shell: | - docker-compose exec -T -u {{ snipe_it_user }} application php artisan config:clear - docker-compose exec -T -u {{ snipe_it_user }} application php artisan cache:clear + docker-compose exec -T -u {{ SNIPE_IT_USER }} application php artisan config:clear + docker-compose exec -T -u {{ SNIPE_IT_USER }} application php artisan cache:clear args: chdir: "{{ docker_compose.directories.instance }}" notify: docker compose up \ No newline at end of file diff --git a/roles/web-app-snipe-it/tasks/main.yml b/roles/web-app-snipe-it/tasks/main.yml index f446591d..f8605bf2 100644 --- a/roles/web-app-snipe-it/tasks/main.yml +++ b/roles/web-app-snipe-it/tasks/main.yml @@ -2,6 +2,8 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful + vars: + docker_compose_flush_handlers: true - name: "Configure Snipe-IT LDAP settings" import_tasks: ldap.yml diff --git a/roles/web-app-snipe-it/templates/docker-compose.yml.j2 b/roles/web-app-snipe-it/templates/docker-compose.yml.j2 index ab496ee5..89de90d1 100644 --- a/roles/web-app-snipe-it/templates/docker-compose.yml.j2 +++ b/roles/web-app-snipe-it/templates/docker-compose.yml.j2 @@ -4,8 +4,8 @@ application: {% set container_port = 80 %} - image: "{{ snipe_it_image }}:{{ snipe_it_version }}" - container_name: "{{ snipe_it_container }}" + image: "{{ SNIPE_IT_IMAGE }}:{{ SNIPE_IT_VERSION }}" + container_name: "{{ SNIPE_IT_CONTAINER }}" {% include 'roles/docker-container/templates/base.yml.j2' %} volumes: - data:/var/lib/snipeit @@ -19,6 +19,6 @@ {% include 'roles/docker-compose/templates/volumes.yml.j2' %} data: - name: "{{ snipe_it_volume }}" + name: "{{ SNIPE_IT_VOLUME }}" {% include 'roles/docker-compose/templates/networks.yml.j2' %} diff --git a/roles/web-app-snipe-it/templates/env.j2 b/roles/web-app-snipe-it/templates/env.j2 index 1433f031..daf51a63 100644 --- a/roles/web-app-snipe-it/templates/env.j2 +++ b/roles/web-app-snipe-it/templates/env.j2 @@ -4,7 +4,7 @@ APP_ENV={{ ENVIRONMENT | lower }} APP_DEBUG={{MODE_DEBUG | string | lower }} APP_KEY={{ applications | get_app_conf(application_id, 'credentials.app_key', True)}} -APP_URL={{ snipe_it_url }} +APP_URL={{ SNIPE_IT_URL }} # https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier APP_TIMEZONE='{{ HOST_TIMEZONE }}' APP_LOCALE={{ HOST_LL }} diff --git a/roles/web-app-snipe-it/vars/main.yml b/roles/web-app-snipe-it/vars/main.yml index 16c3ad84..bba4c238 100644 --- a/roles/web-app-snipe-it/vars/main.yml +++ b/roles/web-app-snipe-it/vars/main.yml @@ -2,16 +2,13 @@ application_id: "web-app-snipe-it" # Database -database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password', True) }}" +database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password') }}" database_type: "mariadb" -# Docker -docker_compose_flush_handlers: true - # Snipe-IT specific -snipe_it_url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" -snipe_it_version: "{{ applications | get_app_conf(application_id, 'docker.services.snipe-it.version', True) }}" -snipe_it_image: "{{ applications | get_app_conf(application_id, 'docker.services.snipe-it.image', True) }}" -snipe_it_container: "{{ applications | get_app_conf(application_id, 'docker.services.snipe-it.name', True) }}" -snipe_it_volume: "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}" -snipe_it_user: "www-data" \ No newline at end of file +SNIPE_IT_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" +SNIPE_IT_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.snipe-it.version') }}" +SNIPE_IT_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.snipe-it.image') }}" +SNIPE_IT_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.snipe-it.name') }}" +SNIPE_IT_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}" +SNIPE_IT_USER: "www-data" \ No newline at end of file diff --git a/roles/web-app-taiga/tasks/main.yml b/roles/web-app-taiga/tasks/main.yml index 93d1936d..fb232b5d 100644 --- a/roles/web-app-taiga/tasks/main.yml +++ b/roles/web-app-taiga/tasks/main.yml @@ -3,7 +3,9 @@ include_role: name: sys-stk-full-stateful vars: - docker_compose_flush_handlers: false + docker_compose_flush_handlers: false + docker_repository_address: "https://github.com/taigaio/taiga-docker" + docker_pull_git_repository: true - name: "copy templates {{ TAIGA_SETTING_FILES }} for taiga-contrib-oidc-auth" template: diff --git a/roles/web-app-taiga/vars/main.yml b/roles/web-app-taiga/vars/main.yml index f7396414..c03fb44a 100644 --- a/roles/web-app-taiga/vars/main.yml +++ b/roles/web-app-taiga/vars/main.yml @@ -4,10 +4,6 @@ database_type: "postgres" js_application_name: "Taiga" entity_name: "{{ application_id | get_entity_name }}" -# Docker -docker_repository_address: "https://github.com/taigaio/taiga-docker" -docker_pull_git_repository: true - # Taiga ## General diff --git a/roles/web-app-xwiki/tasks/01_core.yml b/roles/web-app-xwiki/tasks/01_core.yml index e7be5605..2932b51b 100644 --- a/roles/web-app-xwiki/tasks/01_core.yml +++ b/roles/web-app-xwiki/tasks/01_core.yml @@ -49,4 +49,4 @@ xwiki_oidc_enabled_switch: "{{ XWIKI_OIDC_ENABLED | bool }}" xwiki_ldap_enabled_switch: "{{ XWIKI_LDAP_ENABLED | bool }}" -- include_tasks: utils/once_finalize.yml +- include_tasks: utils/once/finalize.yml diff --git a/roles/web-opt-rdr-domains/tasks/main.yml b/roles/web-opt-rdr-domains/tasks/main.yml index 00c9e037..9badb07e 100644 --- a/roles/web-opt-rdr-domains/tasks/main.yml +++ b/roles/web-opt-rdr-domains/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: sys-svc-webserver-https when: run_once_sys_svc_webserver_https is not defined - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_web_opt_rdr_domains is not defined - name: "Include domains redirects" diff --git a/roles/web-svc-cdn/tasks/01_core.yml b/roles/web-svc-cdn/tasks/01_core.yml index e401b2eb..56bdd045 100644 --- a/roles/web-svc-cdn/tasks/01_core.yml +++ b/roles/web-svc-cdn/tasks/01_core.yml @@ -1,4 +1,4 @@ -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml - name: Include dependencies include_role: @@ -7,4 +7,4 @@ - sys-stk-front-proxy - dev-git -- include_tasks: utils/compose_up.yml \ No newline at end of file +- include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/up.yml' ] | path_join }}" \ No newline at end of file diff --git a/roles/web-svc-collabora/tasks/01_core.yml b/roles/web-svc-collabora/tasks/01_core.yml index 5bb780ec..aa1e2cbd 100644 --- a/roles/web-svc-collabora/tasks/01_core.yml +++ b/roles/web-svc-collabora/tasks/01_core.yml @@ -28,4 +28,4 @@ async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/web-svc-coturn/tasks/01_core.yml b/roles/web-svc-coturn/tasks/01_core.yml index 007d3daa..545fd5e6 100644 --- a/roles/web-svc-coturn/tasks/01_core.yml +++ b/roles/web-svc-coturn/tasks/01_core.yml @@ -5,4 +5,4 @@ docker_compose_file_creation_enabled: true docker_pull_git_repository: false -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/web-svc-file/tasks/main.yml b/roles/web-svc-file/tasks/main.yml index 0a71ff53..faa72883 100644 --- a/roles/web-svc-file/tasks/main.yml +++ b/roles/web-svc-file/tasks/main.yml @@ -5,5 +5,5 @@ loop: - sys-stk-front-proxy - dev-git - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_web_svc_file is not defined diff --git a/roles/web-svc-html/tasks/main.yml b/roles/web-svc-html/tasks/main.yml index 134165f7..e304f9d3 100644 --- a/roles/web-svc-html/tasks/main.yml +++ b/roles/web-svc-html/tasks/main.yml @@ -5,5 +5,5 @@ loop: - sys-stk-front-proxy - dev-git - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_web_svc_html is not defined diff --git a/roles/web-svc-libretranslate/tasks/main.yml b/roles/web-svc-libretranslate/tasks/main.yml index 48482bec..e5032f69 100644 --- a/roles/web-svc-libretranslate/tasks/main.yml +++ b/roles/web-svc-libretranslate/tasks/main.yml @@ -2,5 +2,5 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_web_svc_libretranslate is not defined diff --git a/roles/web-svc-logout/tasks/01_core.yml b/roles/web-svc-logout/tasks/01_core.yml index 7d4b5a15..de1bdc0d 100644 --- a/roles/web-svc-logout/tasks/01_core.yml +++ b/roles/web-svc-logout/tasks/01_core.yml @@ -1,4 +1,4 @@ -- include_tasks: utils/once_flag.yml +- include_tasks: utils/once/flag.yml - name: "Add logout domains to CSP connect-src" set_fact: @@ -24,9 +24,10 @@ include_role: name: sys-stk-full-stateless vars: - # Necessary to overwrite parent values - client_max_body_size: "10M" - location_ws: "" + client_max_body_size: "10M" # Necessary to overwrite parent values + location_ws: "" + docker_repository_address: "https://github.com/kevinveenbirkenbach/universal-logout" + docker_pull_git_repository: true - name: Create symbolic link from .env file to repository file: @@ -34,4 +35,4 @@ dest: "{{ [ docker_repository_path, '.env' ] | path_join }}" state: link -- include_tasks: utils/compose_up.yml \ No newline at end of file +- include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/up.yml' ] | path_join }}" \ No newline at end of file diff --git a/roles/web-svc-logout/vars/main.yml b/roles/web-svc-logout/vars/main.yml index 6d1d458b..f48904d9 100644 --- a/roles/web-svc-logout/vars/main.yml +++ b/roles/web-svc-logout/vars/main.yml @@ -1,6 +1,4 @@ application_id: "web-svc-logout" -docker_repository_address: "https://github.com/kevinveenbirkenbach/universal-logout" -docker_pull_git_repository: true container_port: 8000 # The following line leads to that services which arent listed directly in the inventory, diff --git a/roles/web-svc-onlyoffice/tasks/01_core.yml b/roles/web-svc-onlyoffice/tasks/01_core.yml index 5561df4b..715a7131 100644 --- a/roles/web-svc-onlyoffice/tasks/01_core.yml +++ b/roles/web-svc-onlyoffice/tasks/01_core.yml @@ -6,4 +6,4 @@ docker_compose_file_creation_enabled: true docker_pull_git_repository: false -- include_tasks: utils/once_finalize.yml \ No newline at end of file +- include_tasks: utils/once/finalize.yml \ No newline at end of file diff --git a/roles/web-svc-simpleicons/tasks/main.yml b/roles/web-svc-simpleicons/tasks/main.yml index 8d16cd78..1c8bc3dc 100644 --- a/roles/web-svc-simpleicons/tasks/main.yml +++ b/roles/web-svc-simpleicons/tasks/main.yml @@ -17,5 +17,5 @@ - { source: "package.json.j2", target: "{{ simpleicons_host_package_file }}" } notify: - docker compose up - - include_tasks: utils/once_finalize.yml + - include_tasks: utils/once/finalize.yml when: run_once_web_svc_simpleicons is not defined diff --git a/tasks/utils/compose_up.yml b/tasks/utils/compose_up.yml deleted file mode 100644 index dd79c6be..00000000 --- a/tasks/utils/compose_up.yml +++ /dev/null @@ -1,10 +0,0 @@ -- name: "Ensure that docker compose is up" - # This is a little hack to guaranty that the docker containers are allways up - # It isn't the cleanest solution to have it here but it should fullfill their purpose - include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/05_ensure_up.yml" - when: - - docker_compose is defined - - (application_id | get_entity_name) == (docker_compose.directories.instance | basename) - -- meta: flush_handlers - when: flush_handlers | default(true) | bool \ No newline at end of file diff --git a/tasks/utils/once/README.md b/tasks/utils/once/README.md new file mode 100644 index 00000000..b5f734a7 --- /dev/null +++ b/tasks/utils/once/README.md @@ -0,0 +1,2 @@ +# Run Once Routines +Set's flags and execute routines for tasks which should just run once \ No newline at end of file diff --git a/tasks/utils/once_finalize.yml b/tasks/utils/once/finalize.yml similarity index 50% rename from tasks/utils/once_finalize.yml rename to tasks/utils/once/finalize.yml index 62df28be..98225516 100644 --- a/tasks/utils/once_finalize.yml +++ b/tasks/utils/once/finalize.yml @@ -1,6 +1,6 @@ --- # This is necessary to flush the handlers before the when is set, because otherwise the when will be attached to the handlers -- include_tasks: utils/compose_up.yml +- include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/up.yml' ] | path_join }}" -- include_tasks: utils/once_flag.yml \ No newline at end of file +- include_tasks: utils/once/flag.yml \ No newline at end of file diff --git a/tasks/utils/once_flag.yml b/tasks/utils/once/flag.yml similarity index 100% rename from tasks/utils/once_flag.yml rename to tasks/utils/once/flag.yml diff --git a/tests/integration/test_run_once_global_usage.py b/tests/integration/test_run_once_global_usage.py index e37d69ae..02185b50 100644 --- a/tests/integration/test_run_once_global_usage.py +++ b/tests/integration/test_run_once_global_usage.py @@ -10,7 +10,7 @@ What it enforces: - That exact suffix must be defined EITHER A) globally via any `set_fact:` assigning `run_once_: ...`, OR B) inside that role's tasks: - - include_tasks|import_tasks: utils/once_finalize.yml (any style), OR + - include_tasks|import_tasks: utils/once/finalize.yml (any style), OR - set_fact: { run_once_: ... } * If does NOT match any role (an unknown suffix): - It MUST be defined globally via `set_fact` somewhere in a valid YAML file. @@ -45,8 +45,8 @@ RUN_ONCE_USAGE_RE = re.compile(r'\brun_once_([A-Za-z0-9_]+)\b') # Task files that "define" a run-once flag for a role RUN_ONCE_TASK_FILES = ( - 'utils/once_finalize.yml', - 'utils/once_flag.yml', + 'utils/once/finalize.yml', + 'utils/once/flag.yml', ) @@ -146,7 +146,7 @@ def file_role_by_prefix(path: str, role_tasks_roots: dict[str, str]) -> str | No def role_defines_suffix_in_doc(doc, role_suffix: str) -> bool: """ Return True if this YAML doc (already parsed) defines run-once for the given role suffix via: - A) include/import utils/once_finalize.yml or utils/once_flag.yml (string or mapping style), OR + A) include/import utils/once/finalize.yml or utils/once/flag.yml (string or mapping style), OR B) set_fact: { run_once_: ... } """ if doc is None: @@ -156,7 +156,7 @@ def role_defines_suffix_in_doc(doc, role_suffix: str) -> bool: while queue: node = queue.pop() if isinstance(node, dict): - # A) include/import utils/once_finalize.yml or utils/once_flag.yml + # A) include/import utils/once/finalize.yml or utils/once/flag.yml for key in ('include_tasks', 'import_tasks'): if key in node: val = node[key] @@ -241,7 +241,7 @@ class RunOnceGlobalUsageFastTest(unittest.TestCase): role = file_role_by_prefix(yml, role_tasks_roots) if role: role_suffix = suffix_for_role[role] - # utils/once_finalize.yml inside role tasks defines that role's own suffix + # utils/once/finalize.yml inside role tasks defines that role's own suffix # OR a direct set_fact with exact run_once_ for doc in docs: if role_defines_suffix_in_doc(doc, role_suffix): @@ -276,7 +276,7 @@ class RunOnceGlobalUsageFastTest(unittest.TestCase): "Some run_once_ usages in valid YAML files are missing exact definitions.", "Rules:", " • Unknown suffixes must be defined globally via set_fact.", - " • Known role suffixes must be defined globally OR in that role (include/import utils/once_finalize.yml or set_fact).", + " • Known role suffixes must be defined globally OR in that role (include/import utils/once/finalize.yml or set_fact).", "", "Offenders:" ] diff --git a/tests/integration/test_run_once_inclusion.py b/tests/integration/test_run_once_inclusion.py index a705f884..9b08d55e 100644 --- a/tests/integration/test_run_once_inclusion.py +++ b/tests/integration/test_run_once_inclusion.py @@ -19,7 +19,7 @@ class RunOnceInclusionTest(unittest.TestCase): Ensure that every Ansible block in roles/*/tasks with a when condition matching either the dynamic Jinja scheme or a literal run_once_ is not defined, and containing an include_role/import_role also ends with - include_tasks: utils/once_finalize.yml as its last task. + include_tasks: utils/once/finalize.yml as its last task. """ WHEN_PATTERN = re.compile( r"(?:run_once_\+\s*\(role_name\s*\|\s*lower\s*\|\s*replace\('\-','\_'\)\)\s*is\s*(?:not\s+)?defined" @@ -64,16 +64,16 @@ class RunOnceInclusionTest(unittest.TestCase): isinstance(t, dict) and ('include_role' in t or 'import_role' in t) for t in block ) - # Check that last task is include_tasks: utils/once_finalize.yml + # Check that last task is include_tasks: utils/once/finalize.yml last_task = block[-1] if block else None has_run_once_include = ( isinstance(last_task, dict) - and last_task.get('include_tasks') == 'utils/once_finalize.yml' + and last_task.get('include_tasks') == 'utils/once/finalize.yml' ) if has_role_include and not has_run_once_include: violations.append( - f"{filepath}: block with when='{when}' missing final include_tasks: utils/once_finalize.yml" + f"{filepath}: block with when='{when}' missing final include_tasks: utils/once/finalize.yml" ) if violations: