Refactor task includes and update variable handling for Ansible 2.20 migration

This commit updates multiple roles to ensure compatibility with Ansible 2.20. Several include paths and task-loading mechanisms required adjustments, as Ansible 2.20 applies stricter evaluation rules for complex Jinja expressions and no longer resolves certain relative include paths the way Ansible 2.18 did. Key changes: - Replaced legacy once_finalize.yml and once_flag.yml with the new structure under tasks/utils/once/finalize.yml and tasks/utils/once/flag.yml. - Updated all include_tasks statements to use 'path_join' with playbook_dir, ensuring deterministic and absolute file resolution across roles. - Fixed all network helper includes by converting direct relative paths such as 'roles/docker-compose/tasks/utils/network.yml' to proper Jinja-evaluated paths. - Normalized MATOMO_* variable names for consistency with the updated variable scope behavior in Ansible 2.20. - Removed deprecated patterns that were implicitly supported in Ansible 2.18 but break under the more strict variable and path resolution model in 2.20. These changes are part of the full migration step required to ensure the infinito-nexus roles remain stable, deterministic, and forward-compatible with Ansible 2.20. Details of the discussion and reasoning can be found in this conversation: https://chatgpt.com/share/69300a8d-24d4-800f-bec0-e895a695618a
2025-12-10 11:26:24 +00:00 · 2025-12-03 11:02:34 +01:00
parent a6ed047765
commit 716ebef33b
169 changed files with 348 additions and 399 deletions
--- a/roles/desk-git/tasks/main.yml
+++ b/roles/desk-git/tasks/main.yml
@@ -16,6 +16,6 @@
      command: gitconfig --merge-option rebase --name "{{users.client.full_name}}" --email "{{users.client.email}}" --website "{{users.client.website}}" --signing gpg --gpg-key "{{users.client.gpg}}"
      become: false
  
-    - include_tasks: utils/once_finalize.yml
+    - include_tasks: utils/once/finalize.yml
      vars:
        flush_handlers: false
--- a/roles/desk-gnome-caffeine/tasks/01_core.yml
+++ b/roles/desk-gnome-caffeine/tasks/01_core.yml
@@ -20,4 +20,4 @@
    src: caffeine.desktop.j2
    dest: "{{auto_start_directory}}caffeine.desktop"

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/desk-qbittorrent/tasks/main.yml
+++ b/roles/desk-qbittorrent/tasks/main.yml
@@ -10,5 +10,5 @@
      use: yay
      name:
      - qbittorrent
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_desk_qbittorrent is not defined
--- a/roles/desk-spotify/tasks/main.yml
+++ b/roles/desk-spotify/tasks/main.yml
@@ -9,5 +9,5 @@
      use: yay
      name:
      - spotify
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_desk_spotify is not defined
--- a/roles/desk-ssh/tasks/01_core.yml
+++ b/roles/desk-ssh/tasks/01_core.yml
@@ -50,4 +50,4 @@
    mode: "0644"
  become: false

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/desk-zoom/tasks/main.yml
+++ b/roles/desk-zoom/tasks/main.yml
@@ -9,5 +9,5 @@
      name:
      - zoom
    become: false
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_desk_zoom is not defined
--- a/roles/dev-fakeroot/tasks/main.yml
+++ b/roles/dev-fakeroot/tasks/main.yml
@@ -6,6 +6,6 @@
        name: fakeroot
        state: present

-    - include_tasks: utils/once_finalize.yml
+    - include_tasks: utils/once/finalize.yml
      vars:
        flush_handlers: false
--- a/roles/dev-git/tasks/main.yml
+++ b/roles/dev-git/tasks/main.yml
@@ -4,7 +4,7 @@
        name: git
        state:  present

-    - include_tasks: utils/once_finalize.yml
+    - include_tasks: utils/once/finalize.yml
      vars:
        flush_handlers: false
  when: run_once_dev_git is not defined
--- a/roles/dev-python-pip/tasks/main.yml
+++ b/roles/dev-python-pip/tasks/main.yml
@@ -9,7 +9,7 @@
      name: python-pip
      state: present

-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
    vars:
      flush_handlers: false
  when: run_once_dev_python_pip is not defined
--- a/roles/dev-python-yaml/tasks/main.yml
+++ b/roles/dev-python-yaml/tasks/main.yml
@@ -6,6 +6,6 @@
        name: python-yaml
        state: present
      
-    - include_tasks: utils/once_finalize.yml
+    - include_tasks: utils/once/finalize.yml
      vars:
        flush_handlers: false
--- a/roles/dev-shell/tasks/01_core.yml
+++ b/roles/dev-shell/tasks/01_core.yml
@@ -18,4 +18,4 @@
    mode: "0644"
  become: false

- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml
--- a/roles/dev-yay/tasks/01_core.yml
+++ b/roles/dev-yay/tasks/01_core.yml
@@ -55,4 +55,4 @@
    aur_only: yes
  when: MODE_UPDATE | bool

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/docker-compose/defaults/main.yml
+++ b/roles/docker-compose/defaults/main.yml
@@ -1,3 +1,2 @@
 docker_compose_file_creation_enabled: true  # If set to true the file creation will be skipped
-docker_pull_git_repository:           false # Activates docker repository download and routine
 docker_compose_flush_handlers:        false # Set to true in the vars/main.yml of the including role to autoflush after docker compose routine
--- a/roles/docker-compose/tasks/01_core.yml
+++ b/roles/docker-compose/tasks/01_core.yml
@@ -1,4 +1,4 @@
- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml

 - name: Remove all docker compose pull locks
  file:
--- a/roles/docker-compose/tasks/main.yml
+++ b/roles/docker-compose/tasks/main.yml
@@ -21,7 +21,7 @@
  - name: "Include file management routines for '{{ application_id }}'."
    include_tasks: "04_files.yml"
  - name: "Ensure that {{ docker_compose.directories.instance }} is up"
-    include_tasks: "05_ensure_up.yml"
+    include_tasks: "utils/up.yml"
  when: docker_compose_file_creation_enabled | bool

 - name: "flush docker compose for '{{ application_id }}'"
--- a/roles/docker-compose/tasks/utils/network.yml
+++ b/roles/docker-compose/tasks/utils/network.yml
@@ -0,0 +1,17 @@
+- name: Include docker to setup docker
+  include_role:
+    name: sys-svc-docker
+  when: run_once_sys_svc_docker is not defined
+
+- name: create docker network for Ollama, so that other applications can access it
+  community.docker.docker_network:
+    name: "{{ docker_network_name }}"
+    state: present
+    ipam_config:
+      - subnet: "{{ docker_network_subnet }}"
+
+- name: "include docker-compose role"
+  include_role:
+    name: docker-compose
+  vars:
+    docker_compose_flush_handlers: true
--- a/roles/docker-compose/tasks/05_ensure_up.yml
+++ b/roles/docker-compose/tasks/05_ensure_up.yml
@@ -13,10 +13,16 @@
      (docker_ps.stderr | default(''))
      | regex_search('(no configuration file provided|no such file or directory|env file .* not found)') is none
    )
-  when: >
+  when: 
+    - >
      not (
        docker_compose_template.changed | default(false)
        or
        env_template.changed          | default(false)
      )
+    - docker_compose is defined # @todo remove in the future, non docker roles shouldn't include this file
+    - (application_id | get_entity_name) == (docker_compose.directories.instance | basename)
  notify: docker compose up
+
+- meta: flush_handlers
+  when: flush_handlers | default(true) | bool
--- a/roles/docker-container/tasks/01_core.yml
+++ b/roles/docker-container/tasks/01_core.yml
@@ -2,4 +2,4 @@
    name: sys-svc-docker
  when: run_once_sys_svc_docker is not defined

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/drv-epson-multiprinter/tasks/01_core.yml
+++ b/roles/drv-epson-multiprinter/tasks/01_core.yml
@@ -18,4 +18,4 @@
    name: imagescan
    state: present

- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml
--- a/roles/pkgmgr-install/tasks/01_core.yml
+++ b/roles/pkgmgr-install/tasks/01_core.yml
@@ -10,4 +10,4 @@
  register: pkgmgr_update
  changed_when: "'already up to date' not in (pkgmgr_update.stdout | lower)"

- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml
--- a/roles/pkgmgr/tasks/01_core.yml
+++ b/roles/pkgmgr/tasks/01_core.yml
@@ -48,4 +48,4 @@
  command: "pkgmgr pull --all"
  when: MODE_UPDATE | bool

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/svc-ai-ollama/tasks/01_core.yml
+++ b/roles/svc-ai-ollama/tasks/01_core.yml
@@ -1,20 +1,9 @@
- name: create docker network for Ollama, so that other applications can access it
-  community.docker.docker_network:
-    name: "{{ OLLAMA_NETWORK }}"
-    state: present
-    ipam_config:
-      - subnet: "{{ networks.local[application_id].subnet }}"

- name: Include dependency 'sys-svc-docker'
-  include_role:
-    name: sys-svc-docker
-  when: run_once_sys_svc_docker is not defined
-
- name: "include docker-compose role"
-  include_role:
-    name: docker-compose
+- name: "Setup docker network for {{ application_id }}"
+  include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/network.yml' ] | path_join }}"
  vars:
-    docker_compose_flush_handlers: true
+    docker_network_name:    "{{ OLLAMA_NETWORK }}"
+    docker_network_subnet:  "{{ networks.local[application_id].subnet }}"

 - name: Pre-pull Ollama models
  vars:
@@ -35,4 +24,4 @@
    (pull_result.rc | default(0)) != 0 and
    ('up to date' not in (pull_result.stdout | default('')))

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/svc-ai-ollama/vars/main.yml
+++ b/roles/svc-ai-ollama/vars/main.yml
@@ -1,9 +1,6 @@
 # General
 application_id:                 "svc-ai-ollama"

-# Docker
-docker_compose_flush_handlers:  true
-
 # Ollama
 # https://ollama.com/
 OLLAMA_VERSION:                 "{{ applications | get_app_conf(application_id, 'docker.services.ollama.version') }}"
--- a/roles/svc-bkp-loc-2-usb/tasks/main.yml
+++ b/roles/svc-bkp-loc-2-usb/tasks/main.yml
@@ -5,7 +5,7 @@
    loop:
    - sys-ctl-cln-bkps
    - sys-lock
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_svc_bkp_loc_2_usb is not defined

 - name: Fail if any backup_to_usb variable is empty
--- a/roles/svc-bkp-rmt-2-loc/tasks/main.yml
+++ b/roles/svc-bkp-rmt-2-loc/tasks/main.yml
@@ -7,7 +7,7 @@
    - sys-ctl-alm-compose
    - sys-lock
    - sys-timer-cln-bkps
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_svc_bkp_rmt_2_loc is not defined

 - name: "Create Directory '{{ DOCKER_BACKUP_REMOTE_2_LOCAL_DIR }}'"
--- a/roles/svc-db-mariadb/tasks/01_core.yml
+++ b/roles/svc-db-mariadb/tasks/01_core.yml
@@ -1,10 +1,8 @@
-
- name: Create Docker network for MariaDB
-  community.docker.docker_network:
-    name: "{{ mariadb_network }}"
-    state: present
-    ipam_config:
-      - subnet: "{{ mariadb_subnet }}"
+- name: "Setup docker network for {{ application_id }}"
+  include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/network.yml' ] | path_join }}"
+  vars:
+    docker_network_name:    "{{ mariadb_network }}"
+    docker_network_subnet:  "{{ mariadb_subnet }}"

 - name: install MariaDB
  community.docker.docker_container:
@@ -47,4 +45,4 @@
    - setup_mariadb_container_result is defined
    - setup_mariadb_container_result.changed

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/svc-db-openldap/tasks/main.yml
+++ b/roles/svc-db-openldap/tasks/main.yml
@@ -1,8 +1,9 @@
 ---
-
- name: "include docker-compose role"
-  include_role:
-    name: docker-compose
+- name: "Setup docker network for {{ application_id }}"
+  include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/network.yml' ] | path_join }}"
+  vars:
+    docker_network_name:    "{{ OPENLDAP_NETWORK }}"
+    docker_network_subnet:  "{{ networks.local[application_id].subnet }}"

 - name: Create {{ domains | get_domain(application_id) }}.conf if LDAP is exposed to internet
  template:
@@ -17,15 +18,6 @@
    state: absent
  when: not OPENLDAP_NETWORK_SWITCH_PUBLIC | bool

- name: create docker network for LDAP, so that other applications can access it
-  community.docker.docker_network:
-    name: "{{ OPENLDAP_NETWORK }}"
-    state: present
-    ipam_config:
-      - subnet: "{{ networks.local[application_id].subnet }}"
-
- meta: flush_handlers
-
 - name: "Wait for LDAP to be available"
  wait_for:
    host: "127.0.0.1"
--- a/roles/svc-db-postgres/tasks/01_core.yml
+++ b/roles/svc-db-postgres/tasks/01_core.yml
@@ -3,27 +3,15 @@
    POSTGRES_ALLOWED_AVG_CONNECTIONS: "{{ (POSTGRES_MAX_CONNECTIONS | split_postgres_connections(playbook_dir ~ '/roles')) | int }}"
  run_once: true

- name: Include dependency 'sys-svc-docker'
-  include_role:
-    name: sys-svc-docker
-  when: run_once_sys_svc_docker is not defined
-
- name: Create Docker network for PostgreSQL
-  community.docker.docker_network:
-    name: "{{ POSTGRES_NETWORK_NAME }}"
-    state: present
-    ipam_config:
-    - subnet: "{{ POSTGRES_SUBNET }}"
-
- name: "include docker-compose role"
-  include_role:
-    name: docker-compose
+- name: "Setup docker network for {{ application_id }}"
+  include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/network.yml' ] | path_join }}"
  vars:
-    docker_compose_flush_handlers: true
+    docker_network_name:    "{{ POSTGRES_NETWORK_NAME }}"
+    docker_network_subnet:  "{{ POSTGRES_SUBNET }}"

 - name: install python-psycopg2
  community.general.pacman:
    name: python-psycopg2
    state: present

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/svc-db-postgres/vars/main.yml
+++ b/roles/svc-db-postgres/vars/main.yml
@@ -2,9 +2,6 @@
 application_id:                           svc-db-postgres
 entity_name:                              "{{ application_id | get_entity_name }}"

-# Docker
-docker_compose_flush_handlers:            true
-
 # Docker Compose
 database_type:                            "{{ entity_name }}"

--- a/roles/svc-opt-keyboard-color/tasks/01_core.yml
+++ b/roles/svc-opt-keyboard-color/tasks/01_core.yml
@@ -17,4 +17,4 @@
    system_service_timer_enabled: true
    persistent:                   true

- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml
--- a/roles/svc-opt-swapfile/tasks/01_core.yml
+++ b/roles/svc-opt-swapfile/tasks/01_core.yml
@@ -11,4 +11,4 @@
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/svc-prx-openresty/tasks/main.yml
+++ b/roles/svc-prx-openresty/tasks/main.yml
@@ -5,5 +5,5 @@
    vars:
      docker_compose_flush_handlers:  true
      docker_pull_git_repository:     false # Deactivated here to deactivate inhirement
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_svc_prx_openresty is not defined
--- a/roles/sys-bkp-provider-user/tasks/01_core.yml
+++ b/roles/sys-bkp-provider-user/tasks/01_core.yml
@@ -16,4 +16,4 @@

 - include_tasks: 03_permissions_folders.yml

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-bkp-provider/tasks/01_core.yml
+++ b/roles/sys-bkp-provider/tasks/01_core.yml
@@ -4,4 +4,4 @@
  loop:
  - sys-bkp-provider-user
  - sys-timer-cln-bkps
- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-cli/tasks/main.yml
+++ b/roles/sys-cli/tasks/main.yml
@@ -3,7 +3,7 @@
    include_role:
      name: dev-yay
    when: run_once_dev_yay is not defined
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_sys_cli is not defined

 - name: "pkgmgr install infinito"
--- a/roles/sys-ctl-alm-compose/tasks/01_core.yml
+++ b/roles/sys-ctl-alm-compose/tasks/01_core.yml
@@ -1,4 +1,4 @@
- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml

 - name: "Include dependent services for '{{ system_service_id  }}'"
  include_role:
--- a/roles/sys-ctl-alm-email/tasks/01_core.yml
+++ b/roles/sys-ctl-alm-email/tasks/01_core.yml
@@ -1,4 +1,4 @@
- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml

 - name: Include dependencies
  include_role:
--- a/roles/sys-ctl-alm-telegram/tasks/01_core.yml
+++ b/roles/sys-ctl-alm-telegram/tasks/01_core.yml
@@ -22,4 +22,4 @@
    name: curl
    state: present

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml
+++ b/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml
@@ -28,4 +28,4 @@
    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
    # system_service_tpl_exec_start_post: "/usr/bin/systemctl start {{ SYS_SERVICE_CLEANUP_BACKUPS }}" # Not possible to use it because it's a deathlock. Keep this line for documentation purposes

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-cln-anon-volumes/tasks/main.yml
+++ b/roles/sys-ctl-cln-anon-volumes/tasks/main.yml
@@ -14,6 +14,6 @@
      system_service_copy_files:          false
      system_service_force_linear_sync:   false

-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when:
    - run_once_sys_ctl_cln_anon_volumes is not defined
--- a/roles/sys-ctl-cln-bkps/tasks/01_core.yml
+++ b/roles/sys-ctl-cln-bkps/tasks/01_core.yml
@@ -22,6 +22,6 @@
    system_service_copy_files:          true
    system_service_force_linear_sync:   false

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
  vars:
    flush_handlers: true
--- a/roles/sys-ctl-cln-certs/tasks/01_core.yml
+++ b/roles/sys-ctl-cln-certs/tasks/01_core.yml
@@ -19,4 +19,4 @@
    system_service_copy_files:        false
    system_service_force_linear_sync: false

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-cln-disc-space/tasks/01_core.yml
+++ b/roles/sys-ctl-cln-disc-space/tasks/01_core.yml
@@ -16,4 +16,4 @@
    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(" ") }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"'
    system_service_force_linear_sync:   false

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-cln-docker/tasks/main.yml
+++ b/roles/sys-ctl-cln-docker/tasks/main.yml
@@ -19,5 +19,5 @@
        system_service_force_linear_sync:   false
        system_service_force_flush:         "{{ MODE_CLEANUP }}"

-    - include_tasks: utils/once_finalize.yml
+    - include_tasks: utils/once/finalize.yml
  when: run_once_sys_ctl_cln_docker is not defined
--- a/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml
+++ b/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml
@@ -22,4 +22,4 @@
    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(" ") }} --timeout "{{ SYS_TIMEOUT_CLEANUP_SERVICES }}"'
    system_service_tpl_exec_start:      '/bin/sh -c "{{ CLEANUP_FAILED_BACKUPS_PKG }} --all --workers {{ CLEANUP_FAILED_BACKUPS_WORKERS }} --yes"'
    system_service_force_linear_sync:   false
- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-hlth-btrfs/tasks/01_core.yml
+++ b/roles/sys-ctl-hlth-btrfs/tasks/01_core.yml
@@ -10,4 +10,4 @@
    system_service_timer_enabled:  true
    system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-hlth-csp/tasks/01_core.yml
+++ b/roles/sys-ctl-hlth-csp/tasks/01_core.yml
@@ -23,4 +23,4 @@
      --nginx-config-dir={{ NGINX.DIRECTORIES.HTTP.SERVERS }}
      --ignore-network-blocks-from {{ HEALTH_CSP_IGNORE_NETWORK_BLOCKS_FROM | join(' ') }}

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-hlth-disc-space/tasks/01_core.yml
+++ b/roles/sys-ctl-hlth-disc-space/tasks/01_core.yml
@@ -11,4 +11,4 @@
    system_service_tpl_exec_start: "{{ system_service_script_exec }} {{ SIZE_PERCENT_CLEANUP_DISC_SPACE }}"
    system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_CLEANUP_DISC_SPACE }}"

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-hlth-docker-container/tasks/01_core.yml
+++ b/roles/sys-ctl-hlth-docker-container/tasks/01_core.yml
@@ -15,4 +15,4 @@
    system_service_on_calendar:     "{{ SYS_SCHEDULE_HEALTH_DOCKER_CONTAINER }}"
    system_service_tpl_on_failure:  "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_REPAIR_DOCKER_SOFT }}"

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml
+++ b/roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml
@@ -11,4 +11,4 @@
    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_CLEANUP_ANONYMOUS_VOLUMES }}"
    system_service_tpl_exec_start:      '{{ system_service_script_exec }} "{{ DOCKER_WHITELISTET_ANON_VOLUMES | join(" ") }}"'

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-hlth-journalctl/tasks/01_core.yml
+++ b/roles/sys-ctl-hlth-journalctl/tasks/01_core.yml
@@ -11,4 +11,4 @@
    system_service_tpl_on_failure:  "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
    system_service_suppress_flush:  true # There are almost allways errors in the journalctl logs so suppression is neccessary to let playbook run

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-hlth-msmtp/tasks/01_core.yml
+++ b/roles/sys-ctl-hlth-msmtp/tasks/01_core.yml
@@ -13,4 +13,4 @@
    - not MODE_RESET | bool
    - users['no-reply'].mailu_token is defined

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-hlth-webserver/tasks/01_core.yml
+++ b/roles/sys-ctl-hlth-webserver/tasks/01_core.yml
@@ -26,4 +26,4 @@
      --expectations '{{ applications | web_health_expectations(www_enabled=WWW_REDIRECT_ENABLED | bool, group_names=group_names) | to_json }}'
    system_service_suppress_flush:        true # The healthcheck will just work after all routines passed

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml
+++ b/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml
@@ -21,4 +21,4 @@
    system_service_tpl_on_failure:    "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
    system_service_force_linear_sync: false

- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml
--- a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml
+++ b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml
@@ -22,4 +22,4 @@
    system_service_tpl_on_failure:    "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
    system_service_force_linear_sync: false

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml
+++ b/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml
@@ -20,4 +20,4 @@
    system_service_tpl_exec_start:    "/bin/sh -c 'btrfs-auto-balancer 90 10'"
    system_service_force_linear_sync: true

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml
+++ b/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml
@@ -14,4 +14,4 @@
    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
    system_service_force_linear_sync:   true

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml
+++ b/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml
@@ -12,4 +12,4 @@
      /bin/sh -c '{{ system_service_script_exec }} --manipulation-string "{{ SYS_SERVICE_GROUP_MANIPULATION | join(" ") }}" {{ PATH_DOCKER_COMPOSE_INSTANCES }}'
    system_service_force_linear_sync:   true

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-daemon/tasks/main.yml
+++ b/roles/sys-daemon/tasks/main.yml
@@ -4,5 +4,5 @@
    when: MODE_RESET | bool and run_once_sys_daemon is not defined
  - name: Apply systemd manager defaults
    include_tasks: 02_defaults.yml
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_sys_daemon is not defined
--- a/roles/sys-dns-wildcards/tasks/01_core.yml
+++ b/roles/sys-dns-wildcards/tasks/01_core.yml
@@ -9,4 +9,4 @@
    cloudflare_async_poll:    "{{ ASYNC_POLL }}"
  when: DNS_PROVIDER == 'cloudflare'

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-front-inj-all/tasks/main.yml
+++ b/roles/sys-front-inj-all/tasks/main.yml
@@ -2,8 +2,10 @@
    - name: Include dependency 'sys-svc-webserver-core'
      include_role:
        name: sys-svc-webserver-core
+      vars:
+        docker_pull_git_repository: false # Deactivated here to don't inhire this
      when: run_once_sys_svc_webserver_core is not defined
-    - include_tasks: utils/once_finalize.yml
+    - include_tasks: utils/once/finalize.yml
  when: run_once_sys_front_inj_all is not defined

 - name: Build inj_enabled for '{{ domain }}'"
--- a/roles/sys-front-inj-all/vars/main.yml
+++ b/roles/sys-front-inj-all/vars/main.yml
@@ -1,5 +1,4 @@
 # Docker
-docker_pull_git_repository: false # Deactivated here to don't inhire this

 SRV_WEB_INJ_COMP_FEATURES_ALL:
  - 'javascript'
--- a/roles/sys-front-inj-css/tasks/01_core.yml
+++ b/roles/sys-front-inj-css/tasks/01_core.yml
@@ -29,4 +29,4 @@
    mode:   '0644'
  loop: "{{ CSS_FILES }}"

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-front-inj-desktop/tasks/01_core.yml
+++ b/roles/sys-front-inj-desktop/tasks/01_core.yml
@@ -6,4 +6,4 @@
    group:  "{{ NGINX.USER }}"
    mode:   '0644'

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-lock/tasks/main.yml
+++ b/roles/sys-lock/tasks/main.yml
@@ -5,7 +5,7 @@
        src: sys-lock.py
        dest: "{{ PATH_SYSTEM_LOCK_SCRIPT }}"

-    - include_tasks: utils/once_finalize.yml
+    - include_tasks: utils/once/finalize.yml
      vars:
        flush_handlers: false
  when: run_once_sys_lock is not defined
--- a/roles/sys-postfix/tasks/main.yml
+++ b/roles/sys-postfix/tasks/main.yml
@@ -3,7 +3,7 @@
    include_role:
      name: user-administrator
    when: run_once_user_administrator is not defined
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_sys_postfix is not defined

 - name: install postfix
--- a/roles/sys-service/tasks/01_core.yml
+++ b/roles/sys-service/tasks/01_core.yml
@@ -7,4 +7,4 @@
  include_tasks: 02_reset.yml
  when: MODE_RESET | bool

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-stk-front-base/tasks/main.yml
+++ b/roles/sys-stk-front-base/tasks/main.yml
@@ -3,7 +3,7 @@
    include_role:
      name: sys-svc-webserver-https
    when: run_once_sys_svc_webserver_https is not defined
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_sys_stk_front_base is not defined

 - include_tasks: "01_cloudflare.yml"
--- a/roles/sys-svc-cdn/tasks/main.yml
+++ b/roles/sys-svc-cdn/tasks/main.yml
@@ -8,7 +8,7 @@
        group: "{{ NGINX.USER }}"
        mode:  "0755"
      loop: "{{ CDN_DIRS_GLOBAL }}"
-    - include_tasks: utils/once_finalize.yml
+    - include_tasks: utils/once/finalize.yml
  when:
    - run_once_sys_svc_cdn is not defined

--- a/roles/sys-svc-certbot/tasks/01_core.yml
+++ b/roles/sys-svc-certbot/tasks/01_core.yml
@@ -7,4 +7,4 @@
  include_tasks: 02_no_webroot.yml
  when: CERTBOT_ACME_CHALLENGE_METHOD != 'webroot'

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-svc-certs/tasks/main.yml
+++ b/roles/sys-svc-certs/tasks/main.yml
@@ -3,7 +3,7 @@
    include_role:
      name: sys-svc-webserver-https
    when: run_once_sys_svc_webserver_https is not defined
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_sys_svc_certs is not defined

 - name: "Include flavor '{{ CERTBOT_FLAVOR }}' for '{{ domain }}'"
--- a/roles/sys-svc-cln-domains/tasks/main.yml
+++ b/roles/sys-svc-cln-domains/tasks/main.yml
@@ -50,5 +50,5 @@
 #    'No certificate found with name' not in certbot_delete_result.stderr
 #  changed_when: >
 #    certbot_delete_result.rc == 0
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_sys_svc_cln_domains is not defined
--- a/roles/sys-svc-dns/tasks/01_core.yml
+++ b/roles/sys-svc-dns/tasks/01_core.yml
@@ -36,4 +36,4 @@
    parent_dns_proxied: false
  when: run_once_sys_dns_wildcards is not defined

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-svc-docker/tasks/01_core.yml
+++ b/roles/sys-svc-docker/tasks/01_core.yml
@@ -1,4 +1,4 @@
- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml

 - name: docker & docker compose install
  community.general.pacman:
--- a/roles/sys-svc-journalctl/tasks/main.yml
+++ b/roles/sys-svc-journalctl/tasks/main.yml
@@ -3,7 +3,7 @@
    include_role:
      name: sys-ctl-hlth-journalctl
    when: run_once_sys_ctl_hlth_journalctl is not defined
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_sys_svc_journalctl is not defined

 - name: copy journald.conf
--- a/roles/sys-svc-letsencrypt/tasks/01_core.yml
+++ b/roles/sys-svc-letsencrypt/tasks/01_core.yml
@@ -9,4 +9,4 @@
    dest: "{{ [ NGINX.DIRECTORIES.HTTP.GLOBAL, 'letsencrypt.conf' ] | path_join }}"
  notify: restart openresty

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-svc-msmtp/tasks/01_core.yml
+++ b/roles/sys-svc-msmtp/tasks/01_core.yml
@@ -1,4 +1,4 @@
- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml

 - name: "Check if Mail Host is reachable"
  uri:
@@ -45,4 +45,4 @@
    name: sys-ctl-hlth-msmtp
  when: run_once_sys_ctl_hlth_msmtp is not defined

- include_tasks: utils/compose_up.yml
+- include_tasks: "{{ [playbook_dir, 'roles/docker-compose/tasks/utils/up.yml' ] | path_join }}"
--- a/roles/sys-svc-rdbms/tasks/main.yml
+++ b/roles/sys-svc-rdbms/tasks/main.yml
@@ -23,6 +23,7 @@
  when: SYS_SVC_RDBMS_CENTRAL_DB_ENABLED | bool
  vars:
    database_init:              true  # Initialize a custom database for the application
+    docker_pull_git_repository: false # Deactivated here to don't inhire the variable

 - name: "For '{{ application_id }}': Add Entry for Backup Procedure"
  include_tasks: "{{ playbook_dir }}/roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml"
--- a/roles/sys-svc-rdbms/vars/main.yml
+++ b/roles/sys-svc-rdbms/vars/main.yml
@@ -1,3 +1,2 @@
 # Docker
-docker_pull_git_repository:       false # Deactivated here to don't inhire this
 SYS_SVC_RDBMS_CENTRAL_DB_ENABLED: "{{ applications | get_app_conf(application_id, 'features.central_database', False) }}"
--- a/roles/sys-svc-sshd/tasks/main.yml
+++ b/roles/sys-svc-sshd/tasks/main.yml
@@ -11,5 +11,5 @@
      group: root
      mode: '0644'
    notify: sshd restart
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_sys_svc_sshd is not defined
--- a/roles/sys-svc-webserver-core/tasks/01_core.yml
+++ b/roles/sys-svc-webserver-core/tasks/01_core.yml
@@ -53,4 +53,4 @@
  vars:
    flush_handlers: false

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/sys-svc-webserver-https/tasks/main.yml
+++ b/roles/sys-svc-webserver-https/tasks/main.yml
@@ -7,5 +7,5 @@
    - sys-svc-cln-domains
    - sys-svc-letsencrypt
    - sys-svc-dns
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_sys_svc_webserver_https is not defined
--- a/roles/sys-timer-cln-bkps/tasks/01_core.yml
+++ b/roles/sys-timer-cln-bkps/tasks/01_core.yml
@@ -1,4 +1,4 @@
- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml

 - name: Include dependencies
  include_role:
--- a/roles/update-apt/tasks/main.yml
+++ b/roles/update-apt/tasks/main.yml
@@ -5,7 +5,7 @@
        upgrade: dist
        force_apt_get: yes

-    - include_tasks: utils/once_finalize.yml
+    - include_tasks: utils/once/finalize.yml
      vars:
        flush_handlers: false
  when: run_once_update_apt is not defined
--- a/roles/update-compose/tasks/01_core.yml
+++ b/roles/update-compose/tasks/01_core.yml
@@ -18,4 +18,4 @@
    - ansible_facts['distribution'] == "Debian"
    - run_once_update_apt is not defined

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/update-pacman/tasks/main.yml
+++ b/roles/update-pacman/tasks/main.yml
@@ -4,7 +4,7 @@
        update_cache: yes
        upgrade: yes

-    - include_tasks: utils/once_finalize.yml
+    - include_tasks: utils/once/finalize.yml
      vars:
        flush_handlers: false
  when: run_once_update_pacman is not defined
--- a/roles/user-administrator/tasks/01_core.yml
+++ b/roles/user-administrator/tasks/01_core.yml
@@ -53,4 +53,4 @@
  vars:
    user_name: "administrator"

- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml
--- a/roles/user-root/tasks/01_core.yml
+++ b/roles/user-root/tasks/01_core.yml
@@ -25,4 +25,4 @@
  vars:
    user_name:  "root"

- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml
--- a/roles/util-desk-design/tasks/01_core.yml
+++ b/roles/util-desk-design/tasks/01_core.yml
@@ -17,4 +17,4 @@
    - drawio-desktop
  become: false

- include_tasks: utils/once_flag.yml
+- include_tasks: utils/once/flag.yml
--- a/roles/util-desk-dev-core/tasks/main.yml
+++ b/roles/util-desk-dev-core/tasks/main.yml
@@ -9,5 +9,5 @@
      name:
      - code
      state: present
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_util_desk_dev_core is not defined
--- a/roles/util-desk-dev-python/tasks/main.yml
+++ b/roles/util-desk-dev-python/tasks/main.yml
@@ -3,5 +3,5 @@
    include_role:
      name: dev-python-pip
    when: run_once_dev_python_pip is not defined
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_util_desk_dev_python is not defined
--- a/roles/util-dev-admin/tasks/main.yml
+++ b/roles/util-dev-admin/tasks/main.yml
@@ -14,5 +14,5 @@
      - fdupes
      - p7zip
      state: present
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_util_dev_admin is not defined
--- a/roles/web-app-akaunting/tasks/main.yml
+++ b/roles/web-app-akaunting/tasks/main.yml
@@ -11,6 +11,11 @@
 - name: "For '{{ application_id }}': load docker, db and proxy"
  include_role:
    name: sys-stk-full-stateful
+  vars:
+    docker_repository_address:            "https://github.com/akaunting/docker.git"
+    docker_pull_git_repository:           true
+    docker_repository_branch:             "master"
+    docker_compose_file_creation_enabled: true

 - name: "Akaunting | Create first-run marker to disable future setup"
  ansible.builtin.file:
--- a/roles/web-app-akaunting/vars/main.yml
+++ b/roles/web-app-akaunting/vars/main.yml
@@ -7,12 +7,6 @@ js_application_name:                  "Akaunting"
 database_type:                        "mariadb"
 database_password:                    "{{ applications | get_app_conf(application_id, 'credentials.database_password') }}"

-# Docker
-docker_repository_address:            "https://github.com/akaunting/docker.git"
-docker_pull_git_repository:           true
-docker_repository_branch:             "master"
-docker_compose_file_creation_enabled: true
-
 # Akaunting
 AKAUNTING_URL:                        "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 AKAUNTING_VERSION:                    "{{ applications | get_app_conf(application_id, 'docker.services.akaunting.version') }}"
--- a/roles/web-app-bigbluebutton/tasks/main.yml
+++ b/roles/web-app-bigbluebutton/tasks/main.yml
@@ -14,6 +14,10 @@
    name: sys-stk-full-stateless
  vars:
    docker_compose_flush_handlers:        false
+    docker_compose_file_creation_enabled: false
+    docker_pull_git_repository:           true
+    docker_repository_address:            "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.repository') }}"
+    docker_repository_branch:             "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}"

 - name: "Unset 'proxy_extra_configuration'"
  set_fact:
--- a/roles/web-app-bigbluebutton/vars/main.yml
+++ b/roles/web-app-bigbluebutton/vars/main.yml
@@ -6,12 +6,6 @@ entity_name:                          "{{ application_id | get_entity_name }}"
 domain:                               "{{ domains | get_domain(application_id) }}"
 http_port:                            "{{ ports.localhost.http[application_id] }}"

-# Docker
-docker_compose_file_creation_enabled: false
-docker_pull_git_repository:           true
-docker_repository_address:            "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.repository') }}"
-docker_repository_branch:             "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}"
-
 # BigBlueButton
 _BBB_COTURN_ROLE:                     'web-svc-coturn'

--- a/roles/web-app-bookwyrm/tasks/main.yml
+++ b/roles/web-app-bookwyrm/tasks/main.yml
@@ -3,5 +3,5 @@
  - name: "load docker, db/redis and proxy for {{ application_id }}"
    include_role:
      name: sys-stk-full-stateful
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_web_app_bookwyrm is not defined
--- a/roles/web-app-bridgy-fed/tasks/01_core.yml
+++ b/roles/web-app-bridgy-fed/tasks/01_core.yml
@@ -9,4 +9,4 @@
    domain:     "{{ domains | get_domain(application_id) }}"
    http_port:  "{{ ports.localhost.http[application_id] }}"

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/web-app-chess/tasks/01_core.yml
+++ b/roles/web-app-chess/tasks/01_core.yml
@@ -9,4 +9,4 @@
  notify: 
    - docker compose build

- include_tasks: utils/once_finalize.yml
+- include_tasks: utils/once/finalize.yml
--- a/roles/web-app-confluence/tasks/main.yml
+++ b/roles/web-app-confluence/tasks/main.yml
@@ -3,5 +3,5 @@
  - name: "load docker, db and proxy for {{ application_id }}"
    include_role:
      name: sys-stk-full-stateful
-  - include_tasks: utils/once_finalize.yml
+  - include_tasks: utils/once/finalize.yml
  when: run_once_web_app_confluence is not defined
--- a/Show More
+++ b/Show More