Add container-aware execution logic and CI stability fixes

- Introduce global IS_CONTAINER flag based on ansible_virtualization facts - Skip systemd-based handlers and tasks when running inside containers - Extend EXCLUDED_ROLES list in GitHub Actions test-deploy workflow - Ensure docker.sock is mounted for all CI deploy stages - Improve sys-svc-docker by suppressing service restarts inside containers - Add meta: flush_handlers to properly trigger delayed docker restarts - Update sys-service handlers with container guards - Update sys-timer tasks to avoid systemctl inside CI containers - Enhance drv-non-free role with Manjaro detection and mhwd fallback warning - Skip swapfile generation in containers - Minor service template fixes and cleanup in proxy.conf.j2 Details and discussion: https://chatgpt.com/share/6930a4ca-56f4-800f-9b3d-4791f040a03b
2025-12-08 10:26:35 +00:00 · 2025-12-03 22:00:18 +01:00
parent 84d3c8fc16
commit 91d5ba35d1
11 changed files with 77 additions and 14 deletions
--- a/roles/drv-non-free/tasks/main.yml
+++ b/roles/drv-non-free/tasks/main.yml
@@ -1,2 +1,32 @@
- name: Install nonfree drivers
-  ansible.builtin.shell: mhwd -a pci nonfree 0300
+- name: Gather OS facts (ensure we know distribution)
+  ansible.builtin.setup:
+  when: ansible_facts is not defined
+
+- name: Ensure mhwd is installed on Manjaro
+  community.general.pacman:
+    name: mhwd
+    state: present
+  become: true
+  when:
+    - ansible_facts['distribution'] is defined
+    - ansible_facts['distribution'] in ['ManjaroLinux', 'Manjaro']
+  register: mhwd_install
+
+- name: Detect mhwd command
+  ansible.builtin.stat:
+    path: /usr/bin/mhwd
+  register: mhwd_binary
+
+- name: Install nonfree drivers via mhwd (Manjaro only)
+  ansible.builtin.shell: mhwd -a pci nonfree 0300
+  become: true
+  when:
+    - mhwd_binary.stat.exists
+
+- name: Warn when mhwd is not available
+  ansible.builtin.debug:
+    msg: >
+      Skipping proprietary GPU driver installation: `mhwd` not found.
+      This role currently only supports Manjaro (mhwd); on other distros it does nothing.
+  when:
+    - not mhwd_binary.stat.exists
--- a/roles/svc-net-wireguard-core/Administration.md
+++ b/roles/svc-net-wireguard-core/Administration.md
@@ -1,5 +1,7 @@
 # Administration
+
 ## Client
+
 ### Setup wireguard
 ```bash
  pacman -S wireguard-tools
--- a/roles/svc-opt-swapfile/tasks/main.yml
+++ b/roles/svc-opt-swapfile/tasks/main.yml
@@ -1,2 +1,4 @@
 - include_tasks: 01_core.yml
-  when: run_once_svc_opt_swapfile is not defined
+  when: 
+    - run_once_svc_opt_swapfile is not defined
+    - not IS_CONTAINER
--- a/roles/sys-ctl-mtn-cert-renew/templates/systemctl.service.j2
+++ b/roles/sys-ctl-mtn-cert-renew/templates/systemctl.service.j2
@@ -5,4 +5,4 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 [Service]
 Type=oneshot
 ExecStart=/usr/bin/certbot renew --quiet --agree-tos
-ExecStartPost=/usr/bin/docker restart {{ applications | get_app_conf('svc-prx-openresty', 'docker.services.openresty.name', True) }}
+ExecStartPost=/usr/bin/docker restart {{ applications | get_app_conf('svc-prx-openresty', 'docker.services.openresty.name') }}
--- a/roles/sys-service/handlers/main.yml
+++ b/roles/sys-service/handlers/main.yml
@@ -7,6 +7,7 @@
  async:  "{{ system_service_async }}"
  poll:   "{{ system_service_poll }}"
  listen: refresh systemctl service
+  when: not (IS_CONTAINER | bool)

 - name: "Set systemctl service state"
  systemd:
@@ -15,5 +16,7 @@
  become: true
  async:  "{{ system_service_async }}"
  poll:   "{{ system_service_poll }}"
-  when:   not (system_service_suppress_flush | bool)
+  when:   
+    - not (system_service_suppress_flush | bool)
+    - not (IS_CONTAINER | bool)
  listen: refresh systemctl service
--- a/roles/sys-svc-docker/handlers/main.yml
+++ b/roles/sys-svc-docker/handlers/main.yml
@@ -1,6 +1,7 @@
 ---
 - name: docker restart
-  service:
+  ansible.builtin.service:
    name: docker.service
    state:  restarted
    enabled: yes
+  when: not (IS_CONTAINER | bool)
--- a/roles/sys-svc-docker/tasks/01_core.yml
+++ b/roles/sys-svc-docker/tasks/01_core.yml
@@ -8,6 +8,9 @@
    state: present
  notify: docker restart

+- name: Restart and enable docker service
+  meta: flush_handlers
+
 - name: Setup Swapfile to prevent OOM Failures
  # @ See https://en.wikipedia.org/wiki/Out_of_memory
  include_role:
--- a/roles/sys-timer/tasks/main.yml
+++ b/roles/sys-timer/tasks/main.yml
@@ -12,6 +12,8 @@
    name: "{{ sys_timer_file }}"
    state: restarted
    enabled: yes
-  when: dummy_timer.changed or SYS_TIMER_ALL_ENABLED | bool
+  when:
+    - dummy_timer.changed or SYS_TIMER_ALL_ENABLED | bool
+    - not (IS_CONTAINER | bool)
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
--- a/roles/web-svc-file/templates/proxy.conf.j2
+++ b/roles/web-svc-file/templates/proxy.conf.j2
@@ -14,10 +14,10 @@ server
  
  location /
  {
-    alias {{NGINX.DIRECTORIES.DATA.FILES}};  {# Path to your file directory #}
-    autoindex on;                            {# Enable directory listing #}
-    autoindex_exact_size off;                {# Display sizes in a human-readable format #}
-    autoindex_localtime on;                  {# Show local time #}
+    alias {{ NGINX.DIRECTORIES.DATA.FILES }}; {# Path to your file directory #}
+    autoindex on;                             {# Enable directory listing #}
+    autoindex_exact_size off;                 {# Display sizes in a human-readable format #}
+    autoindex_localtime on;                   {# Show local time #}
    {% include 'roles/sys-front-inj-all/templates/location.lua.j2' %}
  }