From db642c1c39f13d649fb09c71f75c254e2721ae36 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Fri, 29 Aug 2025 19:09:28 +0200
Subject: [PATCH] =?UTF-8?q?refactor(schedule):=20unify=20service=20timeout?=
 =?UTF-8?q?s,=20rename=2008=5Ftimer.yml=20=E2=86=92=2008=5Fschedule.yml,?=
 =?UTF-8?q?=20fix=20docker=20repair/update=20timeouts,=20raise=20WP=20uplo?=
 =?UTF-8?q?ad=20limit?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

See https://chatgpt.com/share/68b1deb9-2534-800f-b28f-7f19925b1fa7
---
 .../all/{08_timer.yml => 08_schedule.yml}      | 18 +++++++++---------
 .../sys-ctl-rpr-docker-hard/tasks/01_core.yml  |  2 +-
 .../sys-ctl-rpr-docker-soft/tasks/01_core.yml  |  2 +-
 roles/update-docker/tasks/01_core.yml          |  6 +++++-
 .../templates/systemctl.service.j2             |  8 --------
 roles/web-app-wordpress/config/main.yml        |  4 ++--
 .../tasks/04_update_domain.yml                 |  1 +
 roles/web-app-wordpress/vars/oidc.yml          |  2 +-
 8 files changed, 20 insertions(+), 23 deletions(-)
 rename group_vars/all/{08_timer.yml => 08_schedule.yml} (78%)
 delete mode 100644 roles/update-docker/templates/systemctl.service.j2

diff --git a/group_vars/all/08_timer.yml b/group_vars/all/08_schedule.yml
similarity index 78%
rename from group_vars/all/08_timer.yml
rename to group_vars/all/08_schedule.yml
index b627d42e..c351b1b5 100644
--- a/group_vars/all/08_timer.yml
+++ b/group_vars/all/08_schedule.yml
@@ -2,20 +2,20 @@
 # Service Timers
 
 ## Meta
-SYS_TIMER_ALL_ENABLED:         "{{ MODE_DEBUG }}"   # Runtime Variables for Process Control - Activates all timers, independend if the handlers had been triggered
+SYS_TIMER_ALL_ENABLED:                        "{{ MODE_DEBUG }}"   # Runtime Variables for Process Control - Activates all timers, independend if the handlers had been triggered
 
 ## Server Tact Variables 
 
-HOURS_SERVER_AWAKE:            "0..23" # Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
-RANDOMIZED_DELAY_SEC:          "5min"  # Random delay for systemd timers to avoid peak loads.
+HOURS_SERVER_AWAKE:                           "0..23" # Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
+RANDOMIZED_DELAY_SEC:                         "5min"  # Random delay for systemd timers to avoid peak loads.
 
 ## Timeouts for all services
-SYS_TIMEOUT_CLEANUP_SERVICES:  "15min"
-SYS_TIMEOUT_STORAGE_OPTIMIZER: "10min"
-SYS_TIMEOUT_BACKUP_SERVICES:   "1h"
-SYS_TIMEOUT_HEAL_DOCKER:       "30min"
-SYS_TIMEOUT_UPDATE_DOCKER:     "2min"
-SYS_TIMEOUT_RESTART_DOCKER:    "{{ SYS_TIMEOUT_UPDATE_DOCKER }}"
+SYS_TIMEOUT_DOCKER_RPR_HARD:                  "10min"
+SYS_TIMEOUT_DOCKER_RPR_SOFT:                 "{{ SYS_TIMEOUT_DOCKER_RPR_HARD }}"
+SYS_TIMEOUT_CLEANUP_SERVICES:                 "15min"
+SYS_TIMEOUT_DOCKER_UPDATE:                    "20min"
+SYS_TIMEOUT_STORAGE_OPTIMIZER:                "{{ SYS_TIMEOUT_DOCKER_UPDATE }}"
+SYS_TIMEOUT_BACKUP_SERVICES:                  "60min"
 
 ## On Calendar
 
diff --git a/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml b/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml
index 3a2030f6..cd919223 100644
--- a/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml
+++ b/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml
@@ -8,7 +8,7 @@
   vars:
     system_service_on_calendar:         "{{ SYS_SCHEDULE_REPAIR_DOCKER_HARD }}"
     system_service_timer_enabled:       true
-    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_REPAIR_DOCKER_HARD }} {{ SYS_SERVICE_GROUP_CLEANUP | join(" ")  }} --timeout "{{ SYS_TIMEOUT_RESTART_DOCKER }}"'
+    system_service_tpl_exec_start_pre:  '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ")  }} --ignore {{ SYS_SERVICE_REPAIR_DOCKER_HARD }} {{ SYS_SERVICE_GROUP_CLEANUP | join(" ")  }} --timeout "{{ SYS_TIMEOUT_DOCKER_RPR_HARD }}"'
     system_service_tpl_exec_start:      '{{ system_service_script_exec }} {{ PATH_DOCKER_COMPOSE_INSTANCES }}'
     system_service_tpl_exec_start_post: "/usr/bin/systemctl start {{ SYS_SERVICE_CLEANUP_ANONYMOUS_VOLUMES }}"
     system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
diff --git a/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml b/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml
index 06464842..7688252b 100644
--- a/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml
+++ b/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml
@@ -9,6 +9,6 @@
     system_service_on_calendar:         "{{ SYS_SCHEDULE_REPAIR_DOCKER_SOFT }}"
     system_service_timer_enabled:       true
     system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
-    system_service_tpl_exec_start_pre:  "/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(' ') }} {{ SYS_SERVICE_REPAIR_DOCKER_SOFT }} --timeout '{{ SYS_TIMEOUT_HEAL_DOCKER }}'"
+    system_service_tpl_exec_start_pre:  "/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(' ') }} {{ SYS_SERVICE_REPAIR_DOCKER_SOFT }} --timeout '{{ SYS_TIMEOUT_DOCKER_RPR_SOFT }}'"
     system_service_tpl_exec_start: >
       /bin/sh -c '{{ system_service_script_exec }} --manipulation-string "{{ SYS_SERVICE_GROUP_MANIPULATION | join(" ") }}" {{ PATH_DOCKER_COMPOSE_INSTANCES }}'
diff --git a/roles/update-docker/tasks/01_core.yml b/roles/update-docker/tasks/01_core.yml
index c816db5c..55bde37c 100644
--- a/roles/update-docker/tasks/01_core.yml
+++ b/roles/update-docker/tasks/01_core.yml
@@ -13,4 +13,8 @@
 - include_role:
     name: sys-service
   vars:
-    system_service_restarted: true
+    system_service_restarted:           true
+    system_service_timer_enabled:       false
+    system_service_tpl_on_failure:      "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
+    system_service_tpl_exec_start:      "{{ system_service_script_exec }} {{ PATH_DOCKER_COMPOSE_INSTANCES }}"
+    system_service_tpl_exec_start_pre:  "/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(' ') }} {{ 'update-docker' | get_service_name(SOFTWARE_NAME) }} --timeout '{{ SYS_TIMEOUT_DOCKER_UPDATE }}'"
\ No newline at end of file
diff --git a/roles/update-docker/templates/systemctl.service.j2 b/roles/update-docker/templates/systemctl.service.j2
deleted file mode 100644
index e999610a..00000000
--- a/roles/update-docker/templates/systemctl.service.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=Updates Docker Instances
-OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
-
-[Service]
-Type=oneshot
-ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(' ') }} {{ 'update-docker' | get_service_name(SOFTWARE_NAME) }} --timeout "{{ SYS_TIMEOUT_HEAL_DOCKER }}"
-ExecStart={{ system_service_script_exec }}
\ No newline at end of file
diff --git a/roles/web-app-wordpress/config/main.yml b/roles/web-app-wordpress/config/main.yml
index ae1bc69f..f61e2fe0 100644
--- a/roles/web-app-wordpress/config/main.yml
+++ b/roles/web-app-wordpress/config/main.yml
@@ -1,5 +1,5 @@
-title:                "Blog"  # WordPress titel
-max_upload_size:      "15M"   # Low default upload size, because you should use Peertube for Videos and Funkwhale for Audio files
+title:                "Blog"   # WordPress titel
+max_upload_size:      "256M"   # Low default upload size, because you should use Peertube for Videos and Funkwhale for Audio files
 plugins:
   wp-discourse:
     enabled:          "{{ 'web-app-discourse' in group_names | lower }}"
diff --git a/roles/web-app-wordpress/tasks/04_update_domain.yml b/roles/web-app-wordpress/tasks/04_update_domain.yml
index 70536756..b62a8b6d 100644
--- a/roles/web-app-wordpress/tasks/04_update_domain.yml
+++ b/roles/web-app-wordpress/tasks/04_update_domain.yml
@@ -60,6 +60,7 @@
     --path={{ WORDPRESS_DOCKER_HTML_PATH }}
   register: wp_sr_scheme
   changed_when: "{{ ('Success: Made 0 replacements.' not in wp_sr_scheme.stdout) | bool }}"
+  when: WEB_PORT == 443
 
 - name: Flush caches and rewrite rules
   command: >
diff --git a/roles/web-app-wordpress/vars/oidc.yml b/roles/web-app-wordpress/vars/oidc.yml
index 4c423db4..5353903a 100644
--- a/roles/web-app-wordpress/vars/oidc.yml
+++ b/roles/web-app-wordpress/vars/oidc.yml
@@ -17,7 +17,7 @@ oidc_settings:
   redirect_on_logout:       true                                                                  # Redirect users after logout to the login screen or homepage.
   redirect_user_back:       true                                                                  # Return users to their original URL after successful login.
   #acr_values:               "{{ OIDC.CLIENT.acr_values | default('') }}"                         # ACR values defining required authentication context (e.g., MFA level).
-  enable_logging:           "{{ MODE_DEBUG }}"                                                  # Enable detailed plugin logging for debugging and auditing.
+  enable_logging:           "{{ MODE_DEBUG }}"                                                    # Enable detailed plugin logging for debugging and auditing.
 #  log_limit:                "{{ OIDC.CLIENT.log_limit | default('') }}"                          # Maximum number of log entries to retain before pruning.
   no_sslverify:             false                                                                 # The flag to enable/disable SSL verification during authorization.
   http_request_timeout:     5                                                                     # The timeout for requests made to the IDP. Default value is 5.