From e09f561f0bc8206608c5fd4e06610148669e214a Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Mon, 1 Dec 2025 13:30:50 +0100 Subject: [PATCH] Refactor run-once orchestration and bootstrap Mailu/Mastodon in a single deploy - Replace legacy utils/run_once.yml with the new helpers utils/once_flag.yml and utils/once_finalize.yml - Introduce utils/compose_up.yml to ensure docker-compose stacks are up and to flush handlers safely without coupling to run-once flags - Migrate all affected roles (desk-*, dev-*, sys-ctl-*, sys-svc-*, web-app-*, web-svc-*, util-*) to the new run-once helpers - Rework sys-svc-msmtp to auto-load Mailu once per deploy, check reachability, and reuse the running stack instead of requiring multiple playbook passes - Adjust web-app-mailu to integrate cert deployment, handler flushing, and run-once handling so Mailu is fully initialized in a single deploy - Improve Matomo, CDN, logout and CSP/health-check related roles to cooperate with the new compose_up / once_* pattern - Simplify alarm/backup/timer/service orchestration (sys-ctl-alm-*, sys-bkp-provider, sys-timer-cln-bkps, etc.) by moving run-once logic into dedicated 01_core.yml files - Update integration tests so utils/once_flag.yml and utils/once_finalize.yml are recognised as valid run-once providers, keeping the global run_once_* guarantees consistent - Align frontend injection and service dependencies so Mastodon- and Mailu-related services can be brought up coherently within a single deployment cycle rather than several iterations --- roles/desk-git/tasks/main.yml | 2 +- roles/desk-gnome-caffeine/tasks/01_core.yml | 2 +- roles/desk-qbittorrent/tasks/main.yml | 2 +- roles/desk-spotify/tasks/main.yml | 2 +- roles/desk-ssh/tasks/01_core.yml | 2 +- roles/desk-zoom/tasks/main.yml | 2 +- roles/dev-fakeroot/tasks/main.yml | 2 +- roles/dev-git/tasks/main.yml | 2 +- roles/dev-python-pip/tasks/main.yml | 2 +- roles/dev-python-yaml/tasks/main.yml | 2 +- roles/dev-shell/tasks/01_core.yml | 21 ++++++++ roles/dev-shell/tasks/main.yml | 25 +-------- roles/dev-yay/tasks/01_core.yml | 2 +- roles/docker-compose/tasks/01_core.yml | 4 +- roles/docker-container/tasks/01_core.yml | 2 +- .../drv-epson-multiprinter/tasks/01_core.yml | 2 + roles/drv-epson-multiprinter/tasks/main.yml | 5 +- roles/pkgmgr-install/tasks/01_core.yml | 2 + roles/pkgmgr-install/tasks/main.yml | 5 +- roles/pkgmgr/tasks/01_core.yml | 2 +- roles/svc-ai-ollama/tasks/01_core.yml | 2 +- roles/svc-ai-ollama/tasks/main.yml | 7 ++- roles/svc-bkp-loc-2-usb/tasks/main.yml | 2 +- roles/svc-bkp-rmt-2-loc/tasks/main.yml | 2 +- roles/svc-db-mariadb/tasks/01_core.yml | 2 +- roles/svc-db-postgres/tasks/01_core.yml | 2 +- .../svc-opt-keyboard-color/tasks/01_core.yml | 2 + roles/svc-opt-keyboard-color/tasks/main.yml | 5 +- roles/svc-opt-swapfile/tasks/01_core.yml | 2 +- roles/svc-prx-openresty/tasks/main.yml | 2 +- roles/sys-bkp-provider-user/tasks/01_core.yml | 2 +- roles/sys-bkp-provider/tasks/01_core.yml | 7 +++ roles/sys-bkp-provider/tasks/main.yml | 9 +--- roles/sys-cli/tasks/main.yml | 2 +- roles/sys-ctl-alm-compose/tasks/01_core.yml | 4 +- roles/sys-ctl-alm-compose/vars/main.yml | 11 +--- roles/sys-ctl-alm-email/tasks/01_core.yml | 2 +- roles/sys-ctl-alm-telegram/tasks/01_core.yml | 2 +- .../tasks/01_core.yml | 2 +- roles/sys-ctl-cln-anon-volumes/tasks/main.yml | 2 +- roles/sys-ctl-cln-bkps/tasks/01_core.yml | 2 +- roles/sys-ctl-cln-certs/tasks/01_core.yml | 2 +- .../sys-ctl-cln-disc-space/tasks/01_core.yml | 2 +- roles/sys-ctl-cln-docker/tasks/main.yml | 2 +- .../sys-ctl-cln-faild-bkps/tasks/01_core.yml | 2 +- roles/sys-ctl-hlth-btrfs/tasks/01_core.yml | 2 +- roles/sys-ctl-hlth-csp/tasks/01_core.yml | 2 +- .../sys-ctl-hlth-disc-space/tasks/01_core.yml | 2 +- .../tasks/01_core.yml | 2 +- .../tasks/01_core.yml | 2 +- .../sys-ctl-hlth-journalctl/tasks/01_core.yml | 2 +- roles/sys-ctl-hlth-msmtp/tasks/01_core.yml | 2 +- .../sys-ctl-hlth-webserver/tasks/01_core.yml | 2 +- roles/sys-ctl-mtn-cert-deploy/files/script.sh | 52 ++++++++++++++----- .../sys-ctl-mtn-cert-deploy/tasks/01_core.yml | 10 +++- roles/sys-ctl-mtn-cert-deploy/tasks/main.yml | 5 +- roles/sys-ctl-mtn-cert-deploy/vars/main.yml | 2 +- .../sys-ctl-mtn-cert-renew/tasks/01_core.yml | 2 +- .../tasks/01_core.yml | 2 +- .../sys-ctl-rpr-docker-hard/tasks/01_core.yml | 2 +- .../sys-ctl-rpr-docker-soft/tasks/01_core.yml | 2 +- roles/sys-daemon/tasks/main.yml | 2 +- roles/sys-dns-wildcards/tasks/01_core.yml | 2 +- .../tasks/01_dependencies.yml | 2 +- roles/sys-front-inj-all/tasks/main.yml | 5 +- roles/sys-front-inj-css/tasks/01_core.yml | 2 +- roles/sys-front-inj-desktop/tasks/01_core.yml | 2 +- roles/sys-lock/tasks/main.yml | 2 +- roles/sys-postfix/tasks/main.yml | 2 +- roles/sys-service/tasks/01_core.yml | 2 +- roles/sys-stk-front-base/tasks/main.yml | 2 +- roles/sys-svc-cdn/tasks/main.yml | 2 +- roles/sys-svc-certbot/tasks/01_core.yml | 2 +- roles/sys-svc-certs/tasks/main.yml | 2 +- roles/sys-svc-cln-domains/tasks/main.yml | 2 +- roles/sys-svc-dns/tasks/01_core.yml | 2 +- roles/sys-svc-docker/tasks/01_core.yml | 4 +- roles/sys-svc-journalctl/tasks/main.yml | 2 +- roles/sys-svc-letsencrypt/tasks/01_core.yml | 2 +- roles/sys-svc-msmtp/tasks/01_core.yml | 25 ++++++++- roles/sys-svc-msmtp/tasks/02_mailu.yml | 11 ++++ roles/sys-svc-msmtp/tasks/main.yml | 5 +- roles/sys-svc-sshd/tasks/main.yml | 2 +- .../sys-svc-webserver-core/tasks/01_core.yml | 2 +- roles/sys-svc-webserver-https/tasks/main.yml | 2 +- roles/sys-timer-cln-bkps/tasks/01_core.yml | 2 + roles/sys-timer-cln-bkps/tasks/main.yml | 6 +-- roles/update-apt/tasks/main.yml | 2 +- roles/update-compose/tasks/01_core.yml | 2 +- roles/update-pacman/tasks/main.yml | 2 +- roles/user-administrator/tasks/01_core.yml | 2 +- roles/user-root/tasks/01_core.yml | 4 +- roles/util-desk-design/tasks/01_core.yml | 4 +- roles/util-desk-design/tasks/main.yml | 5 +- roles/util-desk-dev-core/tasks/main.yml | 2 +- roles/util-desk-dev-python/tasks/main.yml | 2 +- roles/util-dev-admin/tasks/main.yml | 2 +- roles/web-app-bookwyrm/tasks/main.yml | 2 +- roles/web-app-bridgy-fed/tasks/01_core.yml | 2 +- roles/web-app-chess/tasks/01_core.yml | 2 +- roles/web-app-confluence/tasks/main.yml | 2 +- roles/web-app-desktop/tasks/01_core.yml | 2 +- roles/web-app-discourse/tasks/01_core.yml | 2 +- roles/web-app-jira/tasks/main.yml | 2 +- roles/web-app-littlejs/tasks/01_core.yml | 2 +- roles/web-app-magento/tasks/01_core.yml | 2 +- roles/web-app-mailu/tasks/01_core.yml | 25 ++++----- .../tasks/03b_create_user_token.yml | 12 ----- roles/web-app-matomo/tasks/01_core.yml | 4 +- roles/web-app-mig/tasks/01_core.yml | 2 +- roles/web-app-mini-qr/tasks/01_core.yml | 2 +- roles/web-app-pretix/tasks/main.yml | 2 +- roles/web-app-xwiki/tasks/01_core.yml | 2 +- roles/web-opt-rdr-domains/tasks/main.yml | 2 +- roles/web-svc-cdn/tasks/01_core.yml | 4 +- roles/web-svc-collabora/tasks/01_core.yml | 2 +- roles/web-svc-coturn/tasks/01_core.yml | 2 +- roles/web-svc-file/tasks/main.yml | 2 +- roles/web-svc-html/tasks/main.yml | 2 +- roles/web-svc-libretranslate/tasks/main.yml | 2 +- roles/web-svc-logout/tasks/01_core.yml | 4 +- roles/web-svc-onlyoffice/tasks/01_core.yml | 2 +- roles/web-svc-simpleicons/tasks/main.yml | 2 +- tasks/utils/{run_once.yml => compose_up.yml} | 9 +--- tasks/utils/once_finalize.yml | 6 +++ tasks/utils/once_flag.yml | 3 ++ .../integration/test_run_once_global_usage.py | 30 ++++++++--- tests/integration/test_run_once_inclusion.py | 8 +-- 128 files changed, 291 insertions(+), 243 deletions(-) create mode 100644 roles/dev-shell/tasks/01_core.yml create mode 100644 roles/sys-bkp-provider/tasks/01_core.yml create mode 100644 roles/sys-svc-msmtp/tasks/02_mailu.yml rename tasks/utils/{run_once.yml => compose_up.yml} (60%) create mode 100644 tasks/utils/once_finalize.yml create mode 100644 tasks/utils/once_flag.yml diff --git a/roles/desk-git/tasks/main.yml b/roles/desk-git/tasks/main.yml index f3a9482c..7650f107 100644 --- a/roles/desk-git/tasks/main.yml +++ b/roles/desk-git/tasks/main.yml @@ -16,6 +16,6 @@ command: gitconfig --merge-option rebase --name "{{users.client.full_name}}" --email "{{users.client.email}}" --website "{{users.client.website}}" --signing gpg --gpg-key "{{users.client.gpg}}" become: false - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml vars: flush_handlers: false \ No newline at end of file diff --git a/roles/desk-gnome-caffeine/tasks/01_core.yml b/roles/desk-gnome-caffeine/tasks/01_core.yml index 6f12cba7..2a02d020 100644 --- a/roles/desk-gnome-caffeine/tasks/01_core.yml +++ b/roles/desk-gnome-caffeine/tasks/01_core.yml @@ -20,4 +20,4 @@ src: caffeine.desktop.j2 dest: "{{auto_start_directory}}caffeine.desktop" -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/desk-qbittorrent/tasks/main.yml b/roles/desk-qbittorrent/tasks/main.yml index 8557a577..109557fb 100644 --- a/roles/desk-qbittorrent/tasks/main.yml +++ b/roles/desk-qbittorrent/tasks/main.yml @@ -10,5 +10,5 @@ use: yay name: - qbittorrent - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_desk_qbittorrent is not defined diff --git a/roles/desk-spotify/tasks/main.yml b/roles/desk-spotify/tasks/main.yml index 9f644db6..52694d26 100644 --- a/roles/desk-spotify/tasks/main.yml +++ b/roles/desk-spotify/tasks/main.yml @@ -9,5 +9,5 @@ use: yay name: - spotify - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_desk_spotify is not defined diff --git a/roles/desk-ssh/tasks/01_core.yml b/roles/desk-ssh/tasks/01_core.yml index 4df464bb..cbcdc6e5 100644 --- a/roles/desk-ssh/tasks/01_core.yml +++ b/roles/desk-ssh/tasks/01_core.yml @@ -50,4 +50,4 @@ mode: "0644" become: false -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/desk-zoom/tasks/main.yml b/roles/desk-zoom/tasks/main.yml index a7ee7360..909a473b 100644 --- a/roles/desk-zoom/tasks/main.yml +++ b/roles/desk-zoom/tasks/main.yml @@ -9,5 +9,5 @@ name: - zoom become: false - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_desk_zoom is not defined diff --git a/roles/dev-fakeroot/tasks/main.yml b/roles/dev-fakeroot/tasks/main.yml index f2cb20ab..5d105425 100644 --- a/roles/dev-fakeroot/tasks/main.yml +++ b/roles/dev-fakeroot/tasks/main.yml @@ -6,6 +6,6 @@ name: fakeroot state: present - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml vars: flush_handlers: false \ No newline at end of file diff --git a/roles/dev-git/tasks/main.yml b/roles/dev-git/tasks/main.yml index ace978e5..99635aa7 100644 --- a/roles/dev-git/tasks/main.yml +++ b/roles/dev-git/tasks/main.yml @@ -4,7 +4,7 @@ name: git state: present - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml vars: flush_handlers: false when: run_once_dev_git is not defined \ No newline at end of file diff --git a/roles/dev-python-pip/tasks/main.yml b/roles/dev-python-pip/tasks/main.yml index b0d35e82..11fadd63 100644 --- a/roles/dev-python-pip/tasks/main.yml +++ b/roles/dev-python-pip/tasks/main.yml @@ -9,7 +9,7 @@ name: python-pip state: present - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml vars: flush_handlers: false when: run_once_dev_python_pip is not defined diff --git a/roles/dev-python-yaml/tasks/main.yml b/roles/dev-python-yaml/tasks/main.yml index ca88940a..f57486b0 100644 --- a/roles/dev-python-yaml/tasks/main.yml +++ b/roles/dev-python-yaml/tasks/main.yml @@ -6,6 +6,6 @@ name: python-yaml state: present - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml vars: flush_handlers: false diff --git a/roles/dev-shell/tasks/01_core.yml b/roles/dev-shell/tasks/01_core.yml new file mode 100644 index 00000000..15bf0fc1 --- /dev/null +++ b/roles/dev-shell/tasks/01_core.yml @@ -0,0 +1,21 @@ +- name: Ensure ~/.bash_profile sources ~/.profile + lineinfile: + path: "$HOME/.bash_profile" + line: '[ -f ~/.profile ] && . ~/.profile' + insertafter: EOF + state: present + create: yes + mode: "0644" + become: false + +- name: Ensure ~/.zprofile sources ~/.profile + lineinfile: + path: "$HOME/.zprofile" + line: '[ -f ~/.profile ] && . ~/.profile' + insertafter: EOF + state: present + create: yes + mode: "0644" + become: false + +- include_tasks: utils/once_flag.yml \ No newline at end of file diff --git a/roles/dev-shell/tasks/main.yml b/roles/dev-shell/tasks/main.yml index d1157c54..2604551e 100644 --- a/roles/dev-shell/tasks/main.yml +++ b/roles/dev-shell/tasks/main.yml @@ -1,25 +1,2 @@ ---- -- block: - - name: Ensure ~/.bash_profile sources ~/.profile - lineinfile: - path: "$HOME/.bash_profile" - line: '[ -f ~/.profile ] && . ~/.profile' - insertafter: EOF - state: present - create: yes - mode: "0644" - become: false - - - name: Ensure ~/.zprofile sources ~/.profile - lineinfile: - path: "$HOME/.zprofile" - line: '[ -f ~/.profile ] && . ~/.profile' - insertafter: EOF - state: present - create: yes - mode: "0644" - become: false - - - set_fact: - run_once_dev_shell: true +- include_tasks: 01_core.yml when: run_once_dev_shell is not defined diff --git a/roles/dev-yay/tasks/01_core.yml b/roles/dev-yay/tasks/01_core.yml index 7e8de6d0..f3e8be98 100644 --- a/roles/dev-yay/tasks/01_core.yml +++ b/roles/dev-yay/tasks/01_core.yml @@ -55,4 +55,4 @@ aur_only: yes when: MODE_UPDATE | bool -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/docker-compose/tasks/01_core.yml b/roles/docker-compose/tasks/01_core.yml index 69da82be..6c3a9a1b 100644 --- a/roles/docker-compose/tasks/01_core.yml +++ b/roles/docker-compose/tasks/01_core.yml @@ -1,3 +1,5 @@ +- include_tasks: utils/once_flag.yml + - name: Remove all docker compose pull locks file: path: "{{ PATH_DOCKER_COMPOSE_PULL_LOCK_DIR }}" @@ -19,5 +21,3 @@ mode: 0700 owner: root group: root - -- include_tasks: utils/run_once.yml \ No newline at end of file diff --git a/roles/docker-container/tasks/01_core.yml b/roles/docker-container/tasks/01_core.yml index 53f7e525..13fcac66 100644 --- a/roles/docker-container/tasks/01_core.yml +++ b/roles/docker-container/tasks/01_core.yml @@ -2,4 +2,4 @@ name: sys-svc-docker when: run_once_sys_svc_docker is not defined -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/drv-epson-multiprinter/tasks/01_core.yml b/roles/drv-epson-multiprinter/tasks/01_core.yml index 9df101fd..988f3b1e 100644 --- a/roles/drv-epson-multiprinter/tasks/01_core.yml +++ b/roles/drv-epson-multiprinter/tasks/01_core.yml @@ -17,3 +17,5 @@ community.general.pacman: name: imagescan state: present + +- include_tasks: utils/once_flag.yml \ No newline at end of file diff --git a/roles/drv-epson-multiprinter/tasks/main.yml b/roles/drv-epson-multiprinter/tasks/main.yml index 09d3fd91..124d537c 100644 --- a/roles/drv-epson-multiprinter/tasks/main.yml +++ b/roles/drv-epson-multiprinter/tasks/main.yml @@ -1,5 +1,2 @@ -- block: - - include_tasks: 01_core.yml - - set_fact: - run_once_drv_epson_multiprinter: true +- include_tasks: 01_core.yml when: run_once_drv_epson_multiprinter is not defined diff --git a/roles/pkgmgr-install/tasks/01_core.yml b/roles/pkgmgr-install/tasks/01_core.yml index 78ec8118..db2bfabe 100644 --- a/roles/pkgmgr-install/tasks/01_core.yml +++ b/roles/pkgmgr-install/tasks/01_core.yml @@ -9,3 +9,5 @@ pkgmgr update pkgmgr register: pkgmgr_update changed_when: "'already up to date' not in (pkgmgr_update.stdout | lower)" + +- include_tasks: utils/once_flag.yml diff --git a/roles/pkgmgr-install/tasks/main.yml b/roles/pkgmgr-install/tasks/main.yml index 09c657c7..dc5f01a6 100644 --- a/roles/pkgmgr-install/tasks/main.yml +++ b/roles/pkgmgr-install/tasks/main.yml @@ -1,7 +1,4 @@ -- block: - - include_tasks: 01_core.yml - - set_fact: - run_once_pkgmgr_install: true +- include_tasks: 01_core.yml when: run_once_pkgmgr_install is not defined - name: "update {{ package_name }}" diff --git a/roles/pkgmgr/tasks/01_core.yml b/roles/pkgmgr/tasks/01_core.yml index 54ba4b9e..195e3ac1 100644 --- a/roles/pkgmgr/tasks/01_core.yml +++ b/roles/pkgmgr/tasks/01_core.yml @@ -48,4 +48,4 @@ command: "pkgmgr pull --all" when: MODE_UPDATE | bool -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/svc-ai-ollama/tasks/01_core.yml b/roles/svc-ai-ollama/tasks/01_core.yml index be171468..ac34227f 100644 --- a/roles/svc-ai-ollama/tasks/01_core.yml +++ b/roles/svc-ai-ollama/tasks/01_core.yml @@ -35,4 +35,4 @@ (pull_result.rc | default(0)) != 0 and ('up to date' not in (pull_result.stdout | default(''))) -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/svc-ai-ollama/tasks/main.yml b/roles/svc-ai-ollama/tasks/main.yml index 27226500..096b9b3f 100644 --- a/roles/svc-ai-ollama/tasks/main.yml +++ b/roles/svc-ai-ollama/tasks/main.yml @@ -1,5 +1,4 @@ -- block: - - include_tasks: 01_core.yml - vars: - flush_handlers: true +- include_tasks: 01_core.yml + vars: + flush_handlers: true when: run_once_svc_ai_ollama is not defined \ No newline at end of file diff --git a/roles/svc-bkp-loc-2-usb/tasks/main.yml b/roles/svc-bkp-loc-2-usb/tasks/main.yml index ba9e2e2a..a4226b7e 100644 --- a/roles/svc-bkp-loc-2-usb/tasks/main.yml +++ b/roles/svc-bkp-loc-2-usb/tasks/main.yml @@ -5,7 +5,7 @@ loop: - sys-ctl-cln-bkps - sys-lock - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_svc_bkp_loc_2_usb is not defined - name: Fail if any backup_to_usb variable is empty diff --git a/roles/svc-bkp-rmt-2-loc/tasks/main.yml b/roles/svc-bkp-rmt-2-loc/tasks/main.yml index cda3eb94..234e3575 100644 --- a/roles/svc-bkp-rmt-2-loc/tasks/main.yml +++ b/roles/svc-bkp-rmt-2-loc/tasks/main.yml @@ -7,7 +7,7 @@ - sys-ctl-alm-compose - sys-lock - sys-timer-cln-bkps - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_svc_bkp_rmt_2_loc is not defined - name: "Create Directory '{{ DOCKER_BACKUP_REMOTE_2_LOCAL_DIR }}'" diff --git a/roles/svc-db-mariadb/tasks/01_core.yml b/roles/svc-db-mariadb/tasks/01_core.yml index 5573170b..08ed007d 100644 --- a/roles/svc-db-mariadb/tasks/01_core.yml +++ b/roles/svc-db-mariadb/tasks/01_core.yml @@ -47,4 +47,4 @@ - setup_mariadb_container_result is defined - setup_mariadb_container_result.changed -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/svc-db-postgres/tasks/01_core.yml b/roles/svc-db-postgres/tasks/01_core.yml index ea0776d5..23b2d872 100644 --- a/roles/svc-db-postgres/tasks/01_core.yml +++ b/roles/svc-db-postgres/tasks/01_core.yml @@ -26,4 +26,4 @@ name: python-psycopg2 state: present -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/svc-opt-keyboard-color/tasks/01_core.yml b/roles/svc-opt-keyboard-color/tasks/01_core.yml index c127fe98..cec77a55 100644 --- a/roles/svc-opt-keyboard-color/tasks/01_core.yml +++ b/roles/svc-opt-keyboard-color/tasks/01_core.yml @@ -16,3 +16,5 @@ system_service_on_calendar: "{{ SYS_SCHEDULE_ANIMATION_KEYBOARD_COLOR }}" system_service_timer_enabled: true persistent: true + +- include_tasks: utils/once_flag.yml \ No newline at end of file diff --git a/roles/svc-opt-keyboard-color/tasks/main.yml b/roles/svc-opt-keyboard-color/tasks/main.yml index 49af0306..22559086 100644 --- a/roles/svc-opt-keyboard-color/tasks/main.yml +++ b/roles/svc-opt-keyboard-color/tasks/main.yml @@ -1,5 +1,2 @@ -- block: - - include_tasks: 01_core.yml - - set_fact: - run_once_svc_opt_keyboard_color: true +- include_tasks: 01_core.yml when: run_once_svc_opt_keyboard_color is not defined diff --git a/roles/svc-opt-swapfile/tasks/01_core.yml b/roles/svc-opt-swapfile/tasks/01_core.yml index f21e4095..56a6989f 100644 --- a/roles/svc-opt-swapfile/tasks/01_core.yml +++ b/roles/svc-opt-swapfile/tasks/01_core.yml @@ -11,4 +11,4 @@ async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/svc-prx-openresty/tasks/main.yml b/roles/svc-prx-openresty/tasks/main.yml index 7d1c1332..88058c99 100644 --- a/roles/svc-prx-openresty/tasks/main.yml +++ b/roles/svc-prx-openresty/tasks/main.yml @@ -5,5 +5,5 @@ vars: docker_compose_flush_handlers: true docker_pull_git_repository: false # Deactivated here to deactivate inhirement - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_svc_prx_openresty is not defined \ No newline at end of file diff --git a/roles/sys-bkp-provider-user/tasks/01_core.yml b/roles/sys-bkp-provider-user/tasks/01_core.yml index 9c79cd36..a73805b4 100644 --- a/roles/sys-bkp-provider-user/tasks/01_core.yml +++ b/roles/sys-bkp-provider-user/tasks/01_core.yml @@ -16,4 +16,4 @@ - include_tasks: 03_permissions_folders.yml -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-bkp-provider/tasks/01_core.yml b/roles/sys-bkp-provider/tasks/01_core.yml new file mode 100644 index 00000000..87b4e605 --- /dev/null +++ b/roles/sys-bkp-provider/tasks/01_core.yml @@ -0,0 +1,7 @@ +- name: Include dependencies + include_role: + name: '{{ item }}' + loop: + - sys-bkp-provider-user + - sys-timer-cln-bkps +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-bkp-provider/tasks/main.yml b/roles/sys-bkp-provider/tasks/main.yml index 4fb7f6e6..4ec9bf3a 100644 --- a/roles/sys-bkp-provider/tasks/main.yml +++ b/roles/sys-bkp-provider/tasks/main.yml @@ -1,9 +1,2 @@ -- block: - - name: Include dependencies - include_role: - name: '{{ item }}' - loop: - - sys-bkp-provider-user - - sys-timer-cln-bkps - - include_tasks: utils/run_once.yml +- include_tasks: 01_core.yml when: run_once_sys_bkp_provider is not defined diff --git a/roles/sys-cli/tasks/main.yml b/roles/sys-cli/tasks/main.yml index 2229da0d..f24e0346 100644 --- a/roles/sys-cli/tasks/main.yml +++ b/roles/sys-cli/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: dev-yay when: run_once_dev_yay is not defined - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_sys_cli is not defined - name: "pkgmgr install infinito" diff --git a/roles/sys-ctl-alm-compose/tasks/01_core.yml b/roles/sys-ctl-alm-compose/tasks/01_core.yml index 8fb91f48..93161913 100644 --- a/roles/sys-ctl-alm-compose/tasks/01_core.yml +++ b/roles/sys-ctl-alm-compose/tasks/01_core.yml @@ -1,3 +1,5 @@ +- include_tasks: utils/once_flag.yml + - name: "Include dependent services for '{{ system_service_id }}'" include_role: name: '{{ item }}' @@ -37,5 +39,3 @@ name: "{{ system_service_id | get_service_name(SOFTWARE_NAME, False) ~ escaped_name.stdout }}.service" state: started when: MODE_ASSERT | bool - -- include_tasks: utils/run_once.yml \ No newline at end of file diff --git a/roles/sys-ctl-alm-compose/vars/main.yml b/roles/sys-ctl-alm-compose/vars/main.yml index 6f69f094..916ce01b 100644 --- a/roles/sys-ctl-alm-compose/vars/main.yml +++ b/roles/sys-ctl-alm-compose/vars/main.yml @@ -1,16 +1,7 @@ system_service_id: sys-ctl-alm-compose@ -SYSTEMCTL_ALARM_COMPOSER_SUBSERVICES_BASE: +SYSTEMCTL_ALARM_COMPOSER_SUBSERVICES: - 'sys-ctl-alm-email' - 'sys-ctl-alm-telegram' -SYSTEMCTL_ALARM_EMAIL_ENABLED: "{{ users['no-reply'].mailu_token | default(false) and not MODE_RESET }}" - -SYSTEMCTL_ALARM_COMPOSER_SUBSERVICES: >- - {{ - SYSTEMCTL_ALARM_COMPOSER_SUBSERVICES_BASE - if SYSTEMCTL_ALARM_EMAIL_ENABLED else - SYSTEMCTL_ALARM_COMPOSER_SUBSERVICES_BASE | reject('equalto', 'sys-ctl-alm-email') | list - }} - SYSTEMCTL_ALARM_COMPOSER_DUMMY_MESSAGE: "[Info] Dummy Message: No Failure; Ansible is initializing {{ SOFTWARE_NAME }} on {{ inventory_hostname }}." \ No newline at end of file diff --git a/roles/sys-ctl-alm-email/tasks/01_core.yml b/roles/sys-ctl-alm-email/tasks/01_core.yml index 95b79e54..143defe3 100644 --- a/roles/sys-ctl-alm-email/tasks/01_core.yml +++ b/roles/sys-ctl-alm-email/tasks/01_core.yml @@ -1,4 +1,4 @@ -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_flag.yml - name: Include dependencies include_role: diff --git a/roles/sys-ctl-alm-telegram/tasks/01_core.yml b/roles/sys-ctl-alm-telegram/tasks/01_core.yml index 9e4168bd..3b255a30 100644 --- a/roles/sys-ctl-alm-telegram/tasks/01_core.yml +++ b/roles/sys-ctl-alm-telegram/tasks/01_core.yml @@ -22,4 +22,4 @@ name: curl state: present -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml b/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml index a5543807..4992fb43 100644 --- a/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml +++ b/roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml @@ -28,4 +28,4 @@ system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" # system_service_tpl_exec_start_post: "/usr/bin/systemctl start {{ SYS_SERVICE_CLEANUP_BACKUPS }}" # Not possible to use it because it's a deathlock. Keep this line for documentation purposes -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-cln-anon-volumes/tasks/main.yml b/roles/sys-ctl-cln-anon-volumes/tasks/main.yml index 3700e739..b060a417 100644 --- a/roles/sys-ctl-cln-anon-volumes/tasks/main.yml +++ b/roles/sys-ctl-cln-anon-volumes/tasks/main.yml @@ -14,6 +14,6 @@ system_service_copy_files: false system_service_force_linear_sync: false - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: - run_once_sys_ctl_cln_anon_volumes is not defined diff --git a/roles/sys-ctl-cln-bkps/tasks/01_core.yml b/roles/sys-ctl-cln-bkps/tasks/01_core.yml index db4a99b1..018a7590 100644 --- a/roles/sys-ctl-cln-bkps/tasks/01_core.yml +++ b/roles/sys-ctl-cln-bkps/tasks/01_core.yml @@ -22,6 +22,6 @@ system_service_copy_files: true system_service_force_linear_sync: false -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml vars: flush_handlers: true \ No newline at end of file diff --git a/roles/sys-ctl-cln-certs/tasks/01_core.yml b/roles/sys-ctl-cln-certs/tasks/01_core.yml index 33c1b7cd..9a1f98a9 100644 --- a/roles/sys-ctl-cln-certs/tasks/01_core.yml +++ b/roles/sys-ctl-cln-certs/tasks/01_core.yml @@ -19,4 +19,4 @@ system_service_copy_files: false system_service_force_linear_sync: false -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/sys-ctl-cln-disc-space/tasks/01_core.yml b/roles/sys-ctl-cln-disc-space/tasks/01_core.yml index cb60e92b..c58385e8 100644 --- a/roles/sys-ctl-cln-disc-space/tasks/01_core.yml +++ b/roles/sys-ctl-cln-disc-space/tasks/01_core.yml @@ -16,4 +16,4 @@ system_service_tpl_exec_start_pre: '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ") }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(" ") }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"' system_service_force_linear_sync: false -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-cln-docker/tasks/main.yml b/roles/sys-ctl-cln-docker/tasks/main.yml index 6f88c4df..d79973b1 100644 --- a/roles/sys-ctl-cln-docker/tasks/main.yml +++ b/roles/sys-ctl-cln-docker/tasks/main.yml @@ -19,5 +19,5 @@ system_service_force_linear_sync: false system_service_force_flush: "{{ MODE_CLEANUP }}" - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_sys_ctl_cln_docker is not defined diff --git a/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml b/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml index cf03f3ac..64c8d86e 100644 --- a/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml +++ b/roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml @@ -22,4 +22,4 @@ system_service_tpl_exec_start_pre: '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(" ") }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(" ") }} --timeout "{{ SYS_TIMEOUT_CLEANUP_SERVICES }}"' system_service_tpl_exec_start: '/bin/sh -c "{{ CLEANUP_FAILED_BACKUPS_PKG }} --all --workers {{ CLEANUP_FAILED_BACKUPS_WORKERS }} --yes"' system_service_force_linear_sync: false -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/sys-ctl-hlth-btrfs/tasks/01_core.yml b/roles/sys-ctl-hlth-btrfs/tasks/01_core.yml index d776a464..675862b3 100644 --- a/roles/sys-ctl-hlth-btrfs/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-btrfs/tasks/01_core.yml @@ -10,4 +10,4 @@ system_service_timer_enabled: true system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-hlth-csp/tasks/01_core.yml b/roles/sys-ctl-hlth-csp/tasks/01_core.yml index acb4f36b..255fbad0 100644 --- a/roles/sys-ctl-hlth-csp/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-csp/tasks/01_core.yml @@ -23,4 +23,4 @@ --nginx-config-dir={{ NGINX.DIRECTORIES.HTTP.SERVERS }} --ignore-network-blocks-from {{ HEALTH_CSP_IGNORE_NETWORK_BLOCKS_FROM | join(' ') }} -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/sys-ctl-hlth-disc-space/tasks/01_core.yml b/roles/sys-ctl-hlth-disc-space/tasks/01_core.yml index e528f206..4c343f64 100644 --- a/roles/sys-ctl-hlth-disc-space/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-disc-space/tasks/01_core.yml @@ -11,4 +11,4 @@ system_service_tpl_exec_start: "{{ system_service_script_exec }} {{ SIZE_PERCENT_CLEANUP_DISC_SPACE }}" system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_CLEANUP_DISC_SPACE }}" -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/sys-ctl-hlth-docker-container/tasks/01_core.yml b/roles/sys-ctl-hlth-docker-container/tasks/01_core.yml index eb86f032..b8c243fb 100644 --- a/roles/sys-ctl-hlth-docker-container/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-docker-container/tasks/01_core.yml @@ -15,4 +15,4 @@ system_service_on_calendar: "{{ SYS_SCHEDULE_HEALTH_DOCKER_CONTAINER }}" system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_REPAIR_DOCKER_SOFT }}" -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml b/roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml index ea83f460..57447b19 100644 --- a/roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml @@ -11,4 +11,4 @@ system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_CLEANUP_ANONYMOUS_VOLUMES }}" system_service_tpl_exec_start: '{{ system_service_script_exec }} "{{ DOCKER_WHITELISTET_ANON_VOLUMES | join(" ") }}"' -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-hlth-journalctl/tasks/01_core.yml b/roles/sys-ctl-hlth-journalctl/tasks/01_core.yml index 1c1c9624..aab9e31f 100644 --- a/roles/sys-ctl-hlth-journalctl/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-journalctl/tasks/01_core.yml @@ -11,4 +11,4 @@ system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" system_service_suppress_flush: true # There are almost allways errors in the journalctl logs so suppression is neccessary to let playbook run -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-hlth-msmtp/tasks/01_core.yml b/roles/sys-ctl-hlth-msmtp/tasks/01_core.yml index a2d7b8c2..bb31f6fb 100644 --- a/roles/sys-ctl-hlth-msmtp/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-msmtp/tasks/01_core.yml @@ -13,4 +13,4 @@ - not MODE_RESET | bool - users['no-reply'].mailu_token | default(false) -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-hlth-webserver/tasks/01_core.yml b/roles/sys-ctl-hlth-webserver/tasks/01_core.yml index 9436fc24..00bbc6d7 100644 --- a/roles/sys-ctl-hlth-webserver/tasks/01_core.yml +++ b/roles/sys-ctl-hlth-webserver/tasks/01_core.yml @@ -26,4 +26,4 @@ --expectations '{{ applications | web_health_expectations(www_enabled=WWW_REDIRECT_ENABLED | bool, group_names=group_names) | to_json }}' system_service_suppress_flush: true # The healthcheck will just work after all routines passed -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/sys-ctl-mtn-cert-deploy/files/script.sh b/roles/sys-ctl-mtn-cert-deploy/files/script.sh index 2b83acb5..8a83060a 100644 --- a/roles/sys-ctl-mtn-cert-deploy/files/script.sh +++ b/roles/sys-ctl-mtn-cert-deploy/files/script.sh @@ -10,45 +10,71 @@ fi ssl_cert_folder="$1" docker_compose_instance_directory="$2" letsencrypt_live_path="$3" -docker_compose_cert_directory="$docker_compose_instance_directory/volumes/certs" +docker_compose_cert_directory="${docker_compose_instance_directory}volumes/certs" -# Copy certificates -cp -RvL "$letsencrypt_live_path/$ssl_cert_folder/"* "$docker_compose_cert_directory" || exit 1 +# Ensure the target cert directory exists +if [ ! -d "$docker_compose_cert_directory" ]; then + echo "Creating certs directory: $docker_compose_cert_directory" + mkdir -p "$docker_compose_cert_directory" || exit 1 +fi -# This code is optimized for mailu -cp -v "$letsencrypt_live_path/$ssl_cert_folder/privkey.pem" "$docker_compose_cert_directory/key.pem" || exit 1 -cp -v "$letsencrypt_live_path/$ssl_cert_folder/fullchain.pem" "$docker_compose_cert_directory/cert.pem" || exit 1 +# Copy all certificates (generic) +cp -RvL "${letsencrypt_live_path}/${ssl_cert_folder}/"* "$docker_compose_cert_directory" || exit 1 + +# Mailu optimization: explicit key/cert mapping +cp -v "${letsencrypt_live_path}/${ssl_cert_folder}/privkey.pem" "${docker_compose_cert_directory}/key.pem" || exit 1 +cp -v "${letsencrypt_live_path}/${ssl_cert_folder}/fullchain.pem" "${docker_compose_cert_directory}/cert.pem" || exit 1 # Set correct reading rights -chmod a+r -v "$docker_compose_cert_directory/"* +chmod a+r -v "${docker_compose_cert_directory}/"* || exit 1 -# Flag to track if any Nginx reload was successful +# Flags to track Nginx reload status nginx_reload_successful=false +nginx_reload_failed=false +failed_services="" # Reload Nginx in all containers within the Docker Compose setup cd "$docker_compose_instance_directory" || exit 1 +echo "Wait for 5 minutes to prevent interuption of setup procedures" +sleep 300 + # Iterate over all services for service in $(docker compose ps --services); do echo "Checking service: $service" + # Check if Nginx exists in the container if docker compose exec -T "$service" which nginx > /dev/null 2>&1; then + echo "Testing Nginx config for service: $service" + if ! docker compose exec -T "$service" nginx -t; then + echo "Nginx config test FAILED for service: $service" >&2 + nginx_reload_failed=true + failed_services="$failed_services $service" + continue + fi + echo "Reloading Nginx for service: $service" if docker compose exec -T "$service" nginx -s reload; then nginx_reload_successful=true echo "Successfully reloaded Nginx for service: $service" else echo "Failed to reload Nginx for service: $service" >&2 + nginx_reload_failed=true + failed_services="$failed_services $service" fi else echo "Nginx not found in service: $service, skipping." fi done -# Restart all containers if no Nginx reload was successful -if [ "$nginx_reload_successful" = false ]; then - echo "No Nginx reload was successful. Restarting all Docker containers." - docker compose restart || exit 1 -else +# Optional auto-healing: restart only the services whose reload failed +if [ "$nginx_reload_failed" = true ]; then + echo "At least one Nginx reload failed. Affected services:${failed_services}" + echo "Restarting affected services to apply the new certificates..." + # shellcheck disable=SC2086 + (sleep 120 && docker compose restart $failed_services) || (sleep 120 && docker compose restart) || exit 1 +elif [ "$nginx_reload_successful" = true ]; then echo "At least one Nginx reload was successful. No restart needed." +else + echo "No Nginx instances found in any service. Nothing to reload." fi diff --git a/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml b/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml index f5f40a91..8a5e709d 100644 --- a/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml +++ b/roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml @@ -5,6 +5,12 @@ flush_handlers: true when: run_once_sys_ctl_alm_compose is not defined +- name: "Ensure cert deploy target directory exists" + file: + path: "{{ docker_compose.directories.volumes }}certs" + state: directory + mode: "0755" + - include_role: name: sys-service vars: @@ -13,4 +19,6 @@ persistent: "true" system_service_timer_enabled: true system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" - system_service_force_linear_sync: false \ No newline at end of file + system_service_force_linear_sync: false + +- include_tasks: utils/once_flag.yml \ No newline at end of file diff --git a/roles/sys-ctl-mtn-cert-deploy/tasks/main.yml b/roles/sys-ctl-mtn-cert-deploy/tasks/main.yml index faed79fd..08b44b3f 100644 --- a/roles/sys-ctl-mtn-cert-deploy/tasks/main.yml +++ b/roles/sys-ctl-mtn-cert-deploy/tasks/main.yml @@ -1,7 +1,4 @@ -- block: - - include_tasks: 01_core.yml - - set_fact: - run_once_sys_ctl_mtn_cert_deploy: true +- include_tasks: 01_core.yml when: run_once_sys_ctl_mtn_cert_deploy is not defined diff --git a/roles/sys-ctl-mtn-cert-deploy/vars/main.yml b/roles/sys-ctl-mtn-cert-deploy/vars/main.yml index 34a1df21..7944fee8 100644 --- a/roles/sys-ctl-mtn-cert-deploy/vars/main.yml +++ b/roles/sys-ctl-mtn-cert-deploy/vars/main.yml @@ -1 +1 @@ -system_service_id: "sys-ctl-mtn-cert-deploy" +system_service_id: "sys-ctl-mtn-cert-deploy" diff --git a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml index 6e8a116f..8883e49b 100644 --- a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml +++ b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml @@ -22,4 +22,4 @@ system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" system_service_force_linear_sync: false -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml b/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml index 44577dd7..bf4e6562 100644 --- a/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml +++ b/roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml @@ -20,4 +20,4 @@ system_service_tpl_exec_start: "/bin/sh -c 'btrfs-auto-balancer 90 10'" system_service_force_linear_sync: true -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml b/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml index 6497d4ed..4bc11178 100644 --- a/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml +++ b/roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml @@ -14,4 +14,4 @@ system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}" system_service_force_linear_sync: true -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml b/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml index b28ceacc..59b44776 100644 --- a/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml +++ b/roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml @@ -12,4 +12,4 @@ /bin/sh -c '{{ system_service_script_exec }} --manipulation-string "{{ SYS_SERVICE_GROUP_MANIPULATION | join(" ") }}" {{ PATH_DOCKER_COMPOSE_INSTANCES }}' system_service_force_linear_sync: true -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/sys-daemon/tasks/main.yml b/roles/sys-daemon/tasks/main.yml index 9a0f9530..062df24c 100644 --- a/roles/sys-daemon/tasks/main.yml +++ b/roles/sys-daemon/tasks/main.yml @@ -4,5 +4,5 @@ when: MODE_RESET | bool and run_once_sys_daemon is not defined - name: Apply systemd manager defaults include_tasks: 02_defaults.yml - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_sys_daemon is not defined \ No newline at end of file diff --git a/roles/sys-dns-wildcards/tasks/01_core.yml b/roles/sys-dns-wildcards/tasks/01_core.yml index f4c8b65e..6f0dd88d 100644 --- a/roles/sys-dns-wildcards/tasks/01_core.yml +++ b/roles/sys-dns-wildcards/tasks/01_core.yml @@ -9,4 +9,4 @@ cloudflare_async_poll: "{{ ASYNC_POLL }}" when: DNS_PROVIDER == 'cloudflare' -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/sys-front-inj-all/tasks/01_dependencies.yml b/roles/sys-front-inj-all/tasks/01_dependencies.yml index 1ba0238c..1a5cc9d2 100644 --- a/roles/sys-front-inj-all/tasks/01_dependencies.yml +++ b/roles/sys-front-inj-all/tasks/01_dependencies.yml @@ -14,7 +14,7 @@ - application_id != 'web-app-matomo' - run_once_web_app_matomo is not defined -- name: "Setup web-app-matomo because endpoint was not reachable" +- name: "Setup web-app-matomo" include_role: name: web-app-matomo public: false diff --git a/roles/sys-front-inj-all/tasks/main.yml b/roles/sys-front-inj-all/tasks/main.yml index 9b72e455..a709a5a5 100644 --- a/roles/sys-front-inj-all/tasks/main.yml +++ b/roles/sys-front-inj-all/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: sys-svc-webserver-core when: run_once_sys_svc_webserver_core is not defined - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_sys_front_inj_all is not defined - name: Build inj_enabled for '{{ domain }}'" @@ -13,7 +13,8 @@ - name: "Included dependent services" include_tasks: 01_dependencies.yml vars: - proxy_extra_configuration: "" + proxy_extra_configuration: "" + docker_compose_flush_handlers: true - name: Reinitialize 'inj_enabled' for '{{ domain }}', after loading the required webservices set_fact: diff --git a/roles/sys-front-inj-css/tasks/01_core.yml b/roles/sys-front-inj-css/tasks/01_core.yml index 5138238d..51521e90 100644 --- a/roles/sys-front-inj-css/tasks/01_core.yml +++ b/roles/sys-front-inj-css/tasks/01_core.yml @@ -29,4 +29,4 @@ mode: '0644' loop: "{{ CSS_FILES }}" -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-front-inj-desktop/tasks/01_core.yml b/roles/sys-front-inj-desktop/tasks/01_core.yml index 0eaecbe1..52255198 100644 --- a/roles/sys-front-inj-desktop/tasks/01_core.yml +++ b/roles/sys-front-inj-desktop/tasks/01_core.yml @@ -6,4 +6,4 @@ group: "{{ NGINX.USER }}" mode: '0644' -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-lock/tasks/main.yml b/roles/sys-lock/tasks/main.yml index b7ebb7c2..a219f382 100644 --- a/roles/sys-lock/tasks/main.yml +++ b/roles/sys-lock/tasks/main.yml @@ -5,7 +5,7 @@ src: sys-lock.py dest: "{{ PATH_SYSTEM_LOCK_SCRIPT }}" - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml vars: flush_handlers: false when: run_once_sys_lock is not defined diff --git a/roles/sys-postfix/tasks/main.yml b/roles/sys-postfix/tasks/main.yml index 06186ee2..4b8a99a4 100644 --- a/roles/sys-postfix/tasks/main.yml +++ b/roles/sys-postfix/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: user-administrator when: run_once_user_administrator is not defined - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_sys_postfix is not defined - name: install postfix diff --git a/roles/sys-service/tasks/01_core.yml b/roles/sys-service/tasks/01_core.yml index fe06aa84..bf16167c 100644 --- a/roles/sys-service/tasks/01_core.yml +++ b/roles/sys-service/tasks/01_core.yml @@ -7,4 +7,4 @@ include_tasks: 02_reset.yml when: MODE_RESET | bool -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-stk-front-base/tasks/main.yml b/roles/sys-stk-front-base/tasks/main.yml index a92fd82a..3904c130 100644 --- a/roles/sys-stk-front-base/tasks/main.yml +++ b/roles/sys-stk-front-base/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: sys-svc-webserver-https when: run_once_sys_svc_webserver_https is not defined - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_sys_stk_front_base is not defined - include_tasks: "01_cloudflare.yml" diff --git a/roles/sys-svc-cdn/tasks/main.yml b/roles/sys-svc-cdn/tasks/main.yml index 39d3d0eb..330a7b1a 100644 --- a/roles/sys-svc-cdn/tasks/main.yml +++ b/roles/sys-svc-cdn/tasks/main.yml @@ -8,7 +8,7 @@ group: "{{ NGINX.USER }}" mode: "0755" loop: "{{ CDN_DIRS_GLOBAL }}" - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: - run_once_sys_svc_cdn is not defined diff --git a/roles/sys-svc-certbot/tasks/01_core.yml b/roles/sys-svc-certbot/tasks/01_core.yml index d849d26a..2f1da9bf 100644 --- a/roles/sys-svc-certbot/tasks/01_core.yml +++ b/roles/sys-svc-certbot/tasks/01_core.yml @@ -7,4 +7,4 @@ include_tasks: 02_no_webroot.yml when: CERTBOT_ACME_CHALLENGE_METHOD != 'webroot' -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-svc-certs/tasks/main.yml b/roles/sys-svc-certs/tasks/main.yml index 0d1a6639..9c9e861b 100644 --- a/roles/sys-svc-certs/tasks/main.yml +++ b/roles/sys-svc-certs/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: sys-svc-webserver-https when: run_once_sys_svc_webserver_https is not defined - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_sys_svc_certs is not defined - name: "Include flavor '{{ CERTBOT_FLAVOR }}' for '{{ domain }}'" diff --git a/roles/sys-svc-cln-domains/tasks/main.yml b/roles/sys-svc-cln-domains/tasks/main.yml index 83e28d8a..feb69644 100644 --- a/roles/sys-svc-cln-domains/tasks/main.yml +++ b/roles/sys-svc-cln-domains/tasks/main.yml @@ -50,5 +50,5 @@ # 'No certificate found with name' not in certbot_delete_result.stderr # changed_when: > # certbot_delete_result.rc == 0 - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_sys_svc_cln_domains is not defined diff --git a/roles/sys-svc-dns/tasks/01_core.yml b/roles/sys-svc-dns/tasks/01_core.yml index d562a9f0..036ed0c1 100644 --- a/roles/sys-svc-dns/tasks/01_core.yml +++ b/roles/sys-svc-dns/tasks/01_core.yml @@ -36,4 +36,4 @@ parent_dns_proxied: false when: run_once_sys_dns_wildcards is not defined -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-svc-docker/tasks/01_core.yml b/roles/sys-svc-docker/tasks/01_core.yml index 020b2040..0cad0124 100644 --- a/roles/sys-svc-docker/tasks/01_core.yml +++ b/roles/sys-svc-docker/tasks/01_core.yml @@ -1,3 +1,5 @@ +- include_tasks: utils/once_flag.yml + - name: docker & docker compose install community.general.pacman: name: @@ -26,5 +28,3 @@ - sys-ctl-hlth-docker-volumes - sys-ctl-rpr-docker-hard when: SYS_SVC_DOCKER_LOAD_SERVICES | bool - -- include_tasks: utils/run_once.yml \ No newline at end of file diff --git a/roles/sys-svc-journalctl/tasks/main.yml b/roles/sys-svc-journalctl/tasks/main.yml index db7bd210..978fac23 100644 --- a/roles/sys-svc-journalctl/tasks/main.yml +++ b/roles/sys-svc-journalctl/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: sys-ctl-hlth-journalctl when: run_once_sys_ctl_hlth_journalctl is not defined - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_sys_svc_journalctl is not defined - name: copy journald.conf diff --git a/roles/sys-svc-letsencrypt/tasks/01_core.yml b/roles/sys-svc-letsencrypt/tasks/01_core.yml index 0b91570f..cbd60f41 100644 --- a/roles/sys-svc-letsencrypt/tasks/01_core.yml +++ b/roles/sys-svc-letsencrypt/tasks/01_core.yml @@ -9,4 +9,4 @@ dest: "{{ [ NGINX.DIRECTORIES.HTTP.GLOBAL, 'letsencrypt.conf' ] | path_join }}" notify: restart openresty -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/sys-svc-msmtp/tasks/01_core.yml b/roles/sys-svc-msmtp/tasks/01_core.yml index 92078c76..ac6f4a39 100644 --- a/roles/sys-svc-msmtp/tasks/01_core.yml +++ b/roles/sys-svc-msmtp/tasks/01_core.yml @@ -1,3 +1,25 @@ +- include_tasks: utils/once_flag.yml + +- name: "Check if Mail Host is reachable" + uri: + url: "{{ WEB_PROTOCOL ~ '://' ~ SYSTEM_EMAIL.HOST }}" + method: HEAD + validate_certs: yes + status_code: [200, 301, 302] + register: mail_host_reachability + failed_when: false + changed_when: false + no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}" + when: + - run_once_web_app_mailu is not defined + - "{{ 'web-app-mailu' in group_names }}" + - SYSTEM_EMAIL.HOST == domains | get_domain('web-app-mailu') + +- name: "Load Mailu Routines for '{{ role_name }}'" + include_tasks: 02_mailu.yml + when: + - mail_host_reachability is defined + - mail_host_reachability.status | default(0) not in [200, 301, 302] - name: install msmtp msmtp-mta community.general.pacman: @@ -16,5 +38,4 @@ name: sys-ctl-hlth-msmtp when: run_once_sys_ctl_hlth_msmtp is not defined -- set_fact: - run_once_sys_svc_msmtp: true \ No newline at end of file +- include_tasks: utils/compose_up.yml \ No newline at end of file diff --git a/roles/sys-svc-msmtp/tasks/02_mailu.yml b/roles/sys-svc-msmtp/tasks/02_mailu.yml new file mode 100644 index 00000000..ca257b78 --- /dev/null +++ b/roles/sys-svc-msmtp/tasks/02_mailu.yml @@ -0,0 +1,11 @@ +- name: "Load Mailu before MSMTP config, to guaranty that server is up" + include_role: + name: web-app-mailu + public: false + vars: + flush_handlers: true + +- name: "Reset compose handlers after Mailu include for MSMTP" + include_tasks: "{{ [ playbook_dir, 'tasks/utils/load_handlers.yml' ] | path_join }}" + vars: + handler_role_name: "docker-compose" \ No newline at end of file diff --git a/roles/sys-svc-msmtp/tasks/main.yml b/roles/sys-svc-msmtp/tasks/main.yml index bae6aaa2..ff24898c 100644 --- a/roles/sys-svc-msmtp/tasks/main.yml +++ b/roles/sys-svc-msmtp/tasks/main.yml @@ -1,6 +1,3 @@ - name: "Load MSMTP Core Once" include_tasks: 01_core.yml - when: - - run_once_sys_svc_msmtp is not defined or run_once_sys_svc_msmtp is false - - users['no-reply'].mailu_token is defined - - not MODE_RESET | bool \ No newline at end of file + when: not run_once_sys_svc_msmtp | default(false) \ No newline at end of file diff --git a/roles/sys-svc-sshd/tasks/main.yml b/roles/sys-svc-sshd/tasks/main.yml index 6bd5c2c2..a0898974 100644 --- a/roles/sys-svc-sshd/tasks/main.yml +++ b/roles/sys-svc-sshd/tasks/main.yml @@ -11,5 +11,5 @@ group: root mode: '0644' notify: sshd restart - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_sys_svc_sshd is not defined diff --git a/roles/sys-svc-webserver-core/tasks/01_core.yml b/roles/sys-svc-webserver-core/tasks/01_core.yml index cc09bf7a..e620724a 100644 --- a/roles/sys-svc-webserver-core/tasks/01_core.yml +++ b/roles/sys-svc-webserver-core/tasks/01_core.yml @@ -53,4 +53,4 @@ vars: flush_handlers: false -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/sys-svc-webserver-https/tasks/main.yml b/roles/sys-svc-webserver-https/tasks/main.yml index f9a95994..9af323cd 100644 --- a/roles/sys-svc-webserver-https/tasks/main.yml +++ b/roles/sys-svc-webserver-https/tasks/main.yml @@ -7,5 +7,5 @@ - sys-svc-cln-domains - sys-svc-letsencrypt - sys-svc-dns - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_sys_svc_webserver_https is not defined diff --git a/roles/sys-timer-cln-bkps/tasks/01_core.yml b/roles/sys-timer-cln-bkps/tasks/01_core.yml index 111b02fa..c2bec0b0 100644 --- a/roles/sys-timer-cln-bkps/tasks/01_core.yml +++ b/roles/sys-timer-cln-bkps/tasks/01_core.yml @@ -1,3 +1,5 @@ +- include_tasks: utils/once_flag.yml + - name: Include dependencies include_role: name: '{{ item }}' diff --git a/roles/sys-timer-cln-bkps/tasks/main.yml b/roles/sys-timer-cln-bkps/tasks/main.yml index ac31cb5f..435bd34a 100644 --- a/roles/sys-timer-cln-bkps/tasks/main.yml +++ b/roles/sys-timer-cln-bkps/tasks/main.yml @@ -1,6 +1,2 @@ -- block: - - include_tasks: 01_core.yml - - name: run the cleanup_backups_timer tasks once - set_fact: - run_once_sys_timer_cln_bkps: true +- include_tasks: 01_core.yml when: run_once_sys_timer_cln_bkps is not defined diff --git a/roles/update-apt/tasks/main.yml b/roles/update-apt/tasks/main.yml index 4c6cd378..22678258 100644 --- a/roles/update-apt/tasks/main.yml +++ b/roles/update-apt/tasks/main.yml @@ -5,7 +5,7 @@ upgrade: dist force_apt_get: yes - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml vars: flush_handlers: false when: run_once_update_apt is not defined \ No newline at end of file diff --git a/roles/update-compose/tasks/01_core.yml b/roles/update-compose/tasks/01_core.yml index 7f799c25..1254253d 100644 --- a/roles/update-compose/tasks/01_core.yml +++ b/roles/update-compose/tasks/01_core.yml @@ -18,4 +18,4 @@ - ansible_distribution == "Debian" - run_once_update_apt is not defined -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/update-pacman/tasks/main.yml b/roles/update-pacman/tasks/main.yml index eb8e7ac6..1d5f35a9 100644 --- a/roles/update-pacman/tasks/main.yml +++ b/roles/update-pacman/tasks/main.yml @@ -4,7 +4,7 @@ update_cache: yes upgrade: yes - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml vars: flush_handlers: false when: run_once_update_pacman is not defined \ No newline at end of file diff --git a/roles/user-administrator/tasks/01_core.yml b/roles/user-administrator/tasks/01_core.yml index e7353eed..6bc4f71e 100644 --- a/roles/user-administrator/tasks/01_core.yml +++ b/roles/user-administrator/tasks/01_core.yml @@ -53,4 +53,4 @@ vars: user_name: "administrator" -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_flag.yml \ No newline at end of file diff --git a/roles/user-root/tasks/01_core.yml b/roles/user-root/tasks/01_core.yml index 1e6f40d4..f7f98bc2 100644 --- a/roles/user-root/tasks/01_core.yml +++ b/roles/user-root/tasks/01_core.yml @@ -25,6 +25,4 @@ vars: user_name: "root" -- include_tasks: utils/run_once.yml - vars: - flush_handlers: false +- include_tasks: utils/once_flag.yml diff --git a/roles/util-desk-design/tasks/01_core.yml b/roles/util-desk-design/tasks/01_core.yml index 9f50d2d9..e4114353 100644 --- a/roles/util-desk-design/tasks/01_core.yml +++ b/roles/util-desk-design/tasks/01_core.yml @@ -15,4 +15,6 @@ use: yay name: - drawio-desktop - become: false \ No newline at end of file + become: false + +- include_tasks: utils/once_flag.yml \ No newline at end of file diff --git a/roles/util-desk-design/tasks/main.yml b/roles/util-desk-design/tasks/main.yml index e6df76f7..407c1677 100644 --- a/roles/util-desk-design/tasks/main.yml +++ b/roles/util-desk-design/tasks/main.yml @@ -1,6 +1,3 @@ -- block: - - include_tasks: 01_core.yml - - set_fact: - run_once_util_desk_design: true +- include_tasks: 01_core.yml when: run_once_util_desk_design is not defined diff --git a/roles/util-desk-dev-core/tasks/main.yml b/roles/util-desk-dev-core/tasks/main.yml index e4ce5187..b195534b 100644 --- a/roles/util-desk-dev-core/tasks/main.yml +++ b/roles/util-desk-dev-core/tasks/main.yml @@ -9,5 +9,5 @@ name: - code state: present - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_util_desk_dev_core is not defined diff --git a/roles/util-desk-dev-python/tasks/main.yml b/roles/util-desk-dev-python/tasks/main.yml index fe17d846..1ba7bcff 100644 --- a/roles/util-desk-dev-python/tasks/main.yml +++ b/roles/util-desk-dev-python/tasks/main.yml @@ -3,5 +3,5 @@ include_role: name: dev-python-pip when: run_once_dev_python_pip is not defined - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_util_desk_dev_python is not defined diff --git a/roles/util-dev-admin/tasks/main.yml b/roles/util-dev-admin/tasks/main.yml index 80942bf9..15741ebb 100644 --- a/roles/util-dev-admin/tasks/main.yml +++ b/roles/util-dev-admin/tasks/main.yml @@ -14,5 +14,5 @@ - fdupes - p7zip state: present - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_util_dev_admin is not defined diff --git a/roles/web-app-bookwyrm/tasks/main.yml b/roles/web-app-bookwyrm/tasks/main.yml index 4c32e189..500bdcec 100644 --- a/roles/web-app-bookwyrm/tasks/main.yml +++ b/roles/web-app-bookwyrm/tasks/main.yml @@ -3,5 +3,5 @@ - name: "load docker, db/redis and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_web_app_bookwyrm is not defined \ No newline at end of file diff --git a/roles/web-app-bridgy-fed/tasks/01_core.yml b/roles/web-app-bridgy-fed/tasks/01_core.yml index afb86bbf..2ae2e6f0 100644 --- a/roles/web-app-bridgy-fed/tasks/01_core.yml +++ b/roles/web-app-bridgy-fed/tasks/01_core.yml @@ -9,4 +9,4 @@ domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/web-app-chess/tasks/01_core.yml b/roles/web-app-chess/tasks/01_core.yml index 07b9d82d..67e31720 100644 --- a/roles/web-app-chess/tasks/01_core.yml +++ b/roles/web-app-chess/tasks/01_core.yml @@ -9,4 +9,4 @@ notify: - docker compose build -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/web-app-confluence/tasks/main.yml b/roles/web-app-confluence/tasks/main.yml index c581ae28..70ab4894 100644 --- a/roles/web-app-confluence/tasks/main.yml +++ b/roles/web-app-confluence/tasks/main.yml @@ -3,5 +3,5 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_web_app_confluence is not defined diff --git a/roles/web-app-desktop/tasks/01_core.yml b/roles/web-app-desktop/tasks/01_core.yml index 39669bf8..510fb565 100644 --- a/roles/web-app-desktop/tasks/01_core.yml +++ b/roles/web-app-desktop/tasks/01_core.yml @@ -71,4 +71,4 @@ delay: 5 until: desktop_http.status == 200 -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/web-app-discourse/tasks/01_core.yml b/roles/web-app-discourse/tasks/01_core.yml index f1998ae8..695d21a2 100644 --- a/roles/web-app-discourse/tasks/01_core.yml +++ b/roles/web-app-discourse/tasks/01_core.yml @@ -8,4 +8,4 @@ - name: "Setup '{{ application_id }}' network" include_tasks: 04_network.yml -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/web-app-jira/tasks/main.yml b/roles/web-app-jira/tasks/main.yml index aadd805a..2ef005e5 100644 --- a/roles/web-app-jira/tasks/main.yml +++ b/roles/web-app-jira/tasks/main.yml @@ -3,5 +3,5 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_web_app_jira is not defined diff --git a/roles/web-app-littlejs/tasks/01_core.yml b/roles/web-app-littlejs/tasks/01_core.yml index d2e5bec6..4a0f0aa5 100644 --- a/roles/web-app-littlejs/tasks/01_core.yml +++ b/roles/web-app-littlejs/tasks/01_core.yml @@ -29,4 +29,4 @@ - name: "flush docker compose for '{{ application_id }}'" meta: flush_handlers -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/web-app-magento/tasks/01_core.yml b/roles/web-app-magento/tasks/01_core.yml index c1a741f4..6ef5bf27 100644 --- a/roles/web-app-magento/tasks/01_core.yml +++ b/roles/web-app-magento/tasks/01_core.yml @@ -48,4 +48,4 @@ ('Magento installation complete' in magento_install.stdout or 'successfully installed' in magento_install.stdout)) -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/web-app-mailu/tasks/01_core.yml b/roles/web-app-mailu/tasks/01_core.yml index 3d68a919..05fe4fc0 100644 --- a/roles/web-app-mailu/tasks/01_core.yml +++ b/roles/web-app-mailu/tasks/01_core.yml @@ -1,3 +1,5 @@ +- include_tasks: utils/once_flag.yml + - name: Ensure MAILU_HOSTNAMES is a list with max 1 entry ansible.builtin.assert: that: @@ -23,21 +25,18 @@ dest: "{{ MAILU_RSPAMD_HOST_FILE }}" mode: "0644" -- name: "Mailu Docker and Webserver Setup" - block: - - name: "load docker, db and proxy for {{ application_id }}" - include_role: - name: sys-stk-full-stateful - vars: - docker_compose_flush_handlers: true - - - name: "Include Cert deploy service for '{{ role_name }}'" - include_role: - name: sys-ctl-mtn-cert-deploy +- name: "load docker, db and proxy for {{ application_id }}" + include_role: + name: sys-stk-full-stateful vars: + docker_compose_flush_handlers: true domain: "{{ MAILU_HOSTNAME }}" -- name: Flush docker service handlers +- name: "Include Cert deploy service for '{{ role_name }}'" + include_role: + name: sys-ctl-mtn-cert-deploy + +- name: "Flush Docker Compose handlers" meta: flush_handlers - name: "Create Mailu accounts" @@ -67,5 +66,3 @@ - name: Set Mailu DNS records include_tasks: 05_dns-records.yml - -- include_tasks: utils/run_once.yml \ No newline at end of file diff --git a/roles/web-app-mailu/tasks/03b_create_user_token.yml b/roles/web-app-mailu/tasks/03b_create_user_token.yml index c9950663..7f800e43 100644 --- a/roles/web-app-mailu/tasks/03b_create_user_token.yml +++ b/roles/web-app-mailu/tasks/03b_create_user_token.yml @@ -51,15 +51,3 @@ }, recursive=True) }} no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}" - -- name: "Reset MSMTP Configuration if No-Reply User Token changed" - when: users['no-reply'].username == mailu_user_name - block: - - name: "Set MSMTP run-once fact false" - set_fact: - run_once_sys_svc_msmtp: false - changed_when: false - - - name: Reload MSMTP role - include_role: - name: "sys-svc-msmtp" \ No newline at end of file diff --git a/roles/web-app-matomo/tasks/01_core.yml b/roles/web-app-matomo/tasks/01_core.yml index 8bdbfe66..2fd9599c 100644 --- a/roles/web-app-matomo/tasks/01_core.yml +++ b/roles/web-app-matomo/tasks/01_core.yml @@ -1,5 +1,5 @@ # Required to be set on the top to prevent infinite recursions appearing in roles/sys-front-inj-all/tasks/01_dependencies.yml -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_flag.yml - name: "load docker, db and proxy for {{ application_id }}" include_role: @@ -43,3 +43,5 @@ token_auth: "{{ matomo_auth_token }}" return_content: yes status_code: 200 + +- include_tasks: utils/compose_up.yml diff --git a/roles/web-app-mig/tasks/01_core.yml b/roles/web-app-mig/tasks/01_core.yml index b72b8e97..415ae204 100644 --- a/roles/web-app-mig/tasks/01_core.yml +++ b/roles/web-app-mig/tasks/01_core.yml @@ -16,4 +16,4 @@ - include_tasks: 03_build_data.yml when: MIG_BUILD_DATA | bool -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/web-app-mini-qr/tasks/01_core.yml b/roles/web-app-mini-qr/tasks/01_core.yml index 8d548c21..16ad3c38 100644 --- a/roles/web-app-mini-qr/tasks/01_core.yml +++ b/roles/web-app-mini-qr/tasks/01_core.yml @@ -4,4 +4,4 @@ vars: docker_compose_flush_handlers: true -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/web-app-pretix/tasks/main.yml b/roles/web-app-pretix/tasks/main.yml index 33992ce6..a28c2ba6 100644 --- a/roles/web-app-pretix/tasks/main.yml +++ b/roles/web-app-pretix/tasks/main.yml @@ -3,5 +3,5 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_web_app_pretix is not defined diff --git a/roles/web-app-xwiki/tasks/01_core.yml b/roles/web-app-xwiki/tasks/01_core.yml index afe2c555..e7be5605 100644 --- a/roles/web-app-xwiki/tasks/01_core.yml +++ b/roles/web-app-xwiki/tasks/01_core.yml @@ -49,4 +49,4 @@ xwiki_oidc_enabled_switch: "{{ XWIKI_OIDC_ENABLED | bool }}" xwiki_ldap_enabled_switch: "{{ XWIKI_LDAP_ENABLED | bool }}" -- include_tasks: utils/run_once.yml +- include_tasks: utils/once_finalize.yml diff --git a/roles/web-opt-rdr-domains/tasks/main.yml b/roles/web-opt-rdr-domains/tasks/main.yml index 4fc36e5d..00c9e037 100644 --- a/roles/web-opt-rdr-domains/tasks/main.yml +++ b/roles/web-opt-rdr-domains/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: sys-svc-webserver-https when: run_once_sys_svc_webserver_https is not defined - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_web_opt_rdr_domains is not defined - name: "Include domains redirects" diff --git a/roles/web-svc-cdn/tasks/01_core.yml b/roles/web-svc-cdn/tasks/01_core.yml index 5ab1a5c7..e401b2eb 100644 --- a/roles/web-svc-cdn/tasks/01_core.yml +++ b/roles/web-svc-cdn/tasks/01_core.yml @@ -1,3 +1,5 @@ +- include_tasks: utils/once_flag.yml + - name: Include dependencies include_role: name: '{{ item }}' @@ -5,4 +7,4 @@ - sys-stk-front-proxy - dev-git -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/compose_up.yml \ No newline at end of file diff --git a/roles/web-svc-collabora/tasks/01_core.yml b/roles/web-svc-collabora/tasks/01_core.yml index d572553b..5bb780ec 100644 --- a/roles/web-svc-collabora/tasks/01_core.yml +++ b/roles/web-svc-collabora/tasks/01_core.yml @@ -28,4 +28,4 @@ async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}" poll: "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}" -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/web-svc-coturn/tasks/01_core.yml b/roles/web-svc-coturn/tasks/01_core.yml index 3f0dbee2..007d3daa 100644 --- a/roles/web-svc-coturn/tasks/01_core.yml +++ b/roles/web-svc-coturn/tasks/01_core.yml @@ -5,4 +5,4 @@ docker_compose_file_creation_enabled: true docker_pull_git_repository: false -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/web-svc-file/tasks/main.yml b/roles/web-svc-file/tasks/main.yml index c8fe233f..0a71ff53 100644 --- a/roles/web-svc-file/tasks/main.yml +++ b/roles/web-svc-file/tasks/main.yml @@ -5,5 +5,5 @@ loop: - sys-stk-front-proxy - dev-git - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_web_svc_file is not defined diff --git a/roles/web-svc-html/tasks/main.yml b/roles/web-svc-html/tasks/main.yml index e4806e9d..134165f7 100644 --- a/roles/web-svc-html/tasks/main.yml +++ b/roles/web-svc-html/tasks/main.yml @@ -5,5 +5,5 @@ loop: - sys-stk-front-proxy - dev-git - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_web_svc_html is not defined diff --git a/roles/web-svc-libretranslate/tasks/main.yml b/roles/web-svc-libretranslate/tasks/main.yml index 4cb4814e..48482bec 100644 --- a/roles/web-svc-libretranslate/tasks/main.yml +++ b/roles/web-svc-libretranslate/tasks/main.yml @@ -2,5 +2,5 @@ - name: "load docker, db and proxy for {{ application_id }}" include_role: name: sys-stk-full-stateful - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_web_svc_libretranslate is not defined diff --git a/roles/web-svc-logout/tasks/01_core.yml b/roles/web-svc-logout/tasks/01_core.yml index 79f04dec..7d4b5a15 100644 --- a/roles/web-svc-logout/tasks/01_core.yml +++ b/roles/web-svc-logout/tasks/01_core.yml @@ -1,3 +1,5 @@ +- include_tasks: utils/once_flag.yml + - name: "Add logout domains to CSP connect-src" set_fact: applications: >- @@ -32,4 +34,4 @@ dest: "{{ [ docker_repository_path, '.env' ] | path_join }}" state: link -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/compose_up.yml \ No newline at end of file diff --git a/roles/web-svc-onlyoffice/tasks/01_core.yml b/roles/web-svc-onlyoffice/tasks/01_core.yml index 225e566a..5561df4b 100644 --- a/roles/web-svc-onlyoffice/tasks/01_core.yml +++ b/roles/web-svc-onlyoffice/tasks/01_core.yml @@ -6,4 +6,4 @@ docker_compose_file_creation_enabled: true docker_pull_git_repository: false -- include_tasks: utils/run_once.yml \ No newline at end of file +- include_tasks: utils/once_finalize.yml \ No newline at end of file diff --git a/roles/web-svc-simpleicons/tasks/main.yml b/roles/web-svc-simpleicons/tasks/main.yml index ec4cf716..8d16cd78 100644 --- a/roles/web-svc-simpleicons/tasks/main.yml +++ b/roles/web-svc-simpleicons/tasks/main.yml @@ -17,5 +17,5 @@ - { source: "package.json.j2", target: "{{ simpleicons_host_package_file }}" } notify: - docker compose up - - include_tasks: utils/run_once.yml + - include_tasks: utils/once_finalize.yml when: run_once_web_svc_simpleicons is not defined diff --git a/tasks/utils/run_once.yml b/tasks/utils/compose_up.yml similarity index 60% rename from tasks/utils/run_once.yml rename to tasks/utils/compose_up.yml index b320b9c4..68519c55 100644 --- a/tasks/utils/run_once.yml +++ b/tasks/utils/compose_up.yml @@ -1,6 +1,3 @@ ---- -# This is necessary to flush the handlers before the when is set, because otherwise the when will be attached to the handlers - - name: "Ensure that {{ docker_compose.directories.instance }} is up" # This is a little hack to guaranty that the docker containers are allways up # It isn't the cleanest solution to have it here but it should fullfill their purpose @@ -10,8 +7,4 @@ - (application_id | get_entity_name) == (docker_compose.directories.instance | basename) - meta: flush_handlers - when: flush_handlers | default(true) | bool - -- name: Set “run-once” fact for role {{ role_name }} - set_fact: - "{{ 'run_once_' + (role_name | lower | replace('-', '_')) }}": true \ No newline at end of file + when: flush_handlers | default(true) | bool \ No newline at end of file diff --git a/tasks/utils/once_finalize.yml b/tasks/utils/once_finalize.yml new file mode 100644 index 00000000..62df28be --- /dev/null +++ b/tasks/utils/once_finalize.yml @@ -0,0 +1,6 @@ +--- +# This is necessary to flush the handlers before the when is set, because otherwise the when will be attached to the handlers + +- include_tasks: utils/compose_up.yml + +- include_tasks: utils/once_flag.yml \ No newline at end of file diff --git a/tasks/utils/once_flag.yml b/tasks/utils/once_flag.yml new file mode 100644 index 00000000..be060004 --- /dev/null +++ b/tasks/utils/once_flag.yml @@ -0,0 +1,3 @@ +- name: Set “run-once” fact for role {{ role_name }} + set_fact: + "{{ 'run_once_' + (role_name | lower | replace('-', '_')) }}": true \ No newline at end of file diff --git a/tests/integration/test_run_once_global_usage.py b/tests/integration/test_run_once_global_usage.py index 6dd553a0..e37d69ae 100644 --- a/tests/integration/test_run_once_global_usage.py +++ b/tests/integration/test_run_once_global_usage.py @@ -10,7 +10,7 @@ What it enforces: - That exact suffix must be defined EITHER A) globally via any `set_fact:` assigning `run_once_: ...`, OR B) inside that role's tasks: - - include_tasks|import_tasks: utils/run_once.yml (any style), OR + - include_tasks|import_tasks: utils/once_finalize.yml (any style), OR - set_fact: { run_once_: ... } * If does NOT match any role (an unknown suffix): - It MUST be defined globally via `set_fact` somewhere in a valid YAML file. @@ -43,6 +43,13 @@ EXCLUDE_DIRS = { # Any usage like "run_once_" RUN_ONCE_USAGE_RE = re.compile(r'\brun_once_([A-Za-z0-9_]+)\b') +# Task files that "define" a run-once flag for a role +RUN_ONCE_TASK_FILES = ( + 'utils/once_finalize.yml', + 'utils/once_flag.yml', +) + + def project_root(): return os.path.abspath(os.path.join(os.path.dirname(__file__), '..', '..')) @@ -139,7 +146,7 @@ def file_role_by_prefix(path: str, role_tasks_roots: dict[str, str]) -> str | No def role_defines_suffix_in_doc(doc, role_suffix: str) -> bool: """ Return True if this YAML doc (already parsed) defines run-once for the given role suffix via: - A) include/import utils/run_once.yml (string or mapping style), OR + A) include/import utils/once_finalize.yml or utils/once_flag.yml (string or mapping style), OR B) set_fact: { run_once_: ... } """ if doc is None: @@ -149,15 +156,15 @@ def role_defines_suffix_in_doc(doc, role_suffix: str) -> bool: while queue: node = queue.pop() if isinstance(node, dict): - # A) include/import utils/run_once.yml + # A) include/import utils/once_finalize.yml or utils/once_flag.yml for key in ('include_tasks', 'import_tasks'): if key in node: val = node[key] - if isinstance(val, str) and 'utils/run_once.yml' in val: + if isinstance(val, str) and any(p in val for p in RUN_ONCE_TASK_FILES): return True if isinstance(val, dict): for subval in val.values(): - if isinstance(subval, str) and 'utils/run_once.yml' in subval: + if isinstance(subval, str) and any(p in subval for p in RUN_ONCE_TASK_FILES): return True # B) set_fact exact var sf = node.get('set_fact') @@ -203,9 +210,16 @@ class RunOnceGlobalUsageFastTest(unittest.TestCase): if not text: continue # Quick prefilter to avoid parsing a ton of irrelevant YAML - if not any(tok in text for tok in ('run_once_', 'set_fact', 'include_tasks', 'import_tasks', 'utils/run_once.yml')): + if not any(tok in text for tok in ( + 'run_once_', + 'set_fact', + 'include_tasks', + 'import_tasks', + *RUN_ONCE_TASK_FILES, + )): continue + docs = parse_yaml_documents(text) if docs is None: # Invalid YAML -> skip entirely (by requirement) @@ -227,7 +241,7 @@ class RunOnceGlobalUsageFastTest(unittest.TestCase): role = file_role_by_prefix(yml, role_tasks_roots) if role: role_suffix = suffix_for_role[role] - # utils/run_once.yml inside role tasks defines that role's own suffix + # utils/once_finalize.yml inside role tasks defines that role's own suffix # OR a direct set_fact with exact run_once_ for doc in docs: if role_defines_suffix_in_doc(doc, role_suffix): @@ -262,7 +276,7 @@ class RunOnceGlobalUsageFastTest(unittest.TestCase): "Some run_once_ usages in valid YAML files are missing exact definitions.", "Rules:", " • Unknown suffixes must be defined globally via set_fact.", - " • Known role suffixes must be defined globally OR in that role (include/import utils/run_once.yml or set_fact).", + " • Known role suffixes must be defined globally OR in that role (include/import utils/once_finalize.yml or set_fact).", "", "Offenders:" ] diff --git a/tests/integration/test_run_once_inclusion.py b/tests/integration/test_run_once_inclusion.py index c135befc..a705f884 100644 --- a/tests/integration/test_run_once_inclusion.py +++ b/tests/integration/test_run_once_inclusion.py @@ -19,7 +19,7 @@ class RunOnceInclusionTest(unittest.TestCase): Ensure that every Ansible block in roles/*/tasks with a when condition matching either the dynamic Jinja scheme or a literal run_once_ is not defined, and containing an include_role/import_role also ends with - include_tasks: utils/run_once.yml as its last task. + include_tasks: utils/once_finalize.yml as its last task. """ WHEN_PATTERN = re.compile( r"(?:run_once_\+\s*\(role_name\s*\|\s*lower\s*\|\s*replace\('\-','\_'\)\)\s*is\s*(?:not\s+)?defined" @@ -64,16 +64,16 @@ class RunOnceInclusionTest(unittest.TestCase): isinstance(t, dict) and ('include_role' in t or 'import_role' in t) for t in block ) - # Check that last task is include_tasks: utils/run_once.yml + # Check that last task is include_tasks: utils/once_finalize.yml last_task = block[-1] if block else None has_run_once_include = ( isinstance(last_task, dict) - and last_task.get('include_tasks') == 'utils/run_once.yml' + and last_task.get('include_tasks') == 'utils/once_finalize.yml' ) if has_role_include and not has_run_once_include: violations.append( - f"{filepath}: block with when='{when}' missing final include_tasks: utils/run_once.yml" + f"{filepath}: block with when='{when}' missing final include_tasks: utils/once_finalize.yml" ) if violations: