Implemented a new docker compose structure which seperates between docker compose files and environment variable file to protect credentials better. Also did recatoring. Changes not fully tested

roles/docker-openproject/files/Gemfile.plugins

@@ -1,3 +1,4 @@
 group :opf_plugins do
-  gem "openproject-gitlab_integration", git: "https://github.com/btey/openproject-gitlab-integration", branch: "master"
+  # Deactivated plugin because it seems like it's already included in the basic image
+  #gem "openproject-gitlab_integration", git: "https://github.com/btey/openproject-gitlab-integration", branch: "master"
 end

roles/docker-openproject/handlers/main.yml

@@ -1,8 +1,16 @@
 ---
-- name: rebuild docker image
+- name: rebuild custom openproject docker image
   command:
-    cmd: docker build --no-cache -t custom_openproject .
-    chdir: "{{docker_compose.directories.instance}}"
+    cmd: docker build --no-cache -t {{custom_openproject_image}} .
+    chdir: "{{openproject_plugins_service}}"
+  environment:
+    COMPOSE_HTTP_TIMEOUT: 600
+    DOCKER_CLIENT_TIMEOUT: 600
+
+- name: rebuild openproject repository
+  command:
+    cmd: docker compose build 
+    chdir: "{{openproject_repository_service}}"
   environment:
     COMPOSE_HTTP_TIMEOUT: 600
     DOCKER_CLIENT_TIMEOUT: 600

roles/docker-openproject/tasks/main.yml

@@ -6,24 +6,43 @@
 - name: "include tasks nginx-docker-proxy-domain.yml"
   include_tasks: nginx-docker-proxy-domain.yml
 
-- name: "include tasks update-repository-with-docker-compose.yml"
-  include_tasks: update-repository-with-docker-compose.yml
+#- name: "include tasks update-repository-with-files.yml"
+#  include_tasks: update-repository-with-files.yml
+#  vars:
+#    detached_files: 
+#      - "docker-compose.yml"
 
-- name: "Transfering Gemfile.plugins to {{docker_compose.directories.instance}}"
+- name: "Create {{openproject_plugins_service}}"
+  file:
+    path: "{{openproject_plugins_service}}"
+    state: directory
+    mode: '0755'
+
+- name: "Transfering Gemfile.plugins to {{openproject_plugins_service}}"
   copy:
     src: Gemfile.plugins
-    dest: "{{docker_compose.directories.instance}}Gemfile.plugins"
+    dest: "{{openproject_plugins_service}}Gemfile.plugins"
   notify:
     - docker compose project setup
-    - rebuild docker image
+    - rebuild custom openproject docker image
 
-- name: "Transfering Dockerfile to {{docker_compose.directories.instance}}"
-  copy:
+- name: "Transfering Dockerfile to {{openproject_plugins_service}}Dockerfile"
+  template:
     src: Dockerfile
-    dest: "{{docker_compose.directories.instance}}Dockerfile"
+    dest: "{{openproject_plugins_service}}Dockerfile"
   notify:
     - docker compose project setup
-    - rebuild docker image
+    - rebuild custom openproject docker image
+
+- name: pull docker repository
+  git:
+    repo: "{{ repository_address }}"
+    dest: "{{ openproject_repository_service }}"
+    update: yes
+  notify:
+    - docker compose project setup
+    - rebuild openproject repository
+  become: true
 
 - name: "create {{dummy_volume}}"
   file:
@@ -31,8 +50,16 @@
     state: directory
     mode: 0755
 
-- name: "copy .env"
-  template: 
-    src: env.j2
-    dest: "{{ docker_compose.directories.instance }}.env"
+- name: "create {{docker_compose.files.docker_compose}}"
+  template:
+    src:	"docker-compose.yml.j2"
+    dest:	"{{docker_compose.files.docker_compose}}"
+  notify: docker compose project setup
+
+- name: "create {{docker_compose.files.env}}"
+  template: 
+    src:  "env.j2" 
+    dest: "{{docker_compose.files.env}}"
+    mode: '770'
+    force: yes
   notify: docker compose project setup

roles/docker-openproject/templates/Dockerfile

@@ -1,4 +1,4 @@
-FROM openproject/community:13
+FROM openproject/community:{{applications.openproject.version}}
 
 # If installing a local plugin (using `path:` in the `Gemfile.plugins` above),
 # you will have to copy the plugin code into the container here and use the

roles/docker-openproject/templates/docker-compose.yml.j2

@@ -1,7 +1,7 @@
 x-op-app: &app
   logging:
     driver: journald
-  image: custom_openproject
+  image: {{custom_openproject_image}}
   environment:
     OPENPROJECT_HTTPS: "${OPENPROJECT_HTTPS}"
     OPENPROJECT_HOST__NAME: "${OPENPROJECT_HOST__NAME}"
@@ -27,16 +27,12 @@ services:
   cache:
     image: memcached
     container_name: openproject-memcached
-    restart: {{docker_restart_policy}}
-    logging:
-      driver: journald
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
 
   proxy:
-    restart: {{docker_restart_policy}}
-    logging:
-      driver: journald
-    image: custom_openproject
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
+    image: {{custom_openproject_image}}
     container_name: openproject-proxy
     command: "./docker/prod/proxy"
     ports:
@@ -53,7 +49,7 @@ services:
 
   web:
     <<: *app
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     command: "./docker/prod/web"
     container_name: openproject-web
 {% include 'templates/docker/container/networks.yml.j2' %}
@@ -74,9 +70,7 @@ services:
   autoheal:
     image: willfarrell/autoheal:1.2.0
     container_name: openproject-autoheal
-    restart: {{docker_restart_policy}}
-    logging:
-      driver: journald
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
     environment:
@@ -86,7 +80,7 @@ services:
 
   worker:
     <<: *app
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     command: "./docker/prod/worker"
     container_name: openproject-worker
 {% include 'templates/docker/container/networks.yml.j2' %}
@@ -98,7 +92,7 @@ services:
 
   cron:
     <<: *app
-    restart: {{docker_restart_policy}}
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     command: "./docker/prod/cron"
     container_name: openproject-cron
 {% include 'templates/docker/container/networks.yml.j2' %}
@@ -112,6 +106,10 @@ services:
     <<: *app
     command: "./docker/prod/seeder"
     container_name: openproject-seeder
+    env_file:
+      - "{{docker_compose.files.env}}"
+    logging:
+      driver: journald
     restart: on-failure
 {% include 'templates/docker/container/networks.yml.j2' %}
 

roles/docker-openproject/vars/main.yml

@@ -1,12 +1,15 @@
 application_id:                               "openproject"
-repository_directory:                         "{{ path_docker_compose_instances }}{{application_id}}/"
-docker_compose.directories.instance:            "{{repository_directory}}compose/"
 repository_address:                           "https://github.com/opf/openproject-deploy"
 database_password:                            "{{openproject_database_password}}"
 database_type:                                "postgres"
 
+openproject_plugins_service:                  "{{docker_compose.directories.services}}plugins/"
+openproject_repository_service:               "{{docker_compose.directories.services}}repository/"
+custom_openproject_image:                     "custom_openproject"
+
+
 # The following volume doesn't have a practcical function. It just exist to prevent the creation of unnecessary anonymous volumes
-dummy_volume:                                 "{{repository_directory}}dummy_volume"
+dummy_volume:                                 "{{docker_compose.directories.volumes}}dummy_volume"
 
 # OAuth2 Proxy Configuration
 oauth2_proxy_upstream_application_and_port:   "proxy:80"