From efa68cc1e0b208eb7d1e195dde20feb0e6fc2406 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Thu, 21 Aug 2025 18:43:17 +0200
Subject: [PATCH] sys-ctl: make service file generation deterministic and
 simplify ignore logic

- Added '| sort' to all service group lists and backup routine lists to ensure
  deterministic ordering and stable checksums across Ansible runs.
- Adjusted systemctl templates to use a single service variable
  ('SYS_SERVICE_BACKUP_RMT_2_LOC') instead of rejecting dynamic list entries,
  making the ignore logic simpler and more predictable.
- Fixed minor whitespace inconsistencies in Jinja templates to avoid
  unnecessary changes.

This change was made to prevent spurious 'changed' states in Ansible caused by
non-deterministic list order and to reduce complexity in service definitions.

See discussion: https://chatgpt.com/share/68a74c20-6300-800f-a44e-da43ae2f3dea
---
 group_vars/all/07_services.yml                | 24 ++++++++++---------
 .../templates/systemctl.service.j2            |  2 +-
 roles/sys-ctl-bkp-docker-2-loc/vars/main.yml  |  8 +++----
 .../templates/systemctl.service.j2            |  2 +-
 4 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/group_vars/all/07_services.yml b/group_vars/all/07_services.yml
index 7b059a45..ccbe1ce0 100644
--- a/group_vars/all/07_services.yml
+++ b/group_vars/all/07_services.yml
@@ -18,32 +18,34 @@ SYS_SERVICE_ON_FAILURE_COMPOSE:       "{{ ('sys-ctl-alm-compose@') | get_service
 ## Groups
 SYS_SERVICE_GROUP_BACKUPS: >
   {{ (('sys-ctl-bkp-' | get_category_entries) + ('svc-bkp-' | get_category_entries))
-     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list | sort }}
 
 SYS_SERVICE_GROUP_CLEANUP: >
   {{ ('sys-ctl-cln-' | get_category_entries)
-     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list | sort }}
 
 SYS_SERVICE_GROUP_REPAIR: >
   {{ ('sys-ctl-rpr-' | get_category_entries)
-     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list | sort }}
 
 SYS_SERVICE_GROUP_OPTIMIZATION: >
   {{ ('svc-opt-' | get_category_entries)
-     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list | sort }}
 
 SYS_SERVICE_GROUP_MAINTANANCE: >
   {{ ('svc-mtn-' | get_category_entries)
-     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list | sort }}
  
 ## Collection of services to manipulate the system
 SYS_SERVICE_GROUP_MANIPULATION: >
   {{ 
-    SYS_SERVICE_GROUP_BACKUPS + 
-    SYS_SERVICE_GROUP_CLEANUP + 
-    SYS_SERVICE_GROUP_REPAIR + 
-    SYS_SERVICE_GROUP_OPTIMIZATION + 
-    SYS_SERVICE_GROUP_MAINTANANCE +
-    [ SYS_SERVICE_UPDATE_DOCKER ]
+    (
+      SYS_SERVICE_GROUP_BACKUPS + 
+      SYS_SERVICE_GROUP_CLEANUP + 
+      SYS_SERVICE_GROUP_REPAIR + 
+      SYS_SERVICE_GROUP_OPTIMIZATION + 
+      SYS_SERVICE_GROUP_MAINTANANCE +
+      [ SYS_SERVICE_UPDATE_DOCKER ] 
+    ) | sort
   }}
 
diff --git a/roles/sys-ctl-bkp-docker-2-loc/templates/systemctl.service.j2 b/roles/sys-ctl-bkp-docker-2-loc/templates/systemctl.service.j2
index d1d4ea23..64f3666a 100644
--- a/roles/sys-ctl-bkp-docker-2-loc/templates/systemctl.service.j2
+++ b/roles/sys-ctl-bkp-docker-2-loc/templates/systemctl.service.j2
@@ -4,5 +4,5 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_CLEANUP_BACKUPS_FA
 
 [Service]
 Type=oneshot
-ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_BACKUPS | reject('equalto', role_name ~ '-everything') | join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"
+ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_BACKUP_RMT_2_LOC }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"
 ExecStart=/bin/sh -c '{{ BKP_DOCKER_2_LOC_EXEC }}'
diff --git a/roles/sys-ctl-bkp-docker-2-loc/vars/main.yml b/roles/sys-ctl-bkp-docker-2-loc/vars/main.yml
index 37efcf82..c34bdf6a 100644
--- a/roles/sys-ctl-bkp-docker-2-loc/vars/main.yml
+++ b/roles/sys-ctl-bkp-docker-2-loc/vars/main.yml
@@ -12,13 +12,13 @@ BKP_DOCKER_2_LOC_DB_ENABLED: "{{ database_type | default('') | bool }}"
 
 # Gather mapped values as lists
 BKP_DOCKER_2_LOC_DB_ROUTINE: >-
-  {{ applications | find_dock_val_by_bkp_entr('database_routine', 'name') | list }}
+  {{ applications | find_dock_val_by_bkp_entr('database_routine', 'name') | list | sort }}
 
 BKP_DOCKER_2_LOC_NO_STOP_REQUIRED: >-
-  {{ applications | find_dock_val_by_bkp_entr('no_stop_required', 'image') | list }}
+  {{ applications | find_dock_val_by_bkp_entr('no_stop_required', 'image') | list | sort }}
 
 BKP_DOCKER_2_LOC_DISABLED: >-
-  {{ applications | find_dock_val_by_bkp_entr('disabled', 'image') | list }}
+  {{ applications | find_dock_val_by_bkp_entr('disabled', 'image') | list | sort }}
 
 # CLI argument strings (only set if list not empty)
 BKP_DOCKER_2_LOC_DB_ROUTINE_CLI: >-
@@ -45,4 +45,4 @@ BKP_DOCKER_2_LOC_CLI_ARGS_LIST:
 BKP_DOCKER_2_LOC_EXEC: >-
   /usr/bin/python {{ backup_docker_to_local_folder }}backup-docker-to-local.py
   --compose-dir {{ PATH_DOCKER_COMPOSE_INSTANCES }}
-  {{ BKP_DOCKER_2_LOC_CLI_ARGS_LIST | select('string') | join(' ') }}
+  {{  BKP_DOCKER_2_LOC_CLI_ARGS_LIST | select('string') | join(' ') }}
diff --git a/roles/sys-ctl-cln-disc-space/templates/systemctl.service.j2 b/roles/sys-ctl-cln-disc-space/templates/systemctl.service.j2
index 7b918a34..34f004c7 100644
--- a/roles/sys-ctl-cln-disc-space/templates/systemctl.service.j2
+++ b/roles/sys-ctl-cln-disc-space/templates/systemctl.service.j2
@@ -4,5 +4,5 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 
 [Service]
 Type=oneshot
-ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"
+ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"
 ExecStart={{ system_service_script_exec }} {{ SIZE_PERCENT_CLEANUP_DISC_SPACE }}
\ No newline at end of file