Add retries with delay to pkgmgr update via nix run to handle transient
GitHub/API timeouts. Ensure proper changed/failed conditions and only
fail after all retry attempts unless a tolerated state is detected.
https://chatgpt.com/share/694988e3-d698-800f-a018-ea892c6553a8
- add Matomo CLI-based installation using core:install
- wait for container readiness before installation
- split database and trusted hosts configuration into dedicated tasks
- move trusted_hosts patch into separate task file
- add site_name support via role configuration
- introduce users definition for Matomo administrator
- clean up formatting and minor config inconsistencies
https://chatgpt.com/share/6949818b-ad30-800f-95ba-c9c54ccd1ce8
This change removes --network=host usage, introduces DOCKER_IN_CONTAINER
for reliable environment detection, and replaces hardcoded localhost
bindings with an explicit DOCKER_BIND_HOST abstraction to avoid nftables
issues in CI/DiD environments.
https://chatgpt.com/share/69497616-7b00-800f-8fa3-ddc6eb9c5e98
- Fix broken Docker healthcheck caused by multiline CMD-SHELL rendering
- Ensure healthcheck runs as a single shell command
- Properly quote root password in healthcheck
- Fix env_file format to KEY=VALUE for Docker Compose compatibility
This resolves MariaDB containers getting stuck in 'unhealthy' state.
https://chatgpt.com/share/694942a1-936c-800f-95aa-f22a0d4de5e5
- Replace hardcoded python-mysqlclient with distro-aware package selection
- Remove pip-based PyMySQL install to avoid PEP 668 failures on Arch
- Install MySQL client libs only when MARIADB_EXPOSE_LOCAL is enabled
- Keep CI/container path free of host-side Python DB dependencies
https://chatgpt.com/share/694935a3-3e10-800f-9043-acf34d3e2c8a
- Disable localhost port exposure in container/CI environments
- Keep host behavior unchanged
- Skip mysql localhost checks when not exposed
- Initialize database and user via docker exec in CI/act
- Prevent Docker iptables/nft failures during compose up
https://chatgpt.com/share/69493076-207c-800f-a8c6-719d3cc3fe35
Only handlers defined in handlers/main.yml/main.yaml are considered.
Task files included via include_tasks/import_tasks under handlers/ are
regular tasks and must not be treated as standalone handlers.
This prevents false positives where internal handler sub-steps were
incorrectly reported as missing notify targets.
https://chatgpt.com/share/6949290a-a694-800f-bb29-60cd96321f62
* Run LDAP assertions only when MODE_ASSERT is enabled (guarded at include level)
* Remove redundant MODE_ASSERT conditions inside assert/05_ldap.yml
* Simplify mapper-id refresh logic by relying on the surrounding block condition
https://chatgpt.com/share/694927e3-2794-800f-9bc7-749c1e32a541
- Execute service scripts in containers with async/poll support
- Treat missing systemd/systemctl as non-fatal in container context
- Preserve failure handling for genuine script execution errors
https://chatgpt.com/share/69491f89-468c-800f-998f-1eb5424a2cf9
- Enable async/poll for container-based service script execution
- Align container handler behavior with systemd handlers
- Preserve linear sync and suppression logic via existing variables
https://chatgpt.com/share/69491f89-468c-800f-998f-1eb5424a2cf9
- Add container-specific handler listening on refresh systemctl service
- Execute service script directly when IS_CONTAINER is true
- Trigger only for restarted state and non-suppressed flushes
- Keep native systemd handling unchanged for non-container environments
https://chatgpt.com/share/69491f89-468c-800f-998f-1eb5424a2cf9
- Mount /tmp/gh-action into the CI container so Docker can access run-scoped paths
- Scope OpenResty www and nginx volumes to GITHUB_RUN_ID when running in container
- Avoid leaking host /etc/nginx and /var/www into CI runs
- Remove redundant preflight
https://chatgpt.com/share/694918d0-53b4-800f-93a7-ec82946f3e24
- Explicitly trigger CI (push) on all branches
- Continue to ignore version, stable and other release tags
- Prevent missing CI runs on regular commits while avoiding tag-based duplicates
https://chatgpt.com/share/6948fa05-1970-800f-a010-59c8c3588713
- Run CI (push) only on branch pushes and ignore version/stable/latest tags
- Run versioning workflow exclusively on v* tag pushes
- Remove overlapping branch triggers to prevent double executions
https://chatgpt.com/share/6948fa05-1970-800f-a010-59c8c3588713
- Move OpenResty restart logic into included handler tasks
- Use block/rescue to dump container logs on failure
- Tolerate restarting state during pre-flight validation
- Wait up to 2 minutes for container to reach running state
- Add explicit change detection for docker restart
- Enable assert mode in container deploy CLI
https://chatgpt.com/share/6948fa05-1970-800f-a010-59c8c3588713
- Replace separate handlers with atomic block/rescue handler
- Add pre- and post-flight OpenResty config validation
- Wait for container to reach running state before post-check
- Dump container logs automatically on failure for easier CI debugging
- Skip Let’s Encrypt tasks when SSL is disabled
https://chatgpt.com/share/6948fa05-1970-800f-a010-59c8c3588713
- Resolve LDAP UserStorageProvider via client-side filtering (avoid unreliable kcadm --query)
- Enforce exactly one canonical 'ldap-roles' LDAP mapper per LDAP component
- Deterministically deduplicate existing ldap-roles mappers (lexicographic id order)
- Safely parse created mapper id and fallback to authoritative refresh
- Add read-only assert tasks to validate LDAP, mapper uniqueness, groups.path and top-level group
- Wire LDAP asserts into role execution when MODE_ASSERT is enabled
- Improve idempotency, robustness and CI failure diagnostics
https://chatgpt.com/share/69487ed5-3b58-800f-8ac6-bbb1bbe3688a
Create a dummy authorized_keys file inside the CI container inventory
after inventory generation and before ansible-playbook execution.
This prevents sys-bkp-provider-user from failing on missing file lookups
while keeping the role logic unchanged and the deploy tests deterministic.
* Refactor docker entrypoint to run local build via a single helper function
* Add INSTALL_LOCAL_BUILD_SILENCE flag to fully suppress DEV build output
* Enable INSTALL_LOCAL_BUILD for invokable resolution without noisy logs
* Keep behavior deterministic and non-redundant while preserving failure semantics
https://chatgpt.com/share/694874d7-508c-800f-aa89-d9cef71128dc
- Remove interactive pkgmgr update during install
- Run pkgmgr updates via venv binary in non-interactive mode
- Disable git prompts and SSH interactivity
- Close stdin and enforce timeout to prevent hanging updates
- Ensure deterministic behavior in Ansible, CI, and Docker contexts
https://chatgpt.com/share/69485536-28c8-800f-9a6b-fb25f433e367
* Remove legacy **main** re-export wrappers to avoid `runpy` "already in sys.modules" warnings
* Introduce `cli.deploy.container.command` as the stable implementation module
* Reduce `cli.deploy.container.__main__` to a minimal entrypoint delegating to `command.main`
* Re-export container helpers from package `__init__` without importing `__main__`
* Update unit tests to import/patch the new command module and keep CLI dispatch stable
https://chatgpt.com/share/69484a22-60dc-800f-a23d-068d7c45fe37
- Drop config.yaml creation and related variable as it is no longer used
- Avoid PATH-related issues by calling pkgmgr via its venv binary
- Make pkgmgr path resolution deterministic in web-app roles
https://chatgpt.com/share/69484645-afcc-800f-8ef0-a7cbe2d9b52e
- Run each recipe in a single Bash shell
- Enable -euo pipefail for deterministic failure handling
- Ensure make aborts immediately on errors (e.g. permission issues)
- Use /bin/bash explicitly to avoid env resolution problems
https://chatgpt.com/share/69481ec8-8a3c-800f-9de8-256e1c10896a
- Add new role sys-util-git-pull as a generic system utility
- Implement robust shallow clone/update logic in Python helper
- Support detached-safe branch updates and optional tag pinning
- Handle annotated vs lightweight tags and heal local tag conflicts
- Provide deterministic Ansible change detection via machine-readable output
- Add verbose logging to stderr for debuggability
- Integrate sys-util-git-pull into pkgmgr role to replace inline git logic
- Add comprehensive unit tests (option A: file-based import) for helper script
- Add role README and meta information with platform-agnostic support
- Ensure role conforms to existing test expectations (meta/main.yml present)
https://chatgpt.com/share/69481902-a98c-800f-9b3f-9ee13e8e50b7
