- Store pull lock under ${PATH_DOCKER_COMPOSE_PULL_LOCK_DIR}/<hash>.lock so global cleanup removes it reliably
- If any service defines `build:`, run `docker compose build --pull` before pulling
- Use `docker compose pull --ignore-buildable` when supported; otherwise tolerate pull failures for locally built images
This prevents failures when images are meant to be built locally (e.g., custom images) and ensures lock handling is consistent.
Ref: https://chatgpt.com/share/68b6b592-2250-800f-b68e-b37ae98dbe70
- Fixed incorrect filter usage in docker-compose handler (proper use of | path_join).
- Improved LetsEncrypt template by joining paths with filenames instead of appending manually.
- Enhanced sys-svc-msmtp task with an additional condition to only run if no-reply mailu_token exists.
- Updated Keycloak meta to depend on Mailu (ensuring token generation before setup).
- Refactored Keycloak import path variables to use path_join consistently.
- Adjusted Mailu meta dependency to run after Matomo instead of Keycloak.
See: https://chatgpt.com/share/68af13e6-edc0-800f-b76a-a5f427837173
- Introduced a new handler 'docker compose pull' that runs only once per
{{ docker_compose.directories.instance }} directory by using a lock
file under /run/ansible/compose-pull.
- Ensures idempotency by marking the task as changed only when a pull
was actually executed.
- Restricted execution with 'when: MODE_UPDATE | bool'.
- Improves update workflow by avoiding redundant docker pulls during
the same Ansible run.
Reference: ChatGPT discussion
https://chatgpt.com/share/68a55151-959c-800f-8b70-160ffe43e776
