Todo.md

@@ -1,3 +0,0 @@
-# Todos
-- Implement multi language
-- Implement rbac administration interface

filter_plugins/TODO.md

@@ -1,2 +0,0 @@
-# Todos
-- Refactor all 4 functions to one

filter_plugins/configuration_filters.py

@@ -14,7 +14,7 @@ def get_oidc_enabled(applications, application_id):
 
 def get_features_iframe(applications, application_id):
     app = applications.get(application_id)
-    enabled = app.get('features', {}).get('iframe', False)
+    enabled = app.features.iframe
     return bool(enabled)
 
 def get_database_central_storage(applications, application_id):

roles/backup-docker-to-local/tasks/seed-database-to-backup.yml

@@ -23,19 +23,14 @@
      database_password is defined)
 
 - name: "seed database values in directory {{ backup_docker_to_local_folder }}"
-  command: >
+  command:
-    python database_entry_seeder.py databases.csv
+    cmd: "python database_entry_seeder.py databases.csv {{database_instance}} {{database_name}} {{database_username}} {{database_password}}"
-    "{{ database_instance }}"
-    "{{ database_name }}"
-    "{{ database_username }}"
-    "{{ database_password }}"
-  args:
     chdir: "{{ backup_docker_to_local_folder }}"
-  when:
+  when: >
-    - database_instance is defined
+    database_instance is defined and
-    - database_name is defined
+    database_name is defined and
-    - database_username is defined
+    database_username is defined and
-    - database_password is defined
+    database_password is defined
 
 - name: Set file permissions for databases.csv to be readable, writable, and executable by root only
   ansible.builtin.file:

roles/docker-bigbluebutton/handlers/main.yml

@@ -92,7 +92,7 @@
 
 - name: docker compose up bigbluebutton
   command:
-    cmd: "docker-compose -p bigbluebutton up -d --force-recreate --remove-orphans"
+    cmd: "docker-compose -p bigbluebutton up -d --force-recreate{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
     # Don't use the --build flag here. This leads to bugs
     chdir: "{{ docker_compose.directories.instance }}"
   environment:

roles/docker-bigbluebutton/vars/main.yml

@@ -3,9 +3,9 @@ bbb_repository_directory:     "{{ docker_compose.directories.services }}"
 docker_compose_file_origine:  "{{ docker_compose.directories.services }}docker-compose.yml"
 docker_compose_file_final:    "{{ docker_compose.directories.instance }}docker-compose.yml"
 database_instance:            "bigbluebutton"
-database_name:                "" # Database name is empty, because bb uses multiple databases
+database_name:                "greenlight-v3"
 database_username:            "postgres"
-database_password:            "{{ applications.bigbluebutton.credentials.postgresql_secret }}"
+database_password:            "{{applications.bigbluebutton.postgresql_secret}}"
 domain: 	                    "{{ domains[application_id] }}"
 http_port: 	                  "{{ ports.localhost.http[application_id] }}"
 bbb_env_file_link:            "{{ docker_compose.directories.instance }}.env"    

roles/docker-compose/handlers/main.yml

@@ -11,7 +11,7 @@
 # default setup for docker compose files
 - name: docker compose project setup
   command:
-    cmd: "docker-compose -p {{application_id}} up -d --force-recreate --remove-orphans"
+    cmd: "docker-compose -p {{application_id}} up -d --force-recreate{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
     chdir: "{{docker_compose.directories.instance}}"
   environment:
     COMPOSE_HTTP_TIMEOUT: 600
@@ -22,7 +22,7 @@
 # for performance reasons it's not recommended to use this if there is no build tag specified
 - name: docker compose project build and setup 
   command:
-    cmd: "docker-compose -p {{application_id}} up -d --force-recreate --build --remove-orphans"
+    cmd: "docker-compose -p {{application_id}} up -d --force-recreate --build{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
     chdir: "{{docker_compose.directories.instance}}"
   environment:
     COMPOSE_HTTP_TIMEOUT: 600

roles/docker-matrix-compose/tasks/main.yml

@@ -109,7 +109,7 @@
 
 - name: docker compose project setup
   command:
-    cmd: "docker-compose -p {{application_id}} up -d --remove-orphans"
+    cmd: "docker-compose -p {{application_id}} up -d{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
     chdir: "{{docker_compose.directories.instance}}"
   environment:
     COMPOSE_HTTP_TIMEOUT:   600

roles/docker-openproject/templates/docker-compose.yml.j2

@@ -3,6 +3,9 @@ x-op-app: &app
   logging:
     driver: journald
   image: {{custom_openproject_image}}
+  volumes:
+    - "data:/var/openproject/assets"
+    - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
   build:
     context: {{openproject_plugins_service}}
     dockerfile: Dockerfile
@@ -43,16 +46,26 @@ services:
         condition: service_started
       seeder:
         condition: service_started
+    labels:
+      - autoheal=true
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8080/health_checks/default"]
       interval: 10s
       timeout: 3s
       retries: 3
       start_period: 30s
+
+  autoheal:
+    image: willfarrell/autoheal:1.2.0
+    container_name: openproject-autoheal
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
     volumes:
-      - "data:/var/openproject/assets"
+      - "/var/run/docker.sock:/var/run/docker.sock"
-      - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
+    environment:
-      
+      AUTOHEAL_CONTAINER_LABEL: autoheal
+      AUTOHEAL_START_PERIOD:    600
+      AUTOHEAL_INTERVAL:        30
+
   worker:
     <<: *app
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
@@ -64,10 +77,6 @@ services:
         condition: service_started
       seeder:
         condition: service_started
-    volumes:
-      - "data:/var/openproject/assets"
-      - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
-
 
   cron:
     <<: *app
@@ -80,9 +89,6 @@ services:
         condition: service_started
       seeder:
         condition: service_started
-    volumes:
-      - "data:/var/openproject/assets"
-      - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
 
   seeder:
     <<: *app
@@ -94,9 +100,6 @@ services:
       driver: journald
     restart: on-failure
 {% include 'templates/docker/container/networks.yml.j2' %}
-    volumes:
-      - "data:/var/openproject/assets"
-      - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
 
 {% include 'templates/docker/compose/networks.yml.j2' %}
 

roles/nginx-domain-setup/vars/main.yml

@@ -1,2 +1,2 @@
-configuration_destination:  "{{nginx.directories.http.servers}}{{domain}}.conf"
+configuration_destination:        "{{nginx.directories.http.servers}}{{domain}}.conf"
-final_oauth2_enabled:       "{{applications[application_id].get('features', {}).get('oauth2', False)}}"
+final_oauth2_enabled:             "{{applications[application_id].get('oauth2_proxy', {}).get('enabled', False)}}"

roles/nginx-modifier-all/templates/global.includes.conf.j2

@@ -2,8 +2,8 @@
 sub_filter_once off;
 sub_filter_types text/html;
 
-{% set features_css_final     = applications.get(application_id).get('features').get('css') | bool %}
+{% set features_css_final                = applications.get(application_id).get('features').get('css') | bool %}
-{% set features_matomo_final  = applications.get(application_id).get('features').get('matomo') | bool %}
+{% set features_matomo_final    = applications.get(application_id).get('features').get('matomo') | bool %}
 
 
 {% if features_matomo_final | bool %}

roles/pkgmgr-install/tasks/main.yml

@@ -6,9 +6,15 @@
         cmd: "pkgmgr update pkgmgr"
       when: run_once_pkgmgr_update is not defined
 
+    - name: clone {{ package_name }}
+      command:
+        cmd: "pkgmgr clone {{ package_name }} --clone-mode https"
+      notify: "{{ package_notify | default(omit) }}"
+      ignore_errors: true
+
     - name: update {{ package_name }}
       command:
-        cmd: "pkgmgr update {{ package_name }} --dependencies --clone-mode https"
+        cmd: "pkgmgr update {{ package_name }} --dependencies"
       notify: "{{ package_notify | default(omit) }}"
 
     - name: mark pkgmgr update as done

tasks/TODO.md

@@ -1,3 +0,0 @@
-# todo
-- Move update-repository-with-files.yml to own role
-- Move copy-docker-compose-and-env.yml to own role

tasks/update-repository-with-files.yml

@@ -1,11 +1,10 @@
 # It isn't best practice to use this task
 # Better load the repositories into /opt/docker/[servicename]/services, build them there and then use a docker-compose file for customizing
 # @todo Refactor\Remove 
-# @deprecated
 - name: "Merge detached_files with applications.oauth2_proxy.configuration_file"
   ansible.builtin.set_fact:
     merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}"
-  when: applications[application_id].get('features', {}).get('oauth2', False) | bool
+  when: applications[application_id].get('oauth2_proxy', {}).get('enabled', False) | bool
 
 - name: "backup detached files"
   command: >