2025-04-22 16:02:24 +02:00
14 changed files with 42 additions and 47 deletions
--- a/Todo.md
+++ b/Todo.md
@ -1,3 +0,0 @@
-# Todos
- Implement multi language
- Implement rbac administration interface
--- a/filter_plugins/TODO.md
+++ b/filter_plugins/TODO.md
@ -1,2 +0,0 @@
-# Todos
- Refactor all 4 functions to one
--- a/filter_plugins/configuration_filters.py
+++ b/filter_plugins/configuration_filters.py
@ -14,7 +14,7 @@ def get_oidc_enabled(applications, application_id):

 def get_features_iframe(applications, application_id):
    app = applications.get(application_id)
-    enabled = app.get('features', {}).get('iframe', False)
+    enabled = app.features.iframe
    return bool(enabled)

 def get_database_central_storage(applications, application_id):
--- a/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml
+++ b/roles/backup-docker-to-local/tasks/seed-database-to-backup.yml
@ -23,19 +23,14 @@
     database_password is defined)

 - name: "seed database values in directory {{ backup_docker_to_local_folder }}"
-  command: >
-    python database_entry_seeder.py databases.csv
-    "{{ database_instance }}"
-    "{{ database_name }}"
-    "{{ database_username }}"
-    "{{ database_password }}"
-  args:
+  command:
+    cmd: "python database_entry_seeder.py databases.csv {{database_instance}} {{database_name}} {{database_username}} {{database_password}}"
    chdir: "{{ backup_docker_to_local_folder }}"
-  when:
-    - database_instance is defined
-    - database_name is defined
-    - database_username is defined
-    - database_password is defined
+  when: >
+    database_instance is defined and
+    database_name is defined and
+    database_username is defined and
+    database_password is defined

 - name: Set file permissions for databases.csv to be readable, writable, and executable by root only
  ansible.builtin.file:
--- a/roles/docker-bigbluebutton/handlers/main.yml
+++ b/roles/docker-bigbluebutton/handlers/main.yml
@ -92,7 +92,7 @@

 - name: docker compose up bigbluebutton
  command:
-    cmd: "docker-compose -p bigbluebutton up -d --force-recreate --remove-orphans"
+    cmd: "docker-compose -p bigbluebutton up -d --force-recreate{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
    # Don't use the --build flag here. This leads to bugs
    chdir: "{{ docker_compose.directories.instance }}"
  environment:
--- a/roles/docker-bigbluebutton/vars/main.yml
+++ b/roles/docker-bigbluebutton/vars/main.yml
@ -3,9 +3,9 @@ bbb_repository_directory:     "{{ docker_compose.directories.services }}"
 docker_compose_file_origine:  "{{ docker_compose.directories.services }}docker-compose.yml"
 docker_compose_file_final:    "{{ docker_compose.directories.instance }}docker-compose.yml"
 database_instance:            "bigbluebutton"
-database_name:                "" # Database name is empty, because bb uses multiple databases
+database_name:                "greenlight-v3"
 database_username:            "postgres"
-database_password:            "{{ applications.bigbluebutton.credentials.postgresql_secret }}"
+database_password:            "{{applications.bigbluebutton.postgresql_secret}}"
 domain: 	                    "{{ domains[application_id] }}"
 http_port: 	                  "{{ ports.localhost.http[application_id] }}"
 bbb_env_file_link:            "{{ docker_compose.directories.instance }}.env"    
--- a/roles/docker-compose/handlers/main.yml
+++ b/roles/docker-compose/handlers/main.yml
@ -11,7 +11,7 @@
 # default setup for docker compose files
 - name: docker compose project setup
  command:
-    cmd: "docker-compose -p {{application_id}} up -d --force-recreate --remove-orphans"
+    cmd: "docker-compose -p {{application_id}} up -d --force-recreate{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
    chdir: "{{docker_compose.directories.instance}}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
@ -22,7 +22,7 @@
 # for performance reasons it's not recommended to use this if there is no build tag specified
 - name: docker compose project build and setup 
  command:
-    cmd: "docker-compose -p {{application_id}} up -d --force-recreate --build --remove-orphans"
+    cmd: "docker-compose -p {{application_id}} up -d --force-recreate --build{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
    chdir: "{{docker_compose.directories.instance}}"
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
--- a/roles/docker-matrix-compose/tasks/main.yml
+++ b/roles/docker-matrix-compose/tasks/main.yml
@ -109,7 +109,7 @@

 - name: docker compose project setup
  command:
-    cmd: "docker-compose -p {{application_id}} up -d --remove-orphans"
+    cmd: "docker-compose -p {{application_id}} up -d{% if mode_cleanup | bool %} --remove-orphans{% endif %}"
    chdir: "{{docker_compose.directories.instance}}"
  environment:
    COMPOSE_HTTP_TIMEOUT:   600
--- a/roles/docker-openproject/templates/docker-compose.yml.j2
+++ b/roles/docker-openproject/templates/docker-compose.yml.j2
@ -3,6 +3,9 @@ x-op-app: &app
  logging:
    driver: journald
  image: {{custom_openproject_image}}
+  volumes:
+    - "data:/var/openproject/assets"
+    - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
  build:
    context: {{openproject_plugins_service}}
    dockerfile: Dockerfile
@ -43,15 +46,25 @@ services:
        condition: service_started
      seeder:
        condition: service_started
+    labels:
+      - autoheal=true
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/health_checks/default"]
      interval: 10s
      timeout: 3s
      retries: 3
      start_period: 30s
+
+  autoheal:
+    image: willfarrell/autoheal:1.2.0
+    container_name: openproject-autoheal
+{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    volumes:
-      - "data:/var/openproject/assets"
-      - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    environment:
+      AUTOHEAL_CONTAINER_LABEL: autoheal
+      AUTOHEAL_START_PERIOD:    600
+      AUTOHEAL_INTERVAL:        30

  worker:
    <<: *app
@ -64,10 +77,6 @@ services:
        condition: service_started
      seeder:
        condition: service_started
-    volumes:
-      - "data:/var/openproject/assets"
-      - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes
-

  cron:
    <<: *app
@ -80,9 +89,6 @@ services:
        condition: service_started
      seeder:
        condition: service_started
-    volumes:
-      - "data:/var/openproject/assets"
-      - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes

  seeder:
    <<: *app
@ -94,9 +100,6 @@ services:
      driver: journald
    restart: on-failure
 {% include 'templates/docker/container/networks.yml.j2' %}
-    volumes:
-      - "data:/var/openproject/assets"
-      - "{{dummy_volume}}:/var/openproject/pgdata" # This mount is unnecessary and just done to prevent anonymous volumes

 {% include 'templates/docker/compose/networks.yml.j2' %}

--- a/roles/nginx-domain-setup/vars/main.yml
+++ b/roles/nginx-domain-setup/vars/main.yml
@ -1,2 +1,2 @@
 configuration_destination:        "{{nginx.directories.http.servers}}{{domain}}.conf"
-final_oauth2_enabled:       "{{applications[application_id].get('features', {}).get('oauth2', False)}}"
+final_oauth2_enabled:             "{{applications[application_id].get('oauth2_proxy', {}).get('enabled', False)}}"
--- a/roles/pkgmgr-install/tasks/main.yml
+++ b/roles/pkgmgr-install/tasks/main.yml
@ -6,9 +6,15 @@
        cmd: "pkgmgr update pkgmgr"
      when: run_once_pkgmgr_update is not defined

+    - name: clone {{ package_name }}
+      command:
+        cmd: "pkgmgr clone {{ package_name }} --clone-mode https"
+      notify: "{{ package_notify | default(omit) }}"
+      ignore_errors: true
+
    - name: update {{ package_name }}
      command:
-        cmd: "pkgmgr update {{ package_name }} --dependencies --clone-mode https"
+        cmd: "pkgmgr update {{ package_name }} --dependencies"
      notify: "{{ package_notify | default(omit) }}"

    - name: mark pkgmgr update as done
--- a/tasks/TODO.md
+++ b/tasks/TODO.md
@ -1,3 +0,0 @@
-# todo
- Move update-repository-with-files.yml to own role
- Move copy-docker-compose-and-env.yml to own role
--- a/tasks/update-repository-with-files.yml
+++ b/tasks/update-repository-with-files.yml
@ -1,11 +1,10 @@
 # It isn't best practice to use this task
 # Better load the repositories into /opt/docker/[servicename]/services, build them there and then use a docker-compose file for customizing
 # @todo Refactor\Remove 
-# @deprecated
 - name: "Merge detached_files with applications.oauth2_proxy.configuration_file"
  ansible.builtin.set_fact:
    merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}"
-  when: applications[application_id].get('features', {}).get('oauth2', False) | bool
+  when: applications[application_id].get('oauth2_proxy', {}).get('enabled', False) | bool

 - name: "backup detached files"
  command: >