fix(nextcloud): make occ-driven config tasks idempotent

Every `occ config:app:set` / `ldap:set-config` / `notify_push:setup` call previously fired on every play, marking changed even when the stored value already matched. Now we read the current value first and only invoke the setter when it differs: * richdocuments (collabora): pre-read wopi_url, public_wopi_url, disable_certificate_verification, wopi_allowlist into a fact map; guard each `config:app:set` and tag `richdocuments:activate-config` with `changed_when: false` since it's a discovery refresh. * drawio: same pattern for DrawioUrl, DrawioTheme, DrawioOffline, comparing as strings (occ stores booleans as "1"/"0"). * user_ldap: pre-read `ldap:show-config s01 --output=json`, parse JSON defensively (occ logs interleave on stderr), and skip per-key `ldap:set-config` calls when the stored value already equals the desired one. * notify_push: skip `notify_push:setup` when the stored base_endpoint already matches the computed URL. * plugins: `app:install`/`app:enable` were treating "already installed/ enabled" output as a change. Add the negative match to `changed_when` so re-runs of a fully-provisioned site report ok rather than changed.
2026-05-26 14:04:17 +02:00 · 2026-05-26 14:04:17 +02:00 · f0cd8ba432
commit f0cd8ba432
parent 3855b3e0e7
5 changed files with 89 additions and 7 deletions
--- a/roles/nextcloud/tasks/collabora.yml
+++ b/roles/nextcloud/tasks/collabora.yml
@ -1,28 +1,55 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # tasks file for configuring Collabora in Nextcloud
+- name: Read current richdocuments config values
+  community.docker.docker_container_exec:
+    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
+    command: php /var/www/html/occ config:app:get richdocuments {{ item }}
+  loop:
+    - wopi_url
+    - public_wopi_url
+    - disable_certificate_verification
+    - wopi_allowlist
+  register: _richdocuments_current
+  changed_when: false
+  failed_when: false
+
+- name: Build map of current richdocuments config
+  ansible.builtin.set_fact:
+    _richdocuments_cfg: "{{ _richdocuments_cfg | default({}) | combine({item.item: (item.stdout | default('')).strip()}) }}"
+  loop: "{{ _richdocuments_current.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+
 - name: Configure Collabora WOPI URL (server-to-server)
  community.docker.docker_container_exec:
    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
    command: php /var/www/html/occ config:app:set richdocuments wopi_url --value=https://{{ nextcloud_collabora_domain }}
+  when: _richdocuments_cfg.wopi_url != ('https://' ~ nextcloud_collabora_domain)

 - name: Configure Collabora public WOPI URL (browser-facing)
  community.docker.docker_container_exec:
    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
    command: php /var/www/html/occ config:app:set richdocuments public_wopi_url --value=https://{{ nextcloud_collabora_public_domain }}
-  when: nextcloud_collabora_public_domain is defined and nextcloud_collabora_public_domain != nextcloud_collabora_domain
+  when:
+    - nextcloud_collabora_public_domain is defined
+    - nextcloud_collabora_public_domain != nextcloud_collabora_domain
+    - _richdocuments_cfg.public_wopi_url != ('https://' ~ nextcloud_collabora_public_domain)

 - name: Configure certificate verification for Collabora
  community.docker.docker_container_exec:
    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
    command: php /var/www/html/occ config:app:set richdocuments disable_certificate_verification --value={{ nextcloud_collabora_disable_cert_verification | ternary('yes', 'no') }}
+  when: _richdocuments_cfg.disable_certificate_verification != (nextcloud_collabora_disable_cert_verification | ternary('yes', 'no'))

 - name: Set Collabora WOPI allowlist
  community.docker.docker_container_exec:
    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
    command: php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value=''
+  when: _richdocuments_cfg.wopi_allowlist | default('') != ''

 - name: Activate richdocuments configuration (fetch discovery from Collabora)
  community.docker.docker_container_exec:
    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
-    command: php /var/www/html/occ richdocuments:activate-config
+    command: php /var/www/html/occ richdocuments:activate-config
+  changed_when: false