From 60513601d465f63b7aac68b8709efe4d909c5f39 Mon Sep 17 00:00:00 2001
From: Pieter <pieter@kolabnow.com>
Date: Fri, 23 Jan 2026 21:41:14 +0100
Subject: [PATCH] fix: Improve container wait loop to actually wait 5 minutes

---
 .../260123-configure-diun-webhook.yml         | 96 +++++++++++++++++++
 .../260123-upgrade-nextcloud-stage-v2.yml     |  9 +-
 .../playbooks/260123-upgrade-nextcloud-v2.yml |  7 +-
 3 files changed, 108 insertions(+), 4 deletions(-)
 create mode 100644 ansible/playbooks/260123-configure-diun-webhook.yml

diff --git a/ansible/playbooks/260123-configure-diun-webhook.yml b/ansible/playbooks/260123-configure-diun-webhook.yml
new file mode 100644
index 0000000..d2f1ab3
--- /dev/null
+++ b/ansible/playbooks/260123-configure-diun-webhook.yml
@@ -0,0 +1,96 @@
+---
+# Configure Diun to use webhook notifications instead of email
+# This playbook updates all servers to send container update notifications
+# to a Matrix room via webhook instead of individual emails per server
+#
+# Usage:
+#   ansible-playbook -i hcloud.yml playbooks/260123-configure-diun-webhook.yml
+#
+# Or for specific servers:
+#   ansible-playbook -i hcloud.yml playbooks/260123-configure-diun-webhook.yml --limit das,uil,vos
+
+- name: Configure Diun webhook notifications on all servers
+  hosts: all
+  become: yes
+
+  vars:
+    # Webhook configuration - sends to Matrix via custom webhook
+    diun_notif_enabled: true
+    diun_notif_type: webhook
+    diun_webhook_endpoint: "https://diun-webhook.postxsociety.cloud"
+    diun_webhook_method: POST
+    diun_webhook_headers:
+      Content-Type: application/json
+
+    # Disable email notifications
+    diun_email_enabled: false
+
+    # Schedule: Weekly on Monday at 6am UTC
+    diun_schedule: "0 6 * * 1"
+
+  pre_tasks:
+    - name: Gather facts
+      setup:
+
+    - name: Determine client name from hostname
+      set_fact:
+        client_name: "{{ inventory_hostname }}"
+
+    - name: Load client secrets
+      community.sops.load_vars:
+        file: "{{ playbook_dir }}/../../secrets/clients/{{ client_name }}.sops.yaml"
+        name: client_secrets
+        age_keyfile: "{{ lookup('env', 'SOPS_AGE_KEY_FILE') }}"
+      no_log: true
+
+    - name: Load shared secrets
+      community.sops.load_vars:
+        file: "{{ playbook_dir }}/../../secrets/shared.sops.yaml"
+        name: shared_secrets
+        age_keyfile: "{{ lookup('env', 'SOPS_AGE_KEY_FILE') }}"
+      no_log: true
+
+    - name: Merge shared secrets into client_secrets
+      set_fact:
+        client_secrets: "{{ client_secrets | combine(shared_secrets) }}"
+      no_log: true
+
+  tasks:
+    - name: Display configuration summary
+      debug:
+        msg: |
+          Configuring Diun on {{ inventory_hostname }}:
+          - Webhook endpoint: {{ diun_webhook_endpoint }}
+          - Email notifications: {{ 'enabled' if diun_email_enabled else 'disabled' }}
+          - Schedule: {{ diun_schedule }} (Weekly Monday 6am UTC)
+
+    - name: Deploy Diun configuration with webhook
+      template:
+        src: "{{ playbook_dir }}/../roles/diun/templates/diun.yml.j2"
+        dest: /opt/docker/diun/diun.yml
+        mode: '0644'
+      notify: Restart Diun
+
+    - name: Restart Diun to apply new configuration
+      community.docker.docker_compose_v2:
+        project_src: /opt/docker/diun
+        state: restarted
+
+    - name: Wait for Diun to start
+      pause:
+        seconds: 5
+
+    - name: Check Diun status
+      shell: docker ps --filter name=diun --format "{{ '{{' }}.Status{{ '}}' }}"
+      register: diun_status
+      changed_when: false
+
+    - name: Display Diun status
+      debug:
+        msg: "Diun status on {{ inventory_hostname }}: {{ diun_status.stdout }}"
+
+  handlers:
+    - name: Restart Diun
+      community.docker.docker_compose_v2:
+        project_src: /opt/docker/diun
+        state: restarted
diff --git a/ansible/playbooks/260123-upgrade-nextcloud-stage-v2.yml b/ansible/playbooks/260123-upgrade-nextcloud-stage-v2.yml
index 5967654..f749308 100644
--- a/ansible/playbooks/260123-upgrade-nextcloud-stage-v2.yml
+++ b/ansible/playbooks/260123-upgrade-nextcloud-stage-v2.yml
@@ -72,14 +72,17 @@
 
 - name: "Stage {{ stage.stage }}: Wait for Nextcloud container to be ready"
   shell: |
-    for i in {1..60}; do
+    count=0
+    max_attempts=60
+    while [ $count -lt $max_attempts ]; do
       if docker exec nextcloud curl -f http://localhost:80/status.php 2>/dev/null; then
-        echo "Container ready"
+        echo "Container ready after $count attempts"
         exit 0
       fi
       sleep 5
+      count=$((count + 1))
     done
-    echo "Timeout waiting for container"
+    echo "Timeout waiting for container after $max_attempts attempts"
     exit 1
   register: container_ready
   changed_when: false
diff --git a/ansible/playbooks/260123-upgrade-nextcloud-v2.yml b/ansible/playbooks/260123-upgrade-nextcloud-v2.yml
index 211ea61..5fd5579 100644
--- a/ansible/playbooks/260123-upgrade-nextcloud-v2.yml
+++ b/ansible/playbooks/260123-upgrade-nextcloud-v2.yml
@@ -220,12 +220,17 @@
 
         - name: Wait for Nextcloud to be ready
           shell: |
-            for i in {1..24}; do
+            count=0
+            max_attempts=24
+            while [ $count -lt $max_attempts ]; do
               if docker exec nextcloud curl -f http://localhost:80/status.php 2>/dev/null; then
+                echo "Ready after $count attempts"
                 exit 0
               fi
               sleep 5
+              count=$((count + 1))
             done
+            echo "Timeout after $max_attempts attempts"
             exit 1
           register: nextcloud_ready
           changed_when: false