ansible/roles/docker/tasks/main.yml

# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Add Docker apt PGP key
  ansible.builtin.apt_key:
    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
    url: https://download.docker.com/linux/debian/gpg
    state: present

- name: Add Docker apt repository
  ansible.builtin.apt_repository:
    filename: docker
    repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
    state: present
    update_cache: true

- name: Install Docker
  ansible.builtin.apt:
    name:
      - containerd.io
      - docker-ce
      - docker-ce-cli
      - docker-buildx-plugin
      - docker-compose-plugin
    state: present

- name: Create group for Docker socket
  ansible.builtin.group:
    name: docker
    state: present

- name: Configure rootful Docker
  when: not docker_rootless
  block:
    - name: Make sure Docker is running
      ansible.builtin.service:
        name: docker
        enabled: true
        state: started

    - name: Configure cron job to prune unused Docker data weekly
      ansible.builtin.cron:
        name: Prune unused Docker data
        cron_file: ansible_docker_prune
        job: docker system prune -fa --volumes --filter "until=6h"
        special_time: weekly
        user: root
        state: present

- name: Configure rootless Docker
  when: docker_rootless
  block:
    - name: Make sure rootful Docker is stopped and disabled
      ansible.builtin.systemd_service:
        name: docker
        enabled: false
        scope: system
        state: stopped

    - name: Install packages needed by rootless Docker
      ansible.builtin.apt:
        name:
          - docker-ce-rootless-extras
          - uidmap
          - dbus-user-session
          - fuse-overlayfs
          - slirp4netns
        state: present

    - name: Create user for rootless Docker
      ansible.builtin.user:
        name: "{{ docker_rootless_user }}"
        uid: "{{ docker_rootless_user_uid }}"
        comment: Rootless Docker User
        groups:
          - docker
        state: present

    - name: Enable lingering for Docker user
      ansible.builtin.command:
        cmd: loginctl enable-linger {{ docker_rootless_user }}
        creates: /var/lib/systemd/linger/{{ docker_rootless_user }}

    - name: Set DOCKER_HOST environment variable globally
      ansible.builtin.lineinfile:
        path: /etc/profile
        regexp: '^export DOCKER_HOST='
        line: export DOCKER_HOST=unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock
        state: present

    - name: Run rootless Docker setup script
      ansible.builtin.command:
        cmd: dockerd-rootless-setuptool.sh install
        creates: /home/{{ docker_rootless_user }}/.config/systemd/user/docker.service
      become: true
      become_user: "{{ docker_rootless_user }}"

    - name: Make sure rootless Docker is running
      ansible.builtin.systemd_service:
        name: docker.service
        enabled: true
        scope: user
        state: started
      become: true
      become_user: "{{ docker_rootless_user }}"

    - name: Configure cron job to prune unused Docker data weekly
      ansible.builtin.cron:
        name: Prune unused Docker data
        cron_file: ansible_docker_rootless_prune
        job: docker --host unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock system prune -fa --volumes --filter "until=6h"
        special_time: weekly
        user: "{{ docker_rootless_user }}"
        state: present
QoL changes for *Vim users (#144) Co-authored-by: Sam Al-Sapti <sam@sapti.me> Reviewed-on: https://git.data.coop/data.coop/ansible/pulls/144 2022-12-29 21:13:31 +00:00			`# vim: ft=yaml.ansible`
Add hosts and move vars into var files 2024-03-01 20:30:18 +00:00			`# code: language=ansible`
Add docker role + check for python 2018-05-10 09:19:54 +00:00			`---`
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00			`- name: Add Docker apt PGP key`
			`ansible.builtin.apt_key:`
			`id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88`
			`url: https://download.docker.com/linux/debian/gpg`
Add docker role + check for python 2018-05-10 09:19:54 +00:00			`state: present`

Last fixes + install Compose v2 plugin 2023-10-04 20:05:59 +00:00			`- name: Add Docker apt repository`
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00			`ansible.builtin.apt_repository:`
			`filename: docker`
			`repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"`
Add docker role + check for python 2018-05-10 09:19:54 +00:00			`state: present`
Stuff 2024-03-30 18:16:29 +00:00			`update_cache: true`
Add docker role + check for python 2018-05-10 09:19:54 +00:00
Last fixes + install Compose v2 plugin 2023-10-04 20:05:59 +00:00			`- name: Install Docker`
Add steps for rootless Docker 2024-03-30 23:08:06 +00:00			`ansible.builtin.apt:`
Stuff 2024-03-30 18:16:29 +00:00			`name:`
Stuff 2024-03-30 23:09:35 +00:00			`- containerd.io`
Last fixes + install Compose v2 plugin 2023-10-04 20:05:59 +00:00			`- docker-ce`
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00			`- docker-ce-cli`
			`- docker-buildx-plugin`
Last fixes + install Compose v2 plugin 2023-10-04 20:05:59 +00:00			`- docker-compose-plugin`
Stuff 2024-03-30 18:16:29 +00:00			`state: present`
Last fixes + install Compose v2 plugin 2023-10-04 20:05:59 +00:00
Refactor vm-common (old ubuntu_base) role 2024-03-31 17:31:27 +00:00			`- name: Create group for Docker socket`
			`ansible.builtin.group:`
			`name: docker`
			`state: present`

Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00			`- name: Configure rootful Docker`
			`when: not docker_rootless`
			`block:`
			`- name: Make sure Docker is running`
			`ansible.builtin.service:`
			`name: docker`
			`enabled: true`
Refactor vm-common (old ubuntu_base) role 2024-03-31 17:31:27 +00:00			`state: started`
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00
			`- name: Configure cron job to prune unused Docker data weekly`
			`ansible.builtin.cron:`
			`name: Prune unused Docker data`
			`cron_file: ansible_docker_prune`
			`job: docker system prune -fa --volumes --filter "until=6h"`
			`special_time: weekly`
			`user: root`
			`state: present`

			`- name: Configure rootless Docker`
			`when: docker_rootless`
			`block:`
			`- name: Make sure rootful Docker is stopped and disabled`
			`ansible.builtin.systemd_service:`
			`name: docker`
			`enabled: false`
Refactor vm-common (old ubuntu_base) role 2024-03-31 17:31:27 +00:00			`scope: system`
			`state: stopped`
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00
			`- name: Install packages needed by rootless Docker`
			`ansible.builtin.apt:`
			`name:`
			`- docker-ce-rootless-extras`
			`- uidmap`
			`- dbus-user-session`
			`- fuse-overlayfs`
			`- slirp4netns`
More stuff 2024-03-31 01:58:25 +00:00			`state: present`
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00
Add steps for rootless Docker 2024-03-30 23:08:06 +00:00			`- name: Create user for rootless Docker`
			`ansible.builtin.user:`
			`name: "{{ docker_rootless_user }}"`
			`uid: "{{ docker_rootless_user_uid }}"`
			`comment: Rootless Docker User`
			`groups:`
			`- docker`
			`state: present`

Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00			`- name: Enable lingering for Docker user`
			`ansible.builtin.command:`
			`cmd: loginctl enable-linger {{ docker_rootless_user }}`
			`creates: /var/lib/systemd/linger/{{ docker_rootless_user }}`

Add steps for rootless Docker 2024-03-30 23:08:06 +00:00			`- name: Set DOCKER_HOST environment variable globally`
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00			`ansible.builtin.lineinfile:`
Add steps for rootless Docker 2024-03-30 23:08:06 +00:00			`path: /etc/profile`
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00			`regexp: '^export DOCKER_HOST='`
			`line: export DOCKER_HOST=unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock`
			`state: present`
Add steps for rootless Docker 2024-03-30 23:08:06 +00:00
			`- name: Run rootless Docker setup script`
			`ansible.builtin.command:`
			`cmd: dockerd-rootless-setuptool.sh install`
			`creates: /home/{{ docker_rootless_user }}/.config/systemd/user/docker.service`
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00			`become: true`
			`become_user: "{{ docker_rootless_user }}"`

			`- name: Make sure rootless Docker is running`
			`ansible.builtin.systemd_service:`
			`name: docker.service`
			`enabled: true`
Refactor vm-common (old ubuntu_base) role 2024-03-31 17:31:27 +00:00			`scope: user`
			`state: started`
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00			`become: true`
			`become_user: "{{ docker_rootless_user }}"`
Add cron job to prune unused Docker data (close #168) 2023-07-07 16:15:01 +00:00
Split Docker role into services and Docker + configure rootless Docker 2024-03-30 19:09:03 +00:00			`- name: Configure cron job to prune unused Docker data weekly`
			`ansible.builtin.cron:`
			`name: Prune unused Docker data`
			`cron_file: ansible_docker_rootless_prune`
			`job: docker --host unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock system prune -fa --volumes --filter "until=6h"`
			`special_time: weekly`
			`user: "{{ docker_rootless_user }}"`
			`state: present`