115 lines
3.4 KiB
YAML
115 lines
3.4 KiB
YAML
# vim: ft=yaml.ansible
|
|
# code: language=ansible
|
|
---
|
|
- name: Add Docker apt PGP key
|
|
ansible.builtin.apt_key:
|
|
id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
|
|
url: https://download.docker.com/linux/debian/gpg
|
|
state: present
|
|
|
|
- name: Add Docker apt repository
|
|
ansible.builtin.apt_repository:
|
|
filename: docker
|
|
repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Install Docker
|
|
ansible.builtin.apt:
|
|
name:
|
|
- containerd.io
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- docker-buildx-plugin
|
|
- docker-compose-plugin
|
|
state: present
|
|
|
|
- name: Create group for Docker socket
|
|
ansible.builtin.group:
|
|
name: docker
|
|
state: present
|
|
|
|
- name: Configure rootful Docker
|
|
when: not docker_rootless
|
|
block:
|
|
- name: Make sure Docker is running
|
|
ansible.builtin.service:
|
|
name: docker
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Configure cron job to prune unused Docker data weekly
|
|
ansible.builtin.cron:
|
|
name: Prune unused Docker data
|
|
cron_file: ansible_docker_prune
|
|
job: docker system prune -fa --volumes --filter "until=6h"
|
|
special_time: weekly
|
|
user: root
|
|
state: present
|
|
|
|
- name: Configure rootless Docker
|
|
when: docker_rootless
|
|
block:
|
|
- name: Make sure rootful Docker is stopped and disabled
|
|
ansible.builtin.systemd_service:
|
|
name: docker
|
|
enabled: false
|
|
scope: system
|
|
state: stopped
|
|
|
|
- name: Install packages needed by rootless Docker
|
|
ansible.builtin.apt:
|
|
name:
|
|
- docker-ce-rootless-extras
|
|
- uidmap
|
|
- dbus-user-session
|
|
- fuse-overlayfs
|
|
- slirp4netns
|
|
state: present
|
|
|
|
- name: Create user for rootless Docker
|
|
ansible.builtin.user:
|
|
name: "{{ docker_rootless_user }}"
|
|
uid: "{{ docker_rootless_user_uid }}"
|
|
comment: Rootless Docker User
|
|
groups:
|
|
- docker
|
|
state: present
|
|
|
|
- name: Enable lingering for Docker user
|
|
ansible.builtin.command:
|
|
cmd: loginctl enable-linger {{ docker_rootless_user }}
|
|
creates: /var/lib/systemd/linger/{{ docker_rootless_user }}
|
|
|
|
- name: Set DOCKER_HOST environment variable globally
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/profile
|
|
regexp: '^export DOCKER_HOST='
|
|
line: export DOCKER_HOST=unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock
|
|
state: present
|
|
|
|
- name: Run rootless Docker setup script
|
|
ansible.builtin.command:
|
|
cmd: dockerd-rootless-setuptool.sh install
|
|
creates: /home/{{ docker_rootless_user }}/.config/systemd/user/docker.service
|
|
become: true
|
|
become_user: "{{ docker_rootless_user }}"
|
|
|
|
- name: Make sure rootless Docker is running
|
|
ansible.builtin.systemd_service:
|
|
name: docker.service
|
|
enabled: true
|
|
scope: user
|
|
state: started
|
|
become: true
|
|
become_user: "{{ docker_rootless_user }}"
|
|
|
|
- name: Configure cron job to prune unused Docker data weekly
|
|
ansible.builtin.cron:
|
|
name: Prune unused Docker data
|
|
cron_file: ansible_docker_rootless_prune
|
|
job: docker --host unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock system prune -fa --volumes --filter "until=6h"
|
|
special_time: weekly
|
|
user: "{{ docker_rootless_user }}"
|
|
state: present
|