From b8e18cdbe9e84b763a2055ecee046b3d972a9102 Mon Sep 17 00:00:00 2001
From: Sam Al-Sapti <sam@sapti.me>
Date: Sun, 12 Nov 2023 16:41:59 +0100
Subject: [PATCH] Switch to Rocky Linux

---
 roles/docker/tasks/main.yml    | 31 ++++++++++++++++++-------------
 roles/vm-common/tasks/base.yml | 29 ++++++++++++++++++-----------
 2 files changed, 36 insertions(+), 24 deletions(-)

diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index fb23d69..2356c1a 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -2,25 +2,30 @@
 # code: language=ansible
 ---
 - name: Add Docker PGP key
-  ansible.builtin.apt_key:
-    keyserver: keyserver.ubuntu.com
-    id: '0x8D81803C0EBFCD88'
+  ansible.builtin.rpm_key:
+    key: https://download.docker.com/linux/centos/gpg
+    fingerprint: 060A 61C5 1B55 8A7F 742B  77AA C52F EB6B 621E 9F35
     state: present
 
-- name: Add Docker apt repository
-  ansible.builtin.apt_repository:
-    repo: 'deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian bullseye stable'
-    update_cache: true
+- name: Add Docker repository
+  ansible.builtin.yum_repository:
+    name: docker-ce-stable
+    description: Docker CE Stable - $basearch
+    file: docker-ce
+    baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable
+    gpgkey: https://download.docker.com/linux/centos/gpg
+    gpgcheck: true
+    enabled: true
     state: present
 
-- name: Install Docker
-  ansible.builtin.apt:
-    name: "{{ pkgs }}"
-    state: present
-  vars:
-    pkgs:
+- name: Install Docker and Docker Compose
+  ansible.builtin.dnf:
+    name:
       - docker-ce
+      - docker-ce-cli
       - docker-compose-plugin
+      - containerd.io
+    state: present
 
 - name: Copy Docker daemon config file
   ansible.builtin.template:
diff --git a/roles/vm-common/tasks/base.yml b/roles/vm-common/tasks/base.yml
index 9e9e0dd..970b556 100644
--- a/roles/vm-common/tasks/base.yml
+++ b/roles/vm-common/tasks/base.yml
@@ -35,18 +35,25 @@
         state: present
       notify: Restart systemd-resolved
 
-- name: Ensure UFW is absent
-  ansible.builtin.apt:
-    name: ufw
-    state: absent
+- name: Enable Security SIG repositories
+  ansible.builtin.dnf:
+    name: rocky-release-security
+    state: present
 
 - name: Install system packages
-  ansible.builtin.apt:
-    name: "{{ pkgs }}"
-    update_cache: true
-    state: present
-  vars:
-    pkgs:
-      - apparmor
+  ansible.builtin.dnf:
+    name:
       - haveged
       - firewalld
+      - lkrg
+    state: present
+
+- name: Ensure services are enabled and running
+  ansible.builtin.service:
+    name: "{{ item }}"
+    enabled: true
+    state: started
+  loop:
+    - haveged
+    - firewalld
+    - lkrg