build

roles/docker/tasks/RedHat.yml

@@ -0,0 +1,130 @@
+- name: Setup docker
+  become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
+  block:
+    - name: Facts
+      ansible.builtin.setup:
+
+    - name: Remove old Docker packages
+      ansible.builtin.dnf:
+        name:
+          - docker
+          - docker-client
+          - docker-client-latest
+          - docker-common
+          - docker-latest
+          - docker-latest-logrotate
+          - docker-logrotate
+          - docker-engine
+        state: absent
+
+    - name: Install required packages
+      ansible.builtin.dnf:
+        name:
+          - dnf-plugins-core
+          - ca-certificates
+          - curl
+          - gnupg2
+        state: present
+
+    - name: Add Docker repository
+      ansible.builtin.get_url:
+        url: https://download.docker.com/linux/centos/docker-ce.repo
+        dest: /etc/yum.repos.d/docker-ce.repo
+        mode: '0644'
+
+    - name: Install Docker Engine
+      ansible.builtin.dnf:
+        name:
+          - docker-ce
+          - docker-ce-cli
+          - containerd.io
+          - docker-buildx-plugin
+          - docker-compose-plugin
+        state: latest
+
+    - name: Add users to docker group
+      ansible.builtin.user:
+        name: "{{ item }}"
+        groups: docker
+        append: true
+      loop: "{{ docker_users }}"
+      when: docker_users | length > 0
+
+    - name: Create a directory docker.service.d
+      ansible.builtin.file:
+        path: /etc/systemd/system/docker.service.d/
+        state: directory
+        mode: '0755'
+
+    - name: Create a directory for certs
+      ansible.builtin.file:
+        path: /etc/docker/certs
+        state: directory
+        mode: '0700'
+        owner: root
+        group: root
+
+    - name: Creating a file with content
+      ansible.builtin.copy:
+        dest: "/etc/systemd/system/docker.service.d/override.conf"
+        content: |
+          [Service]
+          ExecStart=
+          ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
+        mode: '0600'
+        owner: root
+        group: root
+      notify: restart_docker
+      when: mode == "cert"
+
+    - name: Just force systemd to reread configs
+      ansible.builtin.systemd:
+        daemon_reload: true
+
+    - name: Check if file exists
+      ansible.builtin.stat:
+        path: /etc/docker/certs/ca.pem
+      register: file_check
+
+    - name: Print file check result
+      ansible.builtin.debug:
+        var: file_check
+
+    - name: Include role only if missing
+      ansible.builtin.include_role:
+        name: cert_gen
+      when: not file_check.stat.exists and mode == "cert"
+
+
+    - name: Create docker config file
+      ansible.builtin.copy:
+        dest: /etc/docker/daemon.json
+        content: |
+          {
+            "log-driver": "json-file",
+            "log-opts": {
+              "max-size": "10m",
+              "max-file": "3"
+            },
+            "data-root": "/var/lib/docker",
+            "dns": ["192.168.77.101", "192.168.77.106", "8.8.8.8"],
+            "dns-search": ["lan", "home.lan"]
+
+          }
+        mode: '0644'
+        owner: root
+        group: root
+
+
+    - name: Restart docker service
+      ansible.builtin.service:
+        name: docker
+        state: restarted
+
+    # - name: Get keys for raspotify
+    #   ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions
+    - name: Install a plugin
+      community.docker.docker_plugin:
+        plugin_name: grafana/loki-docker-driver
+        alias: loki
+        state: enable