- name: Setup docker become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}" block: - name: Facts ansible.builtin.setup: - name: Print arch ansible.builtin.debug: msg: "{{ ansible_architecture }}" - name: Install docker dependencies ansible.builtin.apt: name: - ca-certificates - curl - telnet - net-tools - python3-pip - python3-dev state: present update_cache: true - name: Get keys for raspotify ansible.builtin.command: install -m 0755 -d /etc/apt/keyrings # - name: Add an Apt signing key to a specific keyring file # ansible.builtin.apt_key: # url: https://download.docker.com/linux/debian/gpg # keyring: /etc/apt/keyrings/docker.asc # when: # - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" # - name: Get keys for raspotify # ansible.builtin.shell: # curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc # when: # - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" - name: Get keys for raspotify ansible.builtin.shell: curl -fsSL https://download.docker.com/linux/raspbian/gpg -o /etc/apt/keyrings/docker.asc when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" - name: Ensure docker keyring directory exists file: path: /etc/apt/keyrings state: directory mode: "0755" - name: Download Docker GPG key get_url: url: https://download.docker.com/linux/debian/gpg dest: /etc/apt/keyrings/docker.asc mode: "0644" when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Install docker.sources file template: src: docker.sources.j2 dest: /etc/apt/sources.list.d/docker.sources owner: root group: root mode: "0644" when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Create docker.sources file copy: dest: /etc/apt/sources.list.d/docker.sources mode: "0644" content: | Types: deb URIs: https://download.docker.com/linux/debian Suites: {{ ansible_facts['lsb']['codename'] }} Components: stable Signed-By: /etc/apt/keyrings/docker.asc when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Update apt cache apt: update_cache: yes when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Download Docker GPG key get_url: url: https://download.docker.com/linux/debian/gpg dest: /etc/apt/keyrings/docker.asc mode: "0644" when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Add an Apt signing key to a specific keyring file ansible.builtin.apt_key: url: https://download.docker.com/linux/ubuntu/gpg keyring: /etc/apt/keyrings/docker.asc when: - ansible_distribution == "Ubuntu" # - name: Get keys for raspotify # ansible.builtin.shell: # curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc # when: # - ansible_distribution == "Ubuntu" - name: Change file ownership, group and permissions ansible.builtin.file: path: /etc/apt/keyrings/docker.asc owner: root group: root mode: '0644' # - name: Get keys for raspotify # ansible.builtin.shell: # chmod a+r /etc/apt/keyrings/docker.asc - name: Get keys for raspotify ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" - name: Get keys for raspotify ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null when: - ansible_distribution == "Ubuntu" # - name: Install docker # ansible.builtin.apt: # name: # - docker-ce # - docker-ce-cli # - containerd.io # - docker-buildx-plugin # - docker-compose-plugin # update_cache: true - name: Install the version docker1 ansible.builtin.apt: name: "{{ item }}" state: present when: - ansible_distribution == "Debian" loop: - docker-ce - docker-ce-cli - name: Install the version docker ansible.builtin.apt: name: "{{ item }}" state: present allow_downgrade: true when: - ansible_distribution == "Debian" loop: - containerd.io - name: Install the version docker ansible.builtin.apt: name: "{{ item }}" state: present allow_downgrade: true when: - ansible_distribution == "Debian" loop: - docker-buildx-plugin - name: Install the version docker ansible.builtin.apt: name: "{{ item }}=5:28.5.2-1~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}" state: present allow_downgrade: true when: - ansible_distribution == "Debian1" loop: - docker-ce - docker-ce-cli - name: Install the version docker ansible.builtin.apt: name: "{{ item }}=1.7.28-2~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}" state: present allow_downgrade: true when: - ansible_distribution == "Debian1" loop: - containerd.io - name: Install the version docker ansible.builtin.apt: name: "{{ item }}=0.28.0-0~{{ ansible_distribution | lower }}.{{ ansible_distribution_major_version }}~{{ ansible_distribution_release }}" state: present allow_downgrade: true when: - ansible_distribution == "Debian1" loop: - docker-buildx-plugin - name: Create a directory docker.service.d ansible.builtin.file: path: /etc/systemd/system/docker.service.d/ state: directory mode: '0755' - name: Create a directory for certs ansible.builtin.file: path: /etc/docker/certs state: directory mode: '0700' owner: root group: root # - name: Copy files # ansible.builtin.copy: # src: server-key.pem # dest: /etc/docker/certs/ # mode: '0600' # owner: root # group: root # - name: Copy files # ansible.builtin.copy: # src: ca.pem # dest: /etc/docker/certs/ # mode: '0600' # owner: root # group: root # - name: Copy files # ansible.builtin.copy: # src: server-cert.pem # dest: /etc/docker/certs/ # mode: '0600' # owner: root # group: root - name: Creating a file with content ansible.builtin.copy: dest: "/etc/systemd/system/docker.service.d/override.conf" content: | [Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 mode: '0600' owner: root group: root notify: restart_docker when: mode == "cert" # - name: Creating a file with content # ansible.builtin.copy: # dest: "/etc/systemd/system/docker.service.d/override.conf" # content: | # [Service] # ExecStart= # ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify \ # --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem \ # --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 # mode: '0600' # owner: root # group: root # notify: restart_docker # when: mode != "nocert" - name: Just force systemd to reread configs ansible.builtin.systemd: daemon_reload: true - name: Check if file exists ansible.builtin.stat: path: /etc/docker/certs/ca.pem register: file_check - name: Include role only if missing ansible.builtin.include_role: name: cert_gen when: not file_check - name: Create docker config file ansible.builtin.copy: dest: /etc/docker/daemon.json content: | { "log-driver": "json-file", "log-opts": { "max-size": "10m", "max-file": "3" }, "storage-driver": "overlay2", "storage-opts": [ "overlay2.override_kernel_check=true" ], "data-root": "/var/lib/docker" { "dns": ["192.168.77.101", "192.168.77.106", "8.8.8.8"], "dns-search": ["lan", "home.lan"] } mode: '0644' owner: root group: root - name: Restart docker service ansible.builtin.service: name: docker state: restarted # - name: Get keys for raspotify # ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions - name: Install a plugin community.docker.docker_plugin: plugin_name: grafana/loki-docker-driver alias: loki state: present