- name: Setup docker become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}" block: - name: Facts ansible.builtin.setup: - name: Print arch ansible.builtin.debug: msg: "{{ ansible_architecture }}" - name: Install docker dependencies ansible.builtin.apt: name: - ca-certificates - curl - telnet - net-tools - python3-pip - python3-dev state: present update_cache: true - name: Get keys for raspotify ansible.builtin.command: install -m 0755 -d /etc/apt/keyrings # - name: Add an Apt signing key to a specific keyring file # ansible.builtin.apt_key: # url: https://download.docker.com/linux/debian/gpg # keyring: /etc/apt/keyrings/docker.asc # when: # - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" # - name: Get keys for raspotify # ansible.builtin.shell: # curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc # when: # - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" - name: Get keys for raspotify ansible.builtin.shell: curl -fsSL https://download.docker.com/linux/raspbian/gpg -o /etc/apt/keyrings/docker.asc when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" - name: Ensure docker keyring directory exists ansible.builtin.file: path: /etc/apt/keyrings state: directory mode: "0755" - name: Download Docker GPG key ansible.builtin.get_url: url: https://download.docker.com/linux/debian/gpg dest: /etc/apt/keyrings/docker.asc mode: "0644" when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Install docker.sources file ansible.builtin.template: src: docker.sources.j2 dest: /etc/apt/sources.list.d/docker.sources owner: root group: root mode: "0644" when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Create docker.sources file ansible.builtin.copy: dest: /etc/apt/sources.list.d/docker.sources mode: "0644" content: | Types: deb URIs: https://download.docker.com/linux/debian Suites: {{ ansible_facts['lsb']['codename'] }} Components: stable Signed-By: /etc/apt/keyrings/docker.asc when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Update apt cache ansible.builtin.apt: update_cache: true when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Download Docker GPG key ansible.builtin.get_url: url: https://download.docker.com/linux/debian/gpg dest: /etc/apt/keyrings/docker.asc mode: "0644" when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "13" - name: Add an Apt signing key to a specific keyring file ansible.builtin.apt_key: url: https://download.docker.com/linux/ubuntu/gpg keyring: /etc/apt/keyrings/docker.asc when: - ansible_distribution == "Ubuntu" # - name: Get keys for raspotify # ansible.builtin.shell: # curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc # when: # - ansible_distribution == "Ubuntu" - name: Change file ownership, group and permissions ansible.builtin.file: path: /etc/apt/keyrings/docker.asc owner: root group: root mode: '0644' # - name: Get keys for raspotify # ansible.builtin.shell: # chmod a+r /etc/apt/keyrings/docker.asc - name: Get keys for raspotify ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null when: - ansible_distribution == "Debian" and ansible_distribution_major_version == "12" - name: Get keys for raspotify ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null when: - ansible_distribution == "Ubuntu" - name: Pin docker version ansible.builtin.copy: dest: /etc/apt/preferences.d/docker.pref mode: "0644" content: | Package: docker-ce Pin: version 5:28.5.2-1~debian.13~trixie Pin-Priority: 1001 Package: docker-ce-cli Pin: version 5:28.5.2-1~debian.13~trixie Pin-Priority: 1001 when: - ansible_distribution == "Debian" - ansible_distribution_major_version == "13" - name: Install the version docker1 ansible.builtin.apt: name: "{{ docker_package }}" state: present when: - ansible_distribution == "Debian" loop_control: loop_var: docker_package loop: - docker-ce - docker-ce-cli - containerd.io - docker-buildx-plugin - docker-compose-plugin - name: Create a directory docker.service.d ansible.builtin.file: path: /etc/systemd/system/docker.service.d/ state: directory mode: '0755' - name: Creating a file with content ansible.builtin.copy: dest: "/etc/systemd/system/docker.service.d/override.conf" content: | [Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// \ --containerd=/run/containerd/containerd.sock \ --tlsverify --tlscacert=/etc/docker/certs/ca.pem \ --tlscert=/etc/docker/certs/server-cert.pem \ --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376 mode: '0600' owner: root group: root notify: restart_docker when: mode == "cert" - name: Creating a file with content ansible.builtin.copy: dest: "/etc/systemd/system/docker.service.d/override.conf" content: | [Service] ExecStart= ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H=0.0.0.0:2376 mode: '0600' owner: root group: root notify: restart_docker when: mode != "cert" - name: Just force systemd to reread configs ansible.builtin.systemd: daemon_reload: true - name: Restart docker service ansible.builtin.service: name: docker state: restarted - name: Install Loki plugin with TLS community.docker.docker_plugin: plugin_name: grafana/loki-docker-driver alias: loki state: present environment: DOCKER_HOST: "tcp://{{ inventory_hostname }}:2376" DOCKER_TLS_VERIFY: "1" DOCKER_CERT_PATH: "/tmp/certgen"