mirror of
https://gitlab.sectorq.eu/jaydee/ansible.git
synced 2026-01-28 18:39:44 +01:00
jaydee
cf02eba95a
Some checks failed
Gitea Actions Demo / Explore-Gitea-Actions (push) Has been cancelled
130 lines
3.6 KiB
YAML
130 lines
3.6 KiB
YAML
- name: Setup docker
|
|
become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
|
|
block:
|
|
- name: Facts
|
|
ansible.builtin.setup:
|
|
|
|
- name: Remove old Docker packages
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- docker
|
|
- docker-client
|
|
- docker-client-latest
|
|
- docker-common
|
|
- docker-latest
|
|
- docker-latest-logrotate
|
|
- docker-logrotate
|
|
- docker-engine
|
|
state: absent
|
|
|
|
- name: Install required packages
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- dnf-plugins-core
|
|
- ca-certificates
|
|
- curl
|
|
- gnupg2
|
|
state: present
|
|
|
|
- name: Add Docker repository
|
|
ansible.builtin.get_url:
|
|
url: https://download.docker.com/linux/centos/docker-ce.repo
|
|
dest: /etc/yum.repos.d/docker-ce.repo
|
|
mode: '0644'
|
|
|
|
- name: Install Docker Engine
|
|
ansible.builtin.dnf:
|
|
name:
|
|
- docker-ce
|
|
- docker-ce-cli
|
|
- containerd.io
|
|
- docker-buildx-plugin
|
|
- docker-compose-plugin
|
|
state: latest
|
|
|
|
- name: Add users to docker group
|
|
ansible.builtin.user:
|
|
name: "{{ item }}"
|
|
groups: docker
|
|
append: true
|
|
loop: "{{ docker_users }}"
|
|
when: docker_users | length > 0
|
|
|
|
- name: Create a directory docker.service.d
|
|
ansible.builtin.file:
|
|
path: /etc/systemd/system/docker.service.d/
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create a directory for certs
|
|
ansible.builtin.file:
|
|
path: /etc/docker/certs
|
|
state: directory
|
|
mode: '0700'
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Creating a file with content
|
|
ansible.builtin.copy:
|
|
dest: "/etc/systemd/system/docker.service.d/override.conf"
|
|
content: |
|
|
[Service]
|
|
ExecStart=
|
|
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
|
|
mode: '0600'
|
|
owner: root
|
|
group: root
|
|
notify: restart_docker
|
|
when: mode == "cert"
|
|
|
|
- name: Just force systemd to reread configs
|
|
ansible.builtin.systemd:
|
|
daemon_reload: true
|
|
|
|
- name: Check if file exists
|
|
ansible.builtin.stat:
|
|
path: /etc/docker/certs/ca.pem
|
|
register: file_check
|
|
|
|
- name: Print file check result
|
|
ansible.builtin.debug:
|
|
var: file_check
|
|
|
|
- name: Include role only if missing
|
|
ansible.builtin.include_role:
|
|
name: cert_gen
|
|
when: not file_check.stat.exists and mode == "cert"
|
|
|
|
|
|
- name: Create docker config file
|
|
ansible.builtin.copy:
|
|
dest: /etc/docker/daemon.json
|
|
content: |
|
|
{
|
|
"log-driver": "json-file",
|
|
"log-opts": {
|
|
"max-size": "10m",
|
|
"max-file": "3"
|
|
},
|
|
"data-root": "/var/lib/docker",
|
|
"dns": ["192.168.77.101", "192.168.77.106", "8.8.8.8"],
|
|
"dns-search": ["lan", "home.lan"]
|
|
|
|
}
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|
|
|
|
|
|
- name: Restart docker service
|
|
ansible.builtin.service:
|
|
name: docker
|
|
state: restarted
|
|
|
|
# - name: Get keys for raspotify
|
|
# ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions
|
|
- name: Install a plugin
|
|
community.docker.docker_plugin:
|
|
plugin_name: grafana/loki-docker-driver
|
|
alias: loki
|
|
state: enable |