feat(docker): add ansible role

galaxy.yml

@@ -18,3 +18,4 @@ tags:
   - minio
   - nginx
   - restic
+  - docker

playbooks/docker.yml

@@ -0,0 +1,6 @@
+---
+- name: Install and configure docker daemon
+  hosts: "{{ docker_hosts | default('docker', true) }}"
+  become: "{{ docker_become | default(false, true) }}"
+  roles:
+    - role: finallycoffee.base.docker

roles/docker/README.md

@@ -0,0 +1,13 @@
+# `finallycoffee.base.docker` ansible role
+
+Install and configure the docker daemon.
+
+## Configuration
+
+- `docker_daemon_config` - configuration for the docker daemon
+- `docker_remove_legacy_packages` - clean up old versions of docker (see https://docs.docker.com/engine/install/debian/#uninstall-old-versions)
+
+## Plugins
+
+- `docker_plugin_buildx_enable` - enable the buildx plugin
+- `docker_plugin_compose_enable` - enable docker compose

roles/docker/defaults/main/debian.yml

@@ -0,0 +1,31 @@
+---
+docker_apt_key_url: "https://download.docker.com/linux/debian/gpg"
+docker_apt_key_id: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
+
+docker_apt_arch: amd64
+docker_apt_release_channel: stable
+docker_apt_repository_url: "https://download.docker.com/linux/debian"
+docker_apt_repository: >-2
+  deb [arch={{ docker_apt_arch }}] {{ docker_apt_repository_url }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}
+docker_apt_cli_package: "docker-ce-cli"
+docker_apt_plugin_buildx_package: "docker-buildx-plugin"
+docker_apt_plugin_compose_package: "docker-compose-plugin"
+docker_apt_base_packages:
+  - "docker-ce"
+  - "docker-ce-cli"
+  - "containerd.io"
+docker_apt_packages: >-2
+  {{
+    docker_apt_base_packages
+    + (docker_plugin_buildx_enable | default(false)
+      | ternary([ docker_apt_plugin_buildx_package ], []))
+    + (docker_plugin_compose_enable | default(false)
+      | ternary([ docker_apt_plugin_compose_package ], []))
+  }}
+docker_apt_legacy_packages:
+  - "docker.io"
+  - "docker-compose"
+  - "docker-doc"
+  - "podman-docker"
+  - "containerd"
+  - "runc"

roles/docker/defaults/main/main.yml

@@ -0,0 +1,13 @@
+---
+docker_state: "present"
+
+docker_daemon_config: {}
+docker_daemon_config_file: "/etc/docker/daemon.json"
+docker_daemon_config_file_mode: "0644"
+docker_daemon_config_owner: root
+docker_daemon_config_group: "{{ docker_daemon_config_owner }}"
+
+docker_plugin_buildx_enable: false
+docker_plugin_compose_enable: false
+
+docker_remove_legacy_packages: true

roles/docker/defaults/main/systemd.yml

@@ -0,0 +1,5 @@
+---
+docker_systemd_service_name: "docker.service"
+docker_systemd_service_state: >-2
+  {{ (docker_state == 'present') | ternary('started', 'stopped') }}
+docker_systemd_service_enabled: "{{ (docker_state == 'present') }}"

roles/docker/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart docker daemon
+  ansible.builtin.systemd_service:
+    name: "{{ docker_systemd_service_name }}"
+    state: "restarted"
+  listen: "docker-restart"

roles/docker/tasks/configure.yml

@@ -0,0 +1,18 @@
+---
+- name: Ensure config directory '{{ docker_daemon_config_file | dirname }}' is present
+  ansible.builtin.file:
+    path: "{{ docker_daemon_config_file | dirname }}"
+    state: "directory"
+    mode: "0755"
+    owner: "{{ docker_daemon_config_owner }}"
+    group: "{{ docker_daemon_config_group }}"
+
+- name: Configure docker daemon using '{{ docker_daemon_config_file }}'
+  ansible.builtin.copy:
+    content: "{{ docker_daemon_config | to_json }}"
+    dest: "{{ docker_daemon_config_file }}"
+    mode: "{{ docker_daemon_config_file_mode }}"
+    owner: "{{ docker_daemon_config_owner }}"
+    group: "{{ docker_daemon_config_group }}"
+  when: docker_daemon_config | string | length > 0
+  notify: docker-restart

roles/docker/tasks/install-debian.yml

@@ -0,0 +1,30 @@
+---
+- name: Ensure legacy docker packages are removed
+  ansible.builtin.apt:
+    name: "{{ docker_apt_legacy_packages }}"
+    state: absent
+  when: docker_remove_legacy_packages
+
+- name: Add apt key for docker repository
+  ansible.builtin.apt_key:
+    id: "{{ docker_apt_key_id }}"
+    url: "{{ docker_apt_key_url }}"
+    state: "{{ docker_state }}"
+
+- name: Add apt repository for docker
+  ansible.builtin.apt_repository:
+    repo: "{{ docker_apt_repository }}"
+    state: "{{ docker_state }}"
+  register: docker_apt_repository_info
+
+- name: Update apt cache if repository was newly added
+  ansible.builtin.apt:
+    update_cache: true
+  when:
+    - docker_state == 'present'
+    - docker_apt_repository_info.changed
+
+- name: Install apt packages for docker
+  ansible.builtin.apt:
+    name: "{{ docker_apt_packages }}"
+    state: "{{ docker_state }}"

roles/docker/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+- name: Check if target OS is supported
+  ansible.builtin.fail:
+    msg: >-2
+      OS Family '{{ docker_os_family }}' is not supported!
+  when: docker_os_family not in docker_supported_os_families
+  vars:
+    docker_os_family: "{{ ansible_os_family | lower }}"
+
+- name: Ensure docker is {{ docker_state }} on {{ ansible_os_family }}-family
+  ansible.builtin.include_tasks:
+    file: "install-{{ ansible_os_family | lower }}.yml"
+
+- name: Configure docker daemon
+  ansible.builtin.include_tasks:
+    file: "configure.yml"
+  when: docker_state == 'present'
+
+- name: Ensure docker daemon is {{ docker_systemd_service_enabled | ternary('enabled', 'disabled') }}
+  ansible.builtin.systemd_service:
+    name: "{{ docker_systemd_service_name }}"
+    enabled: "{{ docker_systemd_service_enabled }}"
+  when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: Ensure docker daemon is {{ docker_systemd_service_state }}
+  ansible.builtin.systemd_service:
+    name: "{{ docker_systemd_service_name }}"
+    state: "{{ docker_systemd_service_state }}"
+  when: ansible_facts['service_mgr'] == 'systemd'

roles/docker/vars/main.yml

@@ -0,0 +1,3 @@
+---
+docker_supported_os_families:
+  - 'debian'