From 4db26b56da9296f96708836ca5f741177287a63f Mon Sep 17 00:00:00 2001 From: Tuan-Dat Tran Date: Sun, 10 Nov 2024 21:37:22 +0100 Subject: [PATCH] feat(ansible): add Docker host configuration with NFS mounts and utility packages - Introduce Docker host configuration playbooks in `docker_host` role - Install Docker and Docker Compose via apt repository - Configure Docker user, group, and required directories (`/opt/docker`, `/media`) - Add NFS mounts for Docker data, series, movies, and songs directories - Add extra utility packages (`bat`, `ripgrep`, `fd-find`, `screen`, `eza`, `neovim`) - Set up and manage `bash_aliases` for user-friendly command replacements (`batcat`, `nvim`, `eza`) - Enhance `/group_vars` and `/host_vars` for Docker-related settings and secure access - Add `docker-host00` and `docker-host01` entries to production and staging inventories Signed-off-by: Tuan-Dat Tran --- README.md | 3 +- docker-host.yml | 13 + group_vars/all/vars.yml | 6 + group_vars/docker/vars.yml | 4 + host_vars/docker-host00.yml | 10 + host_vars/docker-host01.yml | 10 + production | 7 + roles/common/files/bash/bash_aliases | 4 + roles/common/tasks/bash.yml | 9 +- roles/common/tasks/extra_packages.yml | 95 +++++ roles/common/tasks/main.yml | 2 + roles/common/tasks/packages.yml | 2 +- roles/docker_host/files/compose.yaml | 406 +++++++++++++++++++ roles/docker_host/handlers/main.yml | 6 + roles/docker_host/tasks/deploy_compose.yml | 14 + roles/docker_host/tasks/directory_setup.yml | 109 +++++ roles/docker_host/tasks/installation.yml | 59 +++ roles/docker_host/tasks/main.yml | 15 + roles/docker_host/tasks/setup.yml | 9 + roles/docker_host/tasks/user_group_setup.yml | 14 + staging | 11 + 21 files changed, 803 insertions(+), 5 deletions(-) create mode 100644 docker-host.yml create mode 100644 group_vars/docker/vars.yml create mode 100644 host_vars/docker-host00.yml create mode 100644 host_vars/docker-host01.yml create mode 100644 roles/common/files/bash/bash_aliases create mode 100644 roles/common/tasks/extra_packages.yml create mode 100644 roles/docker_host/files/compose.yaml create mode 100644 roles/docker_host/handlers/main.yml create mode 100644 roles/docker_host/tasks/deploy_compose.yml create mode 100644 roles/docker_host/tasks/directory_setup.yml create mode 100644 roles/docker_host/tasks/installation.yml create mode 100644 roles/docker_host/tasks/main.yml create mode 100644 roles/docker_host/tasks/setup.yml create mode 100644 roles/docker_host/tasks/user_group_setup.yml create mode 100644 staging diff --git a/README.md b/README.md index 5d3dddc..d43f07b 100644 --- a/README.md +++ b/README.md @@ -65,9 +65,10 @@ When we have LVM-based root partition we can do the following: # Create a new partition from the free space. sudo fdisk /dev/sda # echo "n\n\n\n\n\nw\n" +# n > 5x\n > w > \n # Create a LVM volume on the new partition sudo pvcreate /dev/sda3 sudo vgextend k3s-vg /dev/sda3 # Use the newly available storage in the root volume -sudo lvresize --extents +100%FREE --resizefs /dev/k3s-vg/root +sudo lvresize -l +100%FREE -r /dev/k3s-vg/root ``` diff --git a/docker-host.yml b/docker-host.yml new file mode 100644 index 0000000..01324e3 --- /dev/null +++ b/docker-host.yml @@ -0,0 +1,13 @@ +--- +- name: Set up Servers + hosts: docker_host + gather_facts: yes + vars_files: + - secrets.yml + roles: + - role: common + tags: + - common + - role: docker_host + tags: + - docker_host diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 5109150..5866842 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -27,3 +27,9 @@ common_packages: - sudo - systemd-timesyncd - tree + - screen + - bat + - fd-find + - ripgrep + +arch: "{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" diff --git a/group_vars/docker/vars.yml b/group_vars/docker/vars.yml new file mode 100644 index 0000000..28978a6 --- /dev/null +++ b/group_vars/docker/vars.yml @@ -0,0 +1,4 @@ +docker: + url: "https://download.docker.com/linux" + apt_release_channel: "stable" + dirs: "/opt/docker" diff --git a/host_vars/docker-host00.yml b/host_vars/docker-host00.yml new file mode 100644 index 0000000..154dc19 --- /dev/null +++ b/host_vars/docker-host00.yml @@ -0,0 +1,10 @@ +--- +ansible_user: "{{ user }}" +ansible_host: 192.168.20.34 +ansible_port: 22 +ansible_ssh_private_key_file: "{{ pk_path }}" +ansible_become_pass: "{{ vault.docker.host00.sudo }}" + +host: + hostname: "docker-host00" + ip: "{{ ansible_host }}" diff --git a/host_vars/docker-host01.yml b/host_vars/docker-host01.yml new file mode 100644 index 0000000..a493c5e --- /dev/null +++ b/host_vars/docker-host01.yml @@ -0,0 +1,10 @@ +--- +ansible_user: "{{ user }}" +ansible_host: 192.168.20.35 +ansible_port: 22 +ansible_ssh_private_key_file: "{{ pk_path }}" +ansible_become_pass: "{{ vault.docker.host01.sudo }}" + +host: + hostname: "docker-host01" + ip: "{{ ansible_host }}" diff --git a/production b/production index 9761eb3..537c3b0 100644 --- a/production +++ b/production @@ -41,6 +41,7 @@ k3s-loadbalancer k3s-longhorn00 k3s-longhorn01 k3s-longhorn02 +docker-host00 [k3s_nodes] k3s-server00 @@ -61,3 +62,9 @@ k3s-loadbalancer [vm:vars] ansible_ssh_common_args='-o ProxyCommand="ssh -p 22 -W %h:%p -q aya01"' + +[docker] +docker-host00 + +[docker_host] +docker-host00 diff --git a/roles/common/files/bash/bash_aliases b/roles/common/files/bash/bash_aliases new file mode 100644 index 0000000..32d61bc --- /dev/null +++ b/roles/common/files/bash/bash_aliases @@ -0,0 +1,4 @@ +alias cat=batcat +alias vim=nvim +alias fd=fdfind +alias ls=eza diff --git a/roles/common/tasks/bash.yml b/roles/common/tasks/bash.yml index 8428a1a..727d26b 100644 --- a/roles/common/tasks/bash.yml +++ b/roles/common/tasks/bash.yml @@ -1,9 +1,12 @@ --- -- name: Copy .bashrc +- name: Copy bash-configs ansible.builtin.template: - src: files/bash/bashrc - dest: "/home/{{ user }}/.bashrc" + src: "files/bash/{{ item }}" + dest: "/home/{{ user }}/.{{ item }}" owner: "{{ user }}" group: "{{ user }}" mode: "644" + loop: + - bashrc + - bash_aliases become: true diff --git a/roles/common/tasks/extra_packages.yml b/roles/common/tasks/extra_packages.yml new file mode 100644 index 0000000..16a3ce6 --- /dev/null +++ b/roles/common/tasks/extra_packages.yml @@ -0,0 +1,95 @@ +--- +- name: Ensure /etc/apt/keyrings directory exists + ansible.builtin.file: + path: /etc/apt/keyrings + state: directory + mode: "0755" + become: true + +- name: Download and save Gierens repository GPG key + ansible.builtin.get_url: + url: https://raw.githubusercontent.com/eza-community/eza/main/deb.asc + dest: /etc/apt/keyrings/gierens.asc + mode: "0644" + register: gpg_key_result + become: true + +- name: Add Gierens repository to apt sources + ansible.builtin.apt_repository: + repo: "deb [signed-by=/etc/apt/keyrings/gierens.asc] http://deb.gierens.de stable main" + state: present + update_cache: true + become: true + +- name: Install eza package + ansible.builtin.apt: + name: eza + state: present + become: true + +- name: Install bottom package + ansible.builtin.apt: + deb: https://github.com/ClementTsang/bottom/releases/download/0.9.6/bottom_0.9.6_amd64.deb + state: present + become: true + +- name: Check if Neovim is already installed + ansible.builtin.command: "which nvim" + register: neovim_installed + changed_when: false + ignore_errors: true + +- name: Download Neovim AppImage + ansible.builtin.get_url: + url: https://github.com/neovim/neovim/releases/download/v0.10.0/nvim.appimage + dest: /tmp/nvim.appimage + mode: "0755" + when: neovim_installed.rc != 0 + register: download_result + +- name: Extract Neovim AppImage + ansible.builtin.command: + cmd: "./nvim.appimage --appimage-extract" + chdir: /tmp + when: download_result.changed + register: extract_result + +- name: Copy extracted Neovim files to /usr + ansible.builtin.copy: + src: /tmp/squashfs-root/usr/ + dest: /usr/ + remote_src: true + mode: "0755" + become: true + when: extract_result.changed + +- name: Clean up extracted Neovim files + ansible.builtin.file: + path: /tmp/squashfs-root + state: absent + when: extract_result.changed + +- name: Remove Neovim AppImage + ansible.builtin.file: + path: /tmp/nvim.appimage + state: absent + when: download_result.changed + +- name: Check if Neovim config directory already exists + ansible.builtin.stat: + path: ~/.config/nvim + register: nvim_config + +- name: Clone LazyVim starter to Neovim config directory + ansible.builtin.git: + repo: https://github.com/LazyVim/starter + dest: ~/.config/nvim + clone: true + update: false + when: not nvim_config.stat.exists + +- name: Remove .git directory from Neovim config + ansible.builtin.file: + path: ~/.config/nvim/.git + state: absent + when: not nvim_config.stat.exists diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index c4a8c24..4ad3204 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -5,6 +5,8 @@ ansible.builtin.include_tasks: hostname.yml - name: Configure Packages ansible.builtin.include_tasks: packages.yml +- name: Configure Extra-Packages + ansible.builtin.include_tasks: extra_packages.yml - name: Configure Bash ansible.builtin.include_tasks: bash.yml - name: Configure SSH diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml index 9b2884f..639ad86 100644 --- a/roles/common/tasks/packages.yml +++ b/roles/common/tasks/packages.yml @@ -6,7 +6,7 @@ autoremove: true become: true -- name: Install extra packages +- name: Install base packages ansible.builtin.apt: name: "{{ common_packages }}" state: present diff --git a/roles/docker_host/files/compose.yaml b/roles/docker_host/files/compose.yaml new file mode 100644 index 0000000..4ca3064 --- /dev/null +++ b/roles/docker_host/files/compose.yaml @@ -0,0 +1,406 @@ +services: + nginx: + container_name: "nginx" + image: "jc21/nginx-proxy-manager:latest" + restart: unless-stopped + networks: + - net + ports: + - "80:80" + - "443:443" + - "8080:81" + volumes: + - "/opt/docker/config/nginx/data:/data" + - "/opt/docker/config/nginx/letsencrypt:/etc/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock" + + syncthing: + image: syncthing/syncthing + container_name: syncthing + restart: unless-stopped + depends_on: + - nginx + networks: + - net + ports: + - 22000:22000/tcp # TCP file transfers + - 22000:22000/udp # QUIC file transfers + - 21027:21027/udp # Receive local discovery broadcasts + volumes: + - "/media/docker/data/syncthing/:/var/syncthing" + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + hostname: syncthing + + kuma: + container_name: kuma + image: louislam/uptime-kuma:1 + restart: unless-stopped + depends_on: + - nginx + networks: + - net + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + ports: + - "3001:3001" + volumes: + - "/opt/local/kuma/:/app/data" + + plex: + image: lscr.io/linuxserver/plex:latest + container_name: plex + restart: unless-stopped + depends_on: + - nginx + networks: + - net + devices: + - /dev/dri:/dev/dri + ports: + - "32400:32400" + - "1900:1900" + - "3005:3005" + - "5353:5353" + - "32410:32410" + - "8324:8324" + - "32412:32412" + - "32469:32469" + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - VERSION=docker + volumes: + - "/opt/local/plex/config/:/config" + - "/media/series:/tv:ro" + - "/media/movies:/movies:ro" + - "/media/songs:/music:ro" + + sonarr: + image: lscr.io/linuxserver/sonarr:latest + container_name: sonarr + restart: unless-stopped + depends_on: + - prowlarr + networks: + - net + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - /opt/local/sonarr/config:/config + - /media/series:/tv #optional + - /media/docker/data/arr_downloads/sonarr:/downloads #optional + + radarr: + image: lscr.io/linuxserver/radarr:latest + container_name: radarr + restart: unless-stopped + depends_on: + - prowlarr + networks: + - net + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - /opt/local/radarr/config:/config + - /media/movies:/movies #optional + - /media/docker/data/arr_downloads/radarr:/downloads #optional + + lidarr: + image: lscr.io/linuxserver/lidarr:latest + container_name: lidarr + restart: unless-stopped + depends_on: + - prowlarr + networks: + - net + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - /opt/local/lidarr/config:/config + - /media/songs:/music #optional + - /media/docker/data/arr_downloads/lidarr:/downloads #optional + + prowlarr: + image: lscr.io/linuxserver/prowlarr:latest + container_name: prowlarr + restart: unless-stopped + depends_on: + - torrentleech + networks: + - net + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + volumes: + - /opt/local/prowlarr/config:/config + + gluetun: + image: qmcgaw/gluetun + container_name: gluetun + restart: unless-stopped + networks: + - net + cap_add: + - NET_ADMIN + devices: + - /dev/net/tun:/dev/net/tun + volumes: + - /opt/docker/config/gluetun/config:/gluetun + ports: + - 8082:8082 + - 8083:8083 + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - VPN_SERVICE_PROVIDER=protonvpn + - UPDATER_VPN_SERVICE_PROVIDERS=protonvpn + - UPDATER_PERIOD=24h + - SERVER_COUNTRIES=Hungary + - OPENVPN_USER=MfCOtzTIEsmu1wY-q2lAZ3X1+pmp + - OPENVPN_PASSWORD=knCl1Zl5PHz4HMWVCGR77dYa + + torrentleech: + image: qbittorrentofficial/qbittorrent-nox + container_name: torrentleech + restart: unless-stopped + depends_on: + - gluetun + network_mode: "container:gluetun" + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - QBT_EULA="accept" + - QBT_WEBUI_PORT="8083" + volumes: + - /opt/docker/config/torrentleech/config:/config + - /media/docker/data/arr_downloads:/downloads + + qbit: + image: qbittorrentofficial/qbittorrent-nox + container_name: qbit + restart: unless-stopped + depends_on: + - gluetun + network_mode: "container:gluetun" + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Berlin + - QBT_EULA="accept" + - QBT_WEBUI_PORT="8082" + volumes: + - /opt/docker/config/qbit/config:/config + - /media/docker/data/arr_downloads:/downloads + + prometheus: + image: prom/prometheus + container_name: prometheus + restart: unless-stopped + depends_on: + - nginx + networks: + - net + environment: + - PUID=65534 + - PGID=65534 + - TZ=Europe/Berlin + volumes: + - /opt/docker/config/prometheus/:/etc/prometheus/ + - prometheus_data:/prometheus/ + + grafana: + image: grafana/grafana-oss + container_name: grafana + restart: unless-stopped + user: "0:0" + depends_on: + - prometheus + networks: + - net + environment: + - PUID=472 + - PGID=472 + - TZ=Europe/Berlin + volumes: + - /media/docker/data/grafana/:/var/lib/grafana/ + - /opt/docker/config/grafana/config/:/etc/grafana/ + + ddns-updater: + container_name: ddns-updater + image: "ghcr.io/qdm12/ddns-updater" + restart: unless-stopped + depends_on: + - nginx + networks: + net: {} + volumes: + - "/opt/docker/config/ddns-updater/data/:/updater/data/" + + homeassistant: + container_name: homeassistant + image: "ghcr.io/home-assistant/home-assistant:stable" + restart: unless-stopped + depends_on: + - nginx + networks: + net: {} + volumes: + - "/etc/localtime:/etc/localtime:ro" + - "/opt/local/home-assistant/config/:/config/" + privileged: true + ports: + - "8123:8123" + - 4357:4357 + - 5683:5683 + - 5683:5683/udp + + stirling: + container_name: stirling + image: frooodle/s-pdf:latest + restart: unless-stopped + depends_on: + - nginx + networks: + net: {} + + jellyfin: + container_name: jellyfin + image: jellyfin/jellyfin + restart: "unless-stopped" + depends_on: + - nginx + networks: + net: {} + devices: + - /dev/dri:/dev/dri + volumes: + - /opt/docker/config/jellyfin/config:/config + - /opt/docker/config/jellyfin/cache:/cache + - /media/series:/tv:ro + - /media/movies:/movies:ro + - /media/songs:/music:ro + ports: + - "8096:8096" + + paperless-broker: + container_name: paperless-broker + image: docker.io/library/redis:7 + restart: unless-stopped + depends_on: + - nginx + networks: + - net + volumes: + - /opt/local/paperless/redis/data:/data + + paperless-postgres: + container_name: paperless-postgres + image: docker.io/library/postgres:15 + restart: unless-stopped + depends_on: + - nginx + networks: + - net + volumes: + - /opt/local/paperless/db/data:/var/lib/postgresql/data + environment: + POSTGRES_DB: paperless + POSTGRES_USER: paperless + POSTGRES_PASSWORD: 5fnhn%u2YWY3paNvMAjdoufYPQ2Hf3Yi + + paperless: + container_name: paperless + image: ghcr.io/paperless-ngx/paperless-ngx:latest + restart: unless-stopped + depends_on: + - paperless-postgres + - paperless-broker + networks: + - net + healthcheck: + test: + ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"] + interval: 30s + timeout: 10s + retries: 5 + volumes: + - /opt/local/paperless/data/data:/usr/src/paperless/data + - /opt/local/paperless/data/media:/usr/src/paperless/media + - /opt/local/paperless/data/export:/usr/src/paperless/export + - /opt/local/paperless/data/consume:/usr/src/paperless/consume + environment: + - "PAPERLESS_REDIS=redis://paperless-broker:6379" + - "PAPERLESS_DBHOST=paperless-postgres" + - "PAPERLESS_DBUSER=paperless" + - "PAPERLESS_DBPASS=5fnhn%u2YWY3paNvMAjdoufYPQ2Hf3Yi" + - "USERMAP_UID=1000" + - "USERMAP_GID=1000" + - "PAPERLESS_URL=https://paperless.docker-host00.lulu.seyshiro.de" + - "PAPERLESS_TIME_ZONE=Europe/Berlin" + - "PAPERLESS_OCR_LANGUAGE=deu" + + git: + container_name: git + image: gitea/gitea:1.20.5-rootless + restart: unless-stopped + depends_on: + - nginx + networks: + - net + volumes: + - /opt/local/gitea/data:/var/lib/gitea + - /opt/local/gitea/config:/etc/gitea + - /etc/timezone:/etc/timezone:ro + - /etc/localtime:/etc/localtime:ro + ports: + - "3000:3000" + - "2222:2222" + environment: + - USER_UID=1000 + - USER_GID=1000 + + athome: + container_name: athome + image: mos4/athome:latest + restart: unless-stopped + depends_on: + - nginx + networks: + - net + ports: + - "10000:8080" + + changedetection: + container_name: changedetection + image: dgtlmoon/changedetection.io + restart: unless-stopped + networks: + - net + volumes: + - "/opt/docker/config/changedetection/data/:/datastore" + +networks: + net: + driver: bridge + ipam: + driver: default + config: + - subnet: 172.16.69.0/24 + +volumes: + prometheus_data: {} diff --git a/roles/docker_host/handlers/main.yml b/roles/docker_host/handlers/main.yml new file mode 100644 index 0000000..3e359b0 --- /dev/null +++ b/roles/docker_host/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart docker + ansible.builtin.service: + name: docker + state: restarted + become: true diff --git a/roles/docker_host/tasks/deploy_compose.yml b/roles/docker_host/tasks/deploy_compose.yml new file mode 100644 index 0000000..bda9960 --- /dev/null +++ b/roles/docker_host/tasks/deploy_compose.yml @@ -0,0 +1,14 @@ +--- +- name: Copy docker compose file to target + ansible.builtin.template: + src: "files/{{ item }}" + dest: "/opt/docker/compose/{{ item }}" + owner: "{{ user }}" + group: "{{ user }}" + mode: "644" + backup: true + loop: + - compose.yaml + notify: + - Restart docker + become: true diff --git a/roles/docker_host/tasks/directory_setup.yml b/roles/docker_host/tasks/directory_setup.yml new file mode 100644 index 0000000..b35ed41 --- /dev/null +++ b/roles/docker_host/tasks/directory_setup.yml @@ -0,0 +1,109 @@ +--- +- name: Create /media/docker directory + ansible.builtin.file: + path: /media/docker + state: directory + mode: "0755" + become: true + +- name: Create /media/series directory + ansible.builtin.file: + path: /media/series + state: directory + mode: "0755" + become: true + +- name: Create /media/movies directory + ansible.builtin.file: + path: /media/movies + state: directory + mode: "0755" + become: true + +- name: Create /media/songs directory + ansible.builtin.file: + path: /media/songs + state: directory + mode: "0755" + become: true + +- name: Create /opt/docker directory + ansible.builtin.file: + path: /opt/docker + state: directory + mode: "0755" + become: true + +- name: Create /opt/local directory + ansible.builtin.file: + path: /opt/local + state: directory + mode: "0755" + become: true + +- name: Set ownership of /opt/local to tudattr + ansible.builtin.file: + path: /opt/local + owner: tudattr + group: tudattr + become: true + +- name: Set ownership of /opt/docker to tudattr + ansible.builtin.file: + path: /opt/docker + owner: tudattr + group: tudattr + become: true + +- name: Set ownership of /media directories to tudattr + ansible.builtin.file: + path: /media/ + owner: tudattr + group: tudattr + recurse: true + become: true + +- name: Ensure /media/docker is mounted via NFS + ansible.posix.mount: + path: /media/docker + src: 192.168.20.12:/media/docker + fstype: nfs + opts: defaults,nolock + state: mounted + become: true + +- name: Ensure /media/series is mounted via NFS + ansible.posix.mount: + path: /media/series + src: 192.168.20.12:/media/series + fstype: nfs + opts: defaults,nolock + state: mounted + become: true + +- name: Ensure /media/movies is mounted via NFS + ansible.posix.mount: + path: /media/movies + src: 192.168.20.12:/media/movies + fstype: nfs + opts: defaults,nolock + state: mounted + become: true + +- name: Ensure /media/songs is mounted via NFS + ansible.posix.mount: + path: /media/songs + src: 192.168.20.12:/media/songs + fstype: nfs + opts: defaults,nolock + state: mounted + become: true + +- name: Ensure /opt/docker is mounted via NFS + ansible.posix.mount: + path: /opt/docker + src: 192.168.20.12:/opt/docker + fstype: nfs + opts: defaults,nolock + state: mounted + become: true diff --git a/roles/docker_host/tasks/installation.yml b/roles/docker_host/tasks/installation.yml new file mode 100644 index 0000000..688ca5f --- /dev/null +++ b/roles/docker_host/tasks/installation.yml @@ -0,0 +1,59 @@ +--- +- name: Uninstall old versions + ansible.builtin.apt: + name: "{{ item }}" + state: absent + purge: true + loop: + - docker + - docker-engine + - docker.io + - containerd + - runc + become: true + +- name: Update cache + ansible.builtin.apt: + update_cache: true + become: true + +- name: Install dependencies for apt to use repositories over HTTPS + ansible.builtin.apt: + name: "{{ item }}" + state: present + loop: + - ca-certificates + - curl + - gnupg + - lsb-release + become: true + +- name: Add Docker apt key. + ansible.builtin.get_url: + url: "{{ docker.url }}/{{ ansible_distribution | lower }}/gpg" + dest: /etc/apt/trusted.gpg.d/docker.asc + mode: "0664" + force: true + become: true + +- name: Add Docker repository. + ansible.builtin.apt_repository: + repo: "deb [arch={{ arch }}] {{ docker.url }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker.apt_release_channel }}" + state: present + become: true + +- name: Update cache + ansible.builtin.apt: + update_cache: true + become: true + +- name: Install Docker Engine, containerd, and Docker Compose. + ansible.builtin.apt: + name: "{{ item }}" + state: present + loop: + - docker-ce + - docker-ce-cli + - docker-compose-plugin + - containerd.io + become: true diff --git a/roles/docker_host/tasks/main.yml b/roles/docker_host/tasks/main.yml new file mode 100644 index 0000000..c81ffbb --- /dev/null +++ b/roles/docker_host/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: Setup VM + ansible.builtin.include_tasks: setup.yml + +- name: Install docker + ansible.builtin.include_tasks: installation.yml + +- name: Setup user and group for docker + ansible.builtin.include_tasks: user_group_setup.yml + +- name: Setup directory structure for docker + ansible.builtin.include_tasks: directory_setup.yml + +- name: Deploy docker compose + ansible.builtin.include_tasks: deploy_compose.yml diff --git a/roles/docker_host/tasks/setup.yml b/roles/docker_host/tasks/setup.yml new file mode 100644 index 0000000..279e009 --- /dev/null +++ b/roles/docker_host/tasks/setup.yml @@ -0,0 +1,9 @@ +--- +- name: Enable HW accelerate for VM + ansible.builtin.apt: + name: "{{ item }}" + state: present + loop: + - firmware-misc-nonfree + - nfs-common + become: true diff --git a/roles/docker_host/tasks/user_group_setup.yml b/roles/docker_host/tasks/user_group_setup.yml new file mode 100644 index 0000000..e65bf73 --- /dev/null +++ b/roles/docker_host/tasks/user_group_setup.yml @@ -0,0 +1,14 @@ +--- +- name: Ensure group "docker" exists + ansible.builtin.group: + name: docker + state: present + become: true + +- name: Append the group docker to "{{ user }}" + ansible.builtin.user: + name: "{{ user }}" + shell: /bin/bash + groups: docker + append: true + become: true diff --git a/staging b/staging new file mode 100644 index 0000000..2917499 --- /dev/null +++ b/staging @@ -0,0 +1,11 @@ +[vm] +docker-host01 + +[vm:vars] +ansible_ssh_common_args='-o ProxyCommand="ssh -p 22 -W %h:%p -q aya01"' + +[docker] +docker-host01 + +[docker_host] +docker-host01