debian.ansible.docker/docker.yml

---

- name: docker
  hosts: all
  tasks:

### Docker ###

    - name: Create docker Group
      ansible.builtin.group:
        name: docker
        state: present
        gid: 1003

    - name: Create docker User
      ansible.builtin.user:
        name: docker
        comment: docker User
        uid: 1003
        group: docker

    - name: Hide docker user from login screen
      blockinfile:
        path: /var/lib/AccountsService/users/docker
        mode: "0444"
        owner: root
        group: root
        create: yes
        block: |
          [User]
          SystemAccount=true          
        backup: no

    - name: Create docker dir
      ansible.builtin.file:
        path: /home/docker
        owner: docker
        group: docker
        state: directory
        mode: '0750'

    - name: Create docker-data dir
      ansible.builtin.file:
        path: /home/docker/var-lib-docker
        owner: root
        group: root
        state: directory
        mode: '0710'

    - name: Create dir for container defaults
      ansible.builtin.file:
        path: /home/docker/_defaults
        owner: root
        group: docker
        state: directory
        mode: '0750'

    - name: Create /var/lib/docker -> /home/docker/var-lib-docker symlink
      ansible.builtin.file:
        src: /home/docker/var-lib-docker
        dest: /var/lib/docker
        owner: root
        group: root
        state: link

    - name: Remove packages for docker from default repo
      apt:
        name:
          - docker.io
          - docker-compose
          - containerd
          - runc
        state: absent
        update_cache: no
        install_recommends: no

    - name: Add signing key
      ansible.builtin.shell: curl -fsSL https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg | gpg --output  "/usr/share/keyrings/gpg-pub-docker.gpg" --dearmor
      args:
        creates: /usr/share/keyrings/gpg-pub-docker.gpg

    #- name: Add signing key
    #  ansible.builtin.apt_key:
    #    url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
    #    state: present

    - name: Remove old repository from sources if exists
      ansible.builtin.apt_repository:
        repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
        state: absent
        filename: docker       

    - name: Add repository into list
      ansible.builtin.apt_repository:
        repo: "deb [arch=amd64 signed-by=/usr/share/keyrings/gpg-pub-docker.gpg] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
        state: present
        filename: docker

    - name: Packages for docker
      apt:
        name:
          - docker-ce
          - docker-ce-cli 
          - containerd.io 
          - docker-buildx-plugin 
          - docker-compose-plugin
          - bridge-utils
          - apache2-utils
          - python3-docker
        update_cache: yes
        install_recommends: no
    
    # https://github.com/nextcloud/docker/issues/1103
    - name: writing daemon.json (ipv6 settings) 
      copy:
        dest: "/etc/docker/daemon.json"
        content: |
          {
            "ipv6": true,
            "fixed-cidr-v6": "fdab::/64",
            "experimental": true, 
            "ip6tables": true
          }

    - name: mariadb env defaults
      blockinfile:
        path: /home/docker/_defaults/mariadb/mariadb.env
        mode: "0444"
        owner: root
        group: root
        create: yes
        block: |
          MARIADB_RANDOM_ROOT_PASSWORD=1
          MARIADB_AUTO_UPGRADE=1
          MARIADB_INITDB_SKIP_TZINFO=1
          # from here: save memory https://techroads.org/reducing-memory-use-on-my-mariadb-mysql-wordpress-docker-stack/
          MARIADB_KEY_BUFFER_SIZE=1M
          MARIADB_MYISAMCHK_KEY_BUFFER_SIZE=1M
          MARIADB_INNODB_BUFFER_POOL_SIZE=10M
          MARIADB_INNODB_LOG_BUFFER_SIZE=512K
          MARIADB_MYISAM_SORT_BUFFER_SIZE=64K
          MARIADB_MYISAMCHK_SORT_BUFFER_SIZE=64K
          MARIADB_READ_BUFFER_SIZE=8K
          MARIADB_READ_RND_BUFFER_SIZE=8K
          MARIADB_SORT_BUFFER_SIZE=64K
        backup: yes

    - name: mariadb server config defaults
      blockinfile:
        path: /home/docker/_defaults/mariadb/99-server.cnf
        mode: "0444"
        owner: root
        group: root
        create: yes
        block: |
          [mariadbd]
          max_connections=10
          query_cache_size=512K
          thread_cache_size=0
          sort_buffer_size=64K
          bulk_insert_buffer_size=0
          tmp_table_size=1K
          max_heap_table_size=16K
          key_buffer_size=1M
          read_buffer_size=8K
          read_rnd_buffer_size=8K
          #innodb_buffer_pool_size=10K
          #innodb_log_buffer_size=512K
        backup: yes

    - name: docker-compose command/alias for backward compatibility - now docker compose
      blockinfile:
        path: /usr/local/sbin/docker-compose
        mode: "0755"
        owner: root
        group: root
        create: yes
        marker: "# {mark} ANSIBLE MANAGED BLOCK"
        block: |
          docker compose $@          
        backup: yes
        validate: /bin/bash -n %s 

    - name: /usr/local/sbin/docker-compose shebang
      lineinfile:
        path: /usr/local/sbin/docker-compose
        insertbefore: BOF
        line: "#!/bin/bash -e"
first commit 2022-07-10 10:50:57 +02:00			`---`

			`- name: docker`
			`hosts: all`
			`tasks:`

			`### Docker ###`

			`- name: Create docker Group`
			`ansible.builtin.group:`
			`name: docker`
			`state: present`
			`gid: 1003`

			`- name: Create docker User`
			`ansible.builtin.user:`
			`name: docker`
			`comment: docker User`
			`uid: 1003`
			`group: docker`

„docker.yml“ ändern 2023-02-09 13:52:16 +01:00			`- name: Hide docker user from login screen`
			`blockinfile:`
			`path: /var/lib/AccountsService/users/docker`
			`mode: "0444"`
			`owner: root`
			`group: root`
			`create: yes`
			`block: \|`
			`[User]`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`SystemAccount=true`
„docker.yml“ ändern 2023-02-09 13:52:16 +01:00			`backup: no`

first commit 2022-07-10 10:50:57 +02:00			`- name: Create docker dir`
			`ansible.builtin.file:`
			`path: /home/docker`
			`owner: docker`
			`group: docker`
			`state: directory`
			`mode: '0750'`

revert 0d46dd064fd6a2ad9ace8dd8a8ac38edecff58cf revert „docker.yml“ ändern 2022-07-14 12:33:36 +02:00			`- name: Create docker-data dir`
			`ansible.builtin.file:`
			`path: /home/docker/var-lib-docker`
			`owner: root`
			`group: root`
			`state: directory`
			`mode: '0710'`

docker.yml aktualisiert 2023-10-08 18:48:54 +02:00			`- name: Create dir for container defaults`
			`ansible.builtin.file:`
			`path: /home/docker/_defaults`
			`owner: root`
			`group: docker`
			`state: directory`
			`mode: '0750'`

first commit 2022-07-10 10:50:57 +02:00			`- name: Create /var/lib/docker -> /home/docker/var-lib-docker symlink`
			`ansible.builtin.file:`
			`src: /home/docker/var-lib-docker`
			`dest: /var/lib/docker`
			`owner: root`
			`group: root`
			`state: link`

newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`- name: Remove packages for docker from default repo`
first commit 2022-07-10 10:50:57 +02:00			`apt:`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`name:`
first commit 2022-07-10 10:50:57 +02:00			`- docker.io`
			`- docker-compose`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`- containerd`
			`- runc`
			`state: absent`
first commit 2022-07-10 10:50:57 +02:00			`update_cache: no`
			`install_recommends: no`

newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`- name: Add signing key`
docker.yml aktualisiert 2023-07-25 10:31:06 +02:00			`ansible.builtin.shell: curl -fsSL https://download.docker.com/linux/{{ ansible_distribution \| lower }}/gpg \| gpg --output "/usr/share/keyrings/gpg-pub-docker.gpg" --dearmor`
			`args:`
docker.yml aktualisiert 2023-07-25 10:44:16 +02:00			`creates: /usr/share/keyrings/gpg-pub-docker.gpg`
docker.yml aktualisiert 2023-07-25 10:31:06 +02:00
			`#- name: Add signing key`
			`# ansible.builtin.apt_key:`
			`# url: "https://download.docker.com/linux/{{ ansible_distribution \| lower }}/gpg"`
			`# state: present`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00
docker.yml aktualisiert 2023-07-25 10:46:47 +02:00			`- name: Remove old repository from sources if exists`
docker.yml aktualisiert 2023-07-25 10:42:21 +02:00			`ansible.builtin.apt_repository:`
			`repo: "deb https://download.docker.com/linux/{{ ansible_distribution \| lower }} {{ ansible_distribution_release }} stable"`
			`state: absent`
			`filename: docker`

docker.yml aktualisiert 2023-07-25 10:46:47 +02:00			`- name: Add repository into list`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`ansible.builtin.apt_repository:`
docker.yml aktualisiert 2023-07-25 10:31:06 +02:00			`repo: "deb [arch=amd64 signed-by=/usr/share/keyrings/gpg-pub-docker.gpg] https://download.docker.com/linux/{{ ansible_distribution \| lower }} {{ ansible_distribution_release }} stable"`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`state: present`
			`filename: docker`

			`- name: Packages for docker`
			`apt:`
			`name:`
			`- docker-ce`
			`- docker-ce-cli`
			`- containerd.io`
			`- docker-buildx-plugin`
			`- docker-compose-plugin`
			`- bridge-utils`
			`- apache2-utils`
„docker.yml“ ändern 2023-04-19 12:40:30 +02:00			`- python3-docker`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`update_cache: yes`
			`install_recommends: no`
logging client ip address behind reverse proxy https://github.com/nextcloud/docker/issues/1103 2023-06-05 12:30:27 +02:00
			`# https://github.com/nextcloud/docker/issues/1103`
			`- name: writing daemon.json (ipv6 settings)`
			`copy:`
			`dest: "/etc/docker/daemon.json"`
			`content: \|`
			`{`
			`"ipv6": true,`
			`"fixed-cidr-v6": "fdab::/64",`
			`"experimental": true,`
			`"ip6tables": true`
			`}`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00
docker.yml aktualisiert 2023-10-08 18:48:54 +02:00			`- name: mariadb env defaults`
docker.yml aktualisiert 2023-10-08 18:54:51 +02:00			`blockinfile:`
docker.yml aktualisiert 2023-10-08 18:48:54 +02:00			`path: /home/docker/_defaults/mariadb/mariadb.env`
			`mode: "0444"`
			`owner: root`
			`group: root`
			`create: yes`
			`block: \|`
docker.yml aktualisiert 2023-10-08 16:34:14 +02:00			`MARIADB_RANDOM_ROOT_PASSWORD=1`
			`MARIADB_AUTO_UPGRADE=1`
			`MARIADB_INITDB_SKIP_TZINFO=1`
docker.yml aktualisiert 2023-10-08 17:29:05 +02:00			`# from here: save memory https://techroads.org/reducing-memory-use-on-my-mariadb-mysql-wordpress-docker-stack/`
docker.yml aktualisiert 2023-10-08 16:34:14 +02:00			`MARIADB_KEY_BUFFER_SIZE=1M`
			`MARIADB_MYISAMCHK_KEY_BUFFER_SIZE=1M`
			`MARIADB_INNODB_BUFFER_POOL_SIZE=10M`
			`MARIADB_INNODB_LOG_BUFFER_SIZE=512K`
			`MARIADB_MYISAM_SORT_BUFFER_SIZE=64K`
			`MARIADB_MYISAMCHK_SORT_BUFFER_SIZE=64K`
			`MARIADB_READ_BUFFER_SIZE=8K`
			`MARIADB_READ_RND_BUFFER_SIZE=8K`
			`MARIADB_SORT_BUFFER_SIZE=64K`
first commit 2022-07-10 10:50:57 +02:00			`backup: yes`

docker.yml aktualisiert 2023-10-08 18:48:54 +02:00			`- name: mariadb server config defaults`
first commit 2022-07-10 10:50:57 +02:00			`blockinfile:`
docker.yml aktualisiert 2023-10-08 18:48:54 +02:00			`path: /home/docker/_defaults/mariadb/99-server.cnf`
			`mode: "0444"`
newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`owner: root`
			`group: root`
			`create: yes`
			`block: \|`
docker.yml aktualisiert 2023-10-08 18:48:54 +02:00			`[mariadbd]`
			`max_connections=10`
			`query_cache_size=512K`
			`thread_cache_size=0`
			`sort_buffer_size=64K`
			`bulk_insert_buffer_size=0`
			`tmp_table_size=1K`
			`max_heap_table_size=16K`
			`key_buffer_size=1M`
			`read_buffer_size=8K`
			`read_rnd_buffer_size=8K`
			`#innodb_buffer_pool_size=10K`
			`#innodb_log_buffer_size=512K`
first commit 2022-07-10 10:50:57 +02:00			`backup: yes`

docker.yml aktualisiert 2023-10-09 19:40:36 +02:00			`- name: docker-compose command/alias for backward compatibility - now docker compose`
			`blockinfile:`
			`path: /usr/local/sbin/docker-compose`
			`mode: "0755"`
			`owner: root`
			`group: root`
			`create: yes`
			`marker: "# {mark} ANSIBLE MANAGED BLOCK"`
			`block: \|`
			`docker compose $@`
			`backup: yes`
			`validate: /bin/bash -n %s`

newer docker and docker compose needed fpr mailcow. remove docker from default debian repo if installed, add repo "download.docker.com" and install from there. docker-compose command/alias for backward compatibility - now docker compose 2023-04-12 09:29:57 +02:00			`- name: /usr/local/sbin/docker-compose shebang`
			`lineinfile:`
			`path: /usr/local/sbin/docker-compose`
			`insertbefore: BOF`
			`line: "#!/bin/bash -e"`