2022-07-10 10:50:57 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
- name: docker
|
|
|
|
hosts: all
|
|
|
|
tasks:
|
|
|
|
|
|
|
|
### Docker ###
|
|
|
|
|
|
|
|
- name: Create docker Group
|
|
|
|
ansible.builtin.group:
|
|
|
|
name: docker
|
|
|
|
state: present
|
|
|
|
gid: 1003
|
|
|
|
|
|
|
|
- name: Create docker User
|
|
|
|
ansible.builtin.user:
|
|
|
|
name: docker
|
|
|
|
comment: docker User
|
|
|
|
uid: 1003
|
|
|
|
group: docker
|
|
|
|
|
2023-02-09 13:52:16 +01:00
|
|
|
- name: Hide docker user from login screen
|
|
|
|
blockinfile:
|
|
|
|
path: /var/lib/AccountsService/users/docker
|
|
|
|
mode: "0444"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
create: yes
|
|
|
|
block: |
|
|
|
|
[User]
|
2023-04-12 09:29:57 +02:00
|
|
|
SystemAccount=true
|
2023-02-09 13:52:16 +01:00
|
|
|
backup: no
|
|
|
|
|
2022-07-10 10:50:57 +02:00
|
|
|
- name: Create docker dir
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /home/docker
|
|
|
|
owner: docker
|
|
|
|
group: docker
|
|
|
|
state: directory
|
|
|
|
mode: '0750'
|
|
|
|
|
2022-07-14 12:33:36 +02:00
|
|
|
- name: Create docker-data dir
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /home/docker/var-lib-docker
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
state: directory
|
|
|
|
mode: '0710'
|
|
|
|
|
2023-10-08 18:48:54 +02:00
|
|
|
- name: Create dir for container defaults
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: /home/docker/_defaults
|
|
|
|
owner: root
|
|
|
|
group: docker
|
|
|
|
state: directory
|
|
|
|
mode: '0750'
|
|
|
|
|
2022-07-10 10:50:57 +02:00
|
|
|
- name: Create /var/lib/docker -> /home/docker/var-lib-docker symlink
|
|
|
|
ansible.builtin.file:
|
|
|
|
src: /home/docker/var-lib-docker
|
|
|
|
dest: /var/lib/docker
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
state: link
|
|
|
|
|
2023-04-12 09:29:57 +02:00
|
|
|
- name: Remove packages for docker from default repo
|
2022-07-10 10:50:57 +02:00
|
|
|
apt:
|
2023-04-12 09:29:57 +02:00
|
|
|
name:
|
2022-07-10 10:50:57 +02:00
|
|
|
- docker.io
|
|
|
|
- docker-compose
|
2023-04-12 09:29:57 +02:00
|
|
|
- containerd
|
|
|
|
- runc
|
|
|
|
state: absent
|
2022-07-10 10:50:57 +02:00
|
|
|
update_cache: no
|
|
|
|
install_recommends: no
|
|
|
|
|
2023-04-12 09:29:57 +02:00
|
|
|
- name: Add signing key
|
2023-07-25 10:31:06 +02:00
|
|
|
ansible.builtin.shell: curl -fsSL https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg | gpg --output "/usr/share/keyrings/gpg-pub-docker.gpg" --dearmor
|
|
|
|
args:
|
2023-07-25 10:44:16 +02:00
|
|
|
creates: /usr/share/keyrings/gpg-pub-docker.gpg
|
2023-07-25 10:31:06 +02:00
|
|
|
|
|
|
|
#- name: Add signing key
|
|
|
|
# ansible.builtin.apt_key:
|
|
|
|
# url: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
|
|
|
|
# state: present
|
2023-04-12 09:29:57 +02:00
|
|
|
|
2023-07-25 10:46:47 +02:00
|
|
|
- name: Remove old repository from sources if exists
|
2023-07-25 10:42:21 +02:00
|
|
|
ansible.builtin.apt_repository:
|
|
|
|
repo: "deb https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
|
|
|
state: absent
|
|
|
|
filename: docker
|
|
|
|
|
2023-07-25 10:46:47 +02:00
|
|
|
- name: Add repository into list
|
2023-04-12 09:29:57 +02:00
|
|
|
ansible.builtin.apt_repository:
|
2023-07-25 10:31:06 +02:00
|
|
|
repo: "deb [arch=amd64 signed-by=/usr/share/keyrings/gpg-pub-docker.gpg] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
|
2023-04-12 09:29:57 +02:00
|
|
|
state: present
|
|
|
|
filename: docker
|
|
|
|
|
|
|
|
- name: Packages for docker
|
|
|
|
apt:
|
|
|
|
name:
|
|
|
|
- docker-ce
|
|
|
|
- docker-ce-cli
|
|
|
|
- containerd.io
|
|
|
|
- docker-buildx-plugin
|
|
|
|
- docker-compose-plugin
|
|
|
|
- bridge-utils
|
|
|
|
- apache2-utils
|
2023-04-19 12:40:30 +02:00
|
|
|
- python3-docker
|
2023-04-12 09:29:57 +02:00
|
|
|
update_cache: yes
|
|
|
|
install_recommends: no
|
2023-06-05 12:30:27 +02:00
|
|
|
|
|
|
|
# https://github.com/nextcloud/docker/issues/1103
|
|
|
|
- name: writing daemon.json (ipv6 settings)
|
|
|
|
copy:
|
|
|
|
dest: "/etc/docker/daemon.json"
|
|
|
|
content: |
|
|
|
|
{
|
|
|
|
"ipv6": true,
|
|
|
|
"fixed-cidr-v6": "fdab::/64",
|
|
|
|
"experimental": true,
|
|
|
|
"ip6tables": true
|
|
|
|
}
|
2023-04-12 09:29:57 +02:00
|
|
|
|
2023-10-08 18:48:54 +02:00
|
|
|
- name: mariadb env defaults
|
2023-10-08 16:34:14 +02:00
|
|
|
copy:
|
2023-10-08 18:48:54 +02:00
|
|
|
path: /home/docker/_defaults/mariadb/mariadb.env
|
|
|
|
mode: "0444"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
create: yes
|
|
|
|
block: |
|
2023-10-08 16:34:14 +02:00
|
|
|
MARIADB_RANDOM_ROOT_PASSWORD=1
|
|
|
|
MARIADB_AUTO_UPGRADE=1
|
|
|
|
MARIADB_INITDB_SKIP_TZINFO=1
|
2023-10-08 17:29:05 +02:00
|
|
|
# from here: save memory https://techroads.org/reducing-memory-use-on-my-mariadb-mysql-wordpress-docker-stack/
|
2023-10-08 16:34:14 +02:00
|
|
|
MARIADB_KEY_BUFFER_SIZE=1M
|
|
|
|
MARIADB_MYISAMCHK_KEY_BUFFER_SIZE=1M
|
|
|
|
MARIADB_INNODB_BUFFER_POOL_SIZE=10M
|
|
|
|
MARIADB_INNODB_LOG_BUFFER_SIZE=512K
|
|
|
|
MARIADB_MYISAM_SORT_BUFFER_SIZE=64K
|
|
|
|
MARIADB_MYISAMCHK_SORT_BUFFER_SIZE=64K
|
|
|
|
MARIADB_READ_BUFFER_SIZE=8K
|
|
|
|
MARIADB_READ_RND_BUFFER_SIZE=8K
|
|
|
|
MARIADB_SORT_BUFFER_SIZE=64K
|
2022-07-10 10:50:57 +02:00
|
|
|
backup: yes
|
|
|
|
|
2023-10-08 18:48:54 +02:00
|
|
|
- name: mariadb server config defaults
|
2022-07-10 10:50:57 +02:00
|
|
|
blockinfile:
|
2023-10-08 18:48:54 +02:00
|
|
|
path: /home/docker/_defaults/mariadb/99-server.cnf
|
|
|
|
mode: "0444"
|
2023-04-12 09:29:57 +02:00
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
create: yes
|
|
|
|
block: |
|
2023-10-08 18:48:54 +02:00
|
|
|
[mariadbd]
|
|
|
|
max_connections=10
|
|
|
|
query_cache_size=512K
|
|
|
|
thread_cache_size=0
|
|
|
|
sort_buffer_size=64K
|
|
|
|
bulk_insert_buffer_size=0
|
|
|
|
tmp_table_size=1K
|
|
|
|
max_heap_table_size=16K
|
|
|
|
key_buffer_size=1M
|
|
|
|
read_buffer_size=8K
|
|
|
|
read_rnd_buffer_size=8K
|
|
|
|
#innodb_buffer_pool_size=10K
|
|
|
|
#innodb_log_buffer_size=512K
|
2022-07-10 10:50:57 +02:00
|
|
|
backup: yes
|
|
|
|
|
2023-04-12 09:29:57 +02:00
|
|
|
- name: /usr/local/sbin/docker-compose shebang
|
|
|
|
lineinfile:
|
|
|
|
path: /usr/local/sbin/docker-compose
|
|
|
|
insertbefore: BOF
|
|
|
|
line: "#!/bin/bash -e"
|