Initial CommitHEAD master

author: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
committer: Sam Chudnick <sam@chudnick.com> 2023-06-25 09:52:36 -0400
commit: 95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree: cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/services/docker_rootless
3 files changed, 117 insertions, 0 deletions
diff --git a/roles/services/docker_rootless/defaults/main.yml b/roles/services/docker_rootless/defaults/main.yml
new file mode 100644
index 0000000..064825f
--- /dev/null
+++ b/roles/services/docker_rootless/defaults/main.yml
@@ -0,0 +1,18 @@
+docker_packages:
+  - docker-ce
+  - acl
+  - docker-ce-cli
+  - docker-ce-rootless-extras
+  - docker-compose-plugin
+  - uidmap
+  - dbus-user-session
+  - slirp4netns
+  - fuse-overlayfs
+docker_username: docker_rootless
+docker_uid: 2000
+docker_home: /srv/docker
+docker_config: /srv/docker/config
+docker_data: /srv/docker/data
diff --git a/roles/services/docker_rootless/handlers/main.yml b/roles/services/docker_rootless/handlers/main.yml
new file mode 100644
index 0000000..510db7b
--- /dev/null
+++ b/roles/services/docker_rootless/handlers/main.yml
@@ -0,0 +1,6 @@
+- name: update repos
+  apt:
+    update_cache: yes
+  register: apt_upgrade
+  retries: 100
+  until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)
diff --git a/roles/services/docker_rootless/tasks/main.yml b/roles/services/docker_rootless/tasks/main.yml
new file mode 100644
index 0000000..9b2e527
--- /dev/null
+++ b/roles/services/docker_rootless/tasks/main.yml
@@ -0,0 +1,93 @@
+- name: install packages
+  package:
+    name:
+      - extrepo
+      - nginx
+      - python3-docker
+    state: latest
+- name: allow http (80/tcp) traffic
+  ufw:
+    rule: allow
+    port: '80'
+    proto: tcp
+- name: allow https (443/tcp) traffic
+  ufw:
+    rule: allow
+    port: '443'
+    proto: tcp
+- name: enable docker-ce repo
+  register: result
+  changed_when: result.stdout | regex_search("skipped") | bool
+  notify: update repos
+  command:
+    cmd: extrepo enable docker-ce
+    creates: /etc/apt/sources.list.d/extrepo_docker-ce.sources
+- meta: flush_handlers
+- name: enable docker-ce repo
+  changed_when: false
+  command:
+    cmd: extrepo update docker-ce
+- name: create docker user
+  user:
+    name: "{{ docker_username }}"
+    shell: /bin/bash
+    uid: "{{ docker_uid }}"
+    home: "{{ docker_home }}"
+    create_home: yes
+- name: add XDG_RUNTIME_DIR to docker user bash profile
+  lineinfile:
+    path: "{{ docker_home }}/.bash_profile"
+    line: "export XDG_RUNTIME_DIR=/run/user/{{ docker_uid }}"
+    insertbefore: EOF
+    owner: "{{ docker_username }}"
+    group: "{{ docker_username }}"
+    mode: "0644"
+    create: yes
+- name: install docker packages
+  package:
+    name: "{{ docker_packages }}"
+    state: latest
+- name: add docker user to /etc/subuid
+  lineinfile:
+    path: /etc/subuid
+    line: "{{ docker_username }}:100000:65536"
+    insertbefore: EOF
+- name: add docker user to /etc/subgid
+  lineinfile:
+    path: /etc/subgid
+    line: "{{ docker_username }}:100000:65536"
+    insertbefore: EOF
+- name: enable lingering for docker user
+  command:
+    cmd: loginctl enable-linger "{{ docker_username }}"
+    creates: "/var/lib/systemd/linger/{{ docker_username }}"
+- name: run docker rootless setup script
+  become_user: "{{ docker_username }}"
+  register: setup_script
+  command:
+    cmd: /usr/bin/dockerd-rootless-setuptool.sh install --force
+    creates: "{{ docker_home }}/.config/systemd/user/docker.service"
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
+- name: enable and start docker service
+  become_user: "{{ docker_username }}"
+  systemd:
+    name: docker
+    enabled: yes
+    state: started
+    scope: user
+  environment:
+    XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
author	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
committer	Sam Chudnick <sam@chudnick.com>	2023-06-25 09:52:36 -0400
commit	95b73daa36b23565a8566f71f9b202d3459b685f (patch)
tree	cb17b021be70e7868d0ec235a761f0ecdc80f3f2 /roles/services/docker_rootless

diff --git a/roles/services/docker_rootless/defaults/main.yml b/roles/services/docker_rootless/defaults/main.yml new file mode 100644 index 0000000..064825f --- /dev/null +++ b/roles/services/docker_rootless/defaults/main.yml
@@ -0,0 +1,18 @@
	1	docker_packages:
	2	- docker-ce
	3	- acl
	4	- docker-ce-cli
	5	- docker-ce-rootless-extras
	6	- docker-compose-plugin
	7	- uidmap
	8	- dbus-user-session
	9	- slirp4netns
	10	- fuse-overlayfs
	11
	12	docker_username: docker_rootless
	13	docker_uid: 2000
	14
	15	docker_home: /srv/docker
	16	docker_config: /srv/docker/config
	17	docker_data: /srv/docker/data
	18


diff --git a/roles/services/docker_rootless/handlers/main.yml b/roles/services/docker_rootless/handlers/main.yml new file mode 100644 index 0000000..510db7b --- /dev/null +++ b/roles/services/docker_rootless/handlers/main.yml
@@ -0,0 +1,6 @@
	1	- name: update repos
	2	apt:
	3	update_cache: yes
	4	register: apt_upgrade
	5	retries: 100
	6	until: apt_upgrade is success or ('Failed to lock apt for exclusive operation' not in apt_upgrade.msg and '/var/lib/dpkg/lock' not in apt_upgrade.msg)


diff --git a/roles/services/docker_rootless/tasks/main.yml b/roles/services/docker_rootless/tasks/main.yml new file mode 100644 index 0000000..9b2e527 --- /dev/null +++ b/roles/services/docker_rootless/tasks/main.yml
@@ -0,0 +1,93 @@
	1	- name: install packages
	2	package:
	3	name:
	4	- extrepo
	5	- nginx
	6	- python3-docker
	7	state: latest
	8
	9	- name: allow http (80/tcp) traffic
	10	ufw:
	11	rule: allow
	12	port: '80'
	13	proto: tcp
	14
	15	- name: allow https (443/tcp) traffic
	16	ufw:
	17	rule: allow
	18	port: '443'
	19	proto: tcp
	20
	21	- name: enable docker-ce repo
	22	register: result
	23	changed_when: result.stdout \| regex_search("skipped") \| bool
	24	notify: update repos
	25	command:
	26	cmd: extrepo enable docker-ce
	27	creates: /etc/apt/sources.list.d/extrepo_docker-ce.sources
	28
	29	- meta: flush_handlers
	30
	31	- name: enable docker-ce repo
	32	changed_when: false
	33	command:
	34	cmd: extrepo update docker-ce
	35
	36	- name: create docker user
	37	user:
	38	name: "{{ docker_username }}"
	39	shell: /bin/bash
	40	uid: "{{ docker_uid }}"
	41	home: "{{ docker_home }}"
	42	create_home: yes
	43
	44	- name: add XDG_RUNTIME_DIR to docker user bash profile
	45	lineinfile:
	46	path: "{{ docker_home }}/.bash_profile"
	47	line: "export XDG_RUNTIME_DIR=/run/user/{{ docker_uid }}"
	48	insertbefore: EOF
	49	owner: "{{ docker_username }}"
	50	group: "{{ docker_username }}"
	51	mode: "0644"
	52	create: yes
	53
	54	- name: install docker packages
	55	package:
	56	name: "{{ docker_packages }}"
	57	state: latest
	58
	59	- name: add docker user to /etc/subuid
	60	lineinfile:
	61	path: /etc/subuid
	62	line: "{{ docker_username }}:100000:65536"
	63	insertbefore: EOF
	64
	65	- name: add docker user to /etc/subgid
	66	lineinfile:
	67	path: /etc/subgid
	68	line: "{{ docker_username }}:100000:65536"
	69	insertbefore: EOF
	70
	71	- name: enable lingering for docker user
	72	command:
	73	cmd: loginctl enable-linger "{{ docker_username }}"
	74	creates: "/var/lib/systemd/linger/{{ docker_username }}"
	75
	76	- name: run docker rootless setup script
	77	become_user: "{{ docker_username }}"
	78	register: setup_script
	79	command:
	80	cmd: /usr/bin/dockerd-rootless-setuptool.sh install --force
	81	creates: "{{ docker_home }}/.config/systemd/user/docker.service"
	82	environment:
	83	XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"
	84
	85	- name: enable and start docker service
	86	become_user: "{{ docker_username }}"
	87	systemd:
	88	name: docker
	89	enabled: yes
	90	state: started
	91	scope: user
	92	environment:
	93	XDG_RUNTIME_DIR: "/run/user/{{ docker_uid }}"