Skip to content

Commit 32515dd

Browse files
bruzinabruzina
committed
feat: add docker role
1 parent 8685e68 commit 32515dd

File tree

6 files changed

+64
-0
lines changed

6 files changed

+64
-0
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ This Ansible collection provides a set of roles designed for configuring Kubuntu
1111
| [xebis.ansible.apt](roles/apt/README.md) | Deb package updates and upgrades using the apt package manager. Can optionally clean up unused packages and reboot the system if required. | `xebis.ansible.system` |
1212
| [`xebis.ansible.coding_projects`](roles/coding_projects/README.md) | Creates and clones coding projects to `~/Projects` | `xebis.ansible.apt` |
1313
| `xebis.ansible.direnv` | direnv and Bash config for direnv | `xebis.ansible.apt` |
14+
| `xebis.ansible.docker` | Docker direnv | `xebis.ansible.apt`, `xebis.ansible.nftables_firewall` |
1415
| [xebis.ansible.grub](roles/grub/README.md) | GRUB menu configuration. | |
1516
| `xebis.ansible.fail2ban` | Fail2ban IPS | `xebis.ansible.apt` |
1617
| `xebis.ansible.google_chrome` | Google Chrome (Stable) | `xebis.ansible.apt` |

roles/docker/files/inet-fwd-docker.conf

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
iifname == "docker0" counter accept # Allow traffic to and from Docker
2+
oifname == "docker0" counter accept
3+
iifgroup == "default" counter accept # Allow traffic to and from Docker networks
4+
oifgroup == "default" counter accept

roles/docker/meta/main.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
dependencies:
3+
- role: xebis.ansible.apt # Expects updated apt cache
4+
- role: xebis.ansible.nftables_firewall # Expects extensible nftables firewall

roles/docker/tasks/firewall.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
---
2+
- name: Copy Docker firewall rules
3+
become: true
4+
ansible.builtin.copy:
5+
src: "{{ item }}"
6+
dest: /etc/nftables/{{ item }}
7+
mode: u=rw,g=r,o=r
8+
with_items:
9+
- inet-fwd-docker.conf
10+
notify: Validate and reload nftables firewall

roles/docker/tasks/main.yaml

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
---
2+
- name: Import firewall tasks
3+
ansible.builtin.import_tasks: firewall.yaml
4+
5+
- name: Add Docker apt key
6+
become: true
7+
ansible.builtin.apt_key:
8+
url: https://download.docker.com/linux/ubuntu/gpg
9+
state: present
10+
11+
- name: Add Docker apt repository
12+
become: true
13+
ansible.builtin.apt_repository:
14+
repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
15+
filename: docker
16+
mode: u=rw,g=r,o=r
17+
state: present
18+
notify: Update deb packages
19+
20+
- name: Enforce upgrade and reboot now rather than at the end of the playbook
21+
ansible.builtin.meta: flush_handlers
22+
23+
- name: Install Docker deb packages
24+
become: true
25+
ansible.builtin.apt:
26+
name:
27+
- docker-ce
28+
- docker-ce-cli
29+
- containerd.io
30+
- docker-buildx-plugin
31+
- docker-compose-plugin
32+
state: present
33+
when: not ansible_check_mode
34+
35+
- name: Clean up Docker - Prune everything
36+
become: true
37+
community.docker.docker_prune:
38+
builder_cache: true
39+
containers: true
40+
images: true
41+
images_filters:
42+
dangling: false
43+
networks: true
44+
volumes: true

test.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,4 +49,5 @@
4949
- owner: xebis
5050
name: infra
5151
- role: xebis.ansible.direnv
52+
- role: xebis.ansible.docker
5253
- role: xebis.ansible.visual_studio_code

0 commit comments

Comments
 (0)