35 lines
1.2 KiB
Markdown
35 lines
1.2 KiB
Markdown
|
|
# docker_host
|
||
|
|
|
||
|
|
Docker engine + Compose runtime applied to every host in the `docker_hosts` group.
|
||
|
|
Provides the container platform that the per-service roles (one service = one role,
|
||
|
|
ADR-004) deploy their Compose stacks onto.
|
||
|
|
|
||
|
|
> **Status: scaffolded, not yet implemented.** This role has no tasks yet — applying it
|
||
|
|
> is a no-op. It is wired into `playbooks/site.yml` so the full standard state is
|
||
|
|
> expressed end-to-end, and so `make lint` covers it. See `STATUS.md`.
|
||
|
|
|
||
|
|
## Planned scope
|
||
|
|
|
||
|
|
- Install Docker engine + the Compose plugin, version-pinned (ADR-011).
|
||
|
|
- Daemon hardening: `iptables: false` (the host `base` firewall owns nftables, ADR-020),
|
||
|
|
log driver, `live-restore`, user-namespace remapping where practical (ADR-002).
|
||
|
|
- Render container forward/NAT rules into `/etc/nftables.d/*.nft` — the include hook the
|
||
|
|
`base` role's ruleset exposes (see `roles/base/README.md`).
|
||
|
|
- Provide the runtime the service roles deploy their Compose files onto.
|
||
|
|
|
||
|
|
## Variables
|
||
|
|
|
||
|
|
None yet. Placeholders will use the `docker_host__*` namespace (CLAUDE.md convention).
|
||
|
|
|
||
|
|
## Example
|
||
|
|
|
||
|
|
```yaml
|
||
|
|
- hosts: docker_hosts
|
||
|
|
become: true
|
||
|
|
roles:
|
||
|
|
- role: docker_host
|
||
|
|
tags: [docker_host]
|
||
|
|
```
|
||
|
|
|
||
|
|
See ADR-004 (`docs/decisions/004-docker-model.md`) for the Docker & Compose model.
|