2026-06-11 14:53:55 +02:00
|
|
|
# docker_host
|
|
|
|
|
|
2026-06-14 17:28:51 +02:00
|
|
|
Installs the Docker CE engine and the Compose plugin on every host in the
|
|
|
|
|
`docker_hosts` group. Provides the container runtime that per-service roles
|
|
|
|
|
(one service = one role, ADR-004) deploy their Compose stacks onto.
|
2026-06-11 14:53:55 +02:00
|
|
|
|
2026-06-14 17:28:51 +02:00
|
|
|
## Scope
|
2026-06-11 14:53:55 +02:00
|
|
|
|
2026-06-14 17:28:51 +02:00
|
|
|
This role covers the **engine install only**. The following are deferred to Phase 2
|
|
|
|
|
(when the Proxmox cluster and `base` host firewall exist):
|
2026-06-11 14:53:55 +02:00
|
|
|
|
2026-06-14 17:28:51 +02:00
|
|
|
- Daemon hardening (`iptables: false`, log driver, `live-restore`, userns remapping).
|
|
|
|
|
- Rendering container forward/NAT rules into `/etc/nftables.d/*.nft` (the `base` role
|
|
|
|
|
hook for container firewall integration, ADR-020).
|
2026-06-11 14:53:55 +02:00
|
|
|
|
|
|
|
|
## Variables
|
|
|
|
|
|
2026-06-14 17:28:51 +02:00
|
|
|
| Variable | Default | Description |
|
|
|
|
|
|---|---|---|
|
|
|
|
|
| `docker_host__packages` | `[docker-ce, docker-ce-cli, containerd.io, docker-compose-plugin]` | APT packages installed from the Docker CE repository |
|
|
|
|
|
|
|
|
|
|
All variables use the `docker_host__` double-underscore namespace (CLAUDE.md convention).
|
2026-06-11 14:53:55 +02:00
|
|
|
|
|
|
|
|
## Example
|
|
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
|
- hosts: docker_hosts
|
|
|
|
|
become: true
|
|
|
|
|
roles:
|
|
|
|
|
- role: docker_host
|
|
|
|
|
tags: [docker_host]
|
|
|
|
|
```
|
|
|
|
|
|
2026-06-14 17:28:51 +02:00
|
|
|
## Tags
|
|
|
|
|
|
|
|
|
|
All tasks carry the `packages` concern tag (APT package install, ADR-019).
|
|
|
|
|
|
|
|
|
|
## Related
|
|
|
|
|
|
|
|
|
|
- ADR-004 (`docs/decisions/004-docker-model.md`) — Docker & Compose model.
|
|
|
|
|
- ADR-020 (`docs/decisions/020-firewall.md`) — daemon hardening + `nftables.d`
|
|
|
|
|
integration (deferred to Phase 2).
|
|
|
|
|
- ADR-011 (`docs/decisions/011-update-management.md`) — version pinning policy
|
|
|
|
|
(future: pin Docker CE version explicitly).
|