14 lines
786 B
YAML
14 lines
786 B
YAML
|
|
---
|
||
|
|
# docker_host — Docker engine + Compose runtime for hosts in the docker_hosts group.
|
||
|
|
#
|
||
|
|
# SCAFFOLDED, NOT YET IMPLEMENTED. This role is referenced by playbooks/site.yml so the
|
||
|
|
# full standard state is expressed end-to-end, but it has no tasks yet — applying it is a
|
||
|
|
# no-op. See STATUS.md ("Scaffolded but empty") and ADR-004 (Docker & Compose model).
|
||
|
|
#
|
||
|
|
# Planned scope (ADR-002/004/020):
|
||
|
|
# - install Docker engine + compose plugin (version-pinned, per ADR-011)
|
||
|
|
# - daemon hardening: iptables:false (host nftables owns the firewall, ADR-020),
|
||
|
|
# log-driver, live-restore, userns where practical
|
||
|
|
# - render container forward/NAT rules into /etc/nftables.d/*.nft (the base-role hook)
|
||
|
|
# - deploy per-service Compose stacks from the service roles (one service = one role)
|