--- # docker_host — Docker engine + Compose runtime for hosts in the docker_hosts group. # # SCAFFOLDED, NOT YET IMPLEMENTED. This role is referenced by playbooks/site.yml so the # full standard state is expressed end-to-end, but it has no tasks yet — applying it is a # no-op. See STATUS.md ("Scaffolded but empty") and ADR-004 (Docker & Compose model). # # Planned scope (ADR-002/004/020): # - install Docker engine + compose plugin (version-pinned, per ADR-011) # - daemon hardening: iptables:false (host nftables owns the firewall, ADR-020), # log-driver, live-restore, userns where practical # - render container forward/NAT rules into /etc/nftables.d/*.nft (the base-role hook) # - deploy per-service Compose stacks from the service roles (one service = one role)