sjat
456c27d12b
Implements the docker_host role tasks: prerequisites, /etc/apt/keyrings directory (ordered before the GPG key write), Docker APT key + repo, and docker-ce/cli/containerd.io/compose-plugin install. Daemon hardening and nftables.d integration remain deferred to Phase 2 (cluster + base firewall). Updates defaults, README, and molecule verify to assert docker --version. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
39 lines
1 KiB
YAML
39 lines
1 KiB
YAML
---
|
|
- name: Install prerequisites
|
|
ansible.builtin.apt:
|
|
name: [ca-certificates, curl, gnupg]
|
|
state: present
|
|
update_cache: true
|
|
tags: [packages]
|
|
|
|
- name: Ensure /etc/apt/keyrings exists
|
|
ansible.builtin.file:
|
|
path: /etc/apt/keyrings
|
|
state: directory
|
|
mode: "0755"
|
|
tags: [packages]
|
|
|
|
- name: Add Docker's APT GPG key
|
|
ansible.builtin.get_url:
|
|
url: https://download.docker.com/linux/debian/gpg
|
|
dest: /etc/apt/keyrings/docker.asc
|
|
mode: "0644"
|
|
tags: [packages]
|
|
|
|
- name: Add the Docker APT repository
|
|
ansible.builtin.apt_repository:
|
|
repo: >-
|
|
deb [arch={{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}
|
|
signed-by=/etc/apt/keyrings/docker.asc]
|
|
https://download.docker.com/linux/debian
|
|
{{ ansible_distribution_release }} stable
|
|
filename: docker
|
|
state: present
|
|
tags: [packages]
|
|
|
|
- name: Install Docker engine + compose plugin
|
|
ansible.builtin.apt:
|
|
name: "{{ docker_host__packages }}"
|
|
state: present
|
|
update_cache: true
|
|
tags: [packages]
|