playbooks/site.yml imports the docker_host role, but it didn't exist, so ansible-lint's syntax-check failed on a clean checkout — breaking CLAUDE.md's "main must always work" / "Never skip lint" (top open finding O1 from the 2026-06-11 review). Scaffold docker_host as a proper placeholder via the prescribed mechanism (make new-role): filled meta/main.yml + README, an honest no-task tasks/main.yml documenting planned scope (Docker engine + Compose, daemon hardening, nftables.d container rules per ADR-004/020), and the standard molecule scenario. This preserves site.yml's full-standard-state intent rather than dropping the play. Update STATUS.md (docker_host moves from "Not in git" to "scaffolded, no tasks") and the role/playbook READMEs to match. make lint: 0 failures, 0 warnings; check-tags OK. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
34 lines
1.2 KiB
Markdown
34 lines
1.2 KiB
Markdown
# docker_host
|
|
|
|
Docker engine + Compose runtime applied to every host in the `docker_hosts` group.
|
|
Provides the container platform that the per-service roles (one service = one role,
|
|
ADR-004) deploy their Compose stacks onto.
|
|
|
|
> **Status: scaffolded, not yet implemented.** This role has no tasks yet — applying it
|
|
> is a no-op. It is wired into `playbooks/site.yml` so the full standard state is
|
|
> expressed end-to-end, and so `make lint` covers it. See `STATUS.md`.
|
|
|
|
## Planned scope
|
|
|
|
- Install Docker engine + the Compose plugin, version-pinned (ADR-011).
|
|
- Daemon hardening: `iptables: false` (the host `base` firewall owns nftables, ADR-020),
|
|
log driver, `live-restore`, user-namespace remapping where practical (ADR-002).
|
|
- Render container forward/NAT rules into `/etc/nftables.d/*.nft` — the include hook the
|
|
`base` role's ruleset exposes (see `roles/base/README.md`).
|
|
- Provide the runtime the service roles deploy their Compose files onto.
|
|
|
|
## Variables
|
|
|
|
None yet. Placeholders will use the `docker_host__*` namespace (CLAUDE.md convention).
|
|
|
|
## Example
|
|
|
|
```yaml
|
|
- hosts: docker_hosts
|
|
become: true
|
|
roles:
|
|
- role: docker_host
|
|
tags: [docker_host]
|
|
```
|
|
|
|
See ADR-004 (`docs/decisions/004-docker-model.md`) for the Docker & Compose model.
|