init

ansible/roles/docker/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+-
+    name: restart containerd
+    service:
+        name: containerd
+        state: restarted
+-
+    name: restart docker
+    service:
+        name: docker
+        state: restarted

ansible/roles/docker/meta/main.yml

@@ -0,0 +1,2 @@
+---
+dependencies: []

ansible/roles/docker/tasks/configure-mirror.yml

@@ -0,0 +1,29 @@
+---
+-
+    name: Add registry mirror host entries
+    lineinfile:
+        path: /etc/hosts
+        regexp: "{{ item.mirror | urlsplit('hostname') | regex_escape }}"
+        line: "{{ registry_mirror_ip }} {{ item.mirror | urlsplit('hostname') }}"
+    loop: "{{ registry_mirrors }}"
+    when: registry_mirror_ip is defined
+
+-
+    name: Configure Docker Hub registry mirror
+    copy:
+        dest: /etc/docker/daemon.json
+        content: |
+            {
+              "registry-mirrors": [
+            {% for item in registry_mirrors if item.upstream == 'docker.io' %}
+                "{{ item.mirror }}"{% if not loop.last %},{% endif %}
+
+            {% endfor %}
+              ]
+            }
+        mode: "0644"
+    notify: restart docker
+
+-
+    name: Ensure Docker is restarted if mirror changed
+    meta: flush_handlers

ansible/roles/docker/tasks/deploy-backup.yml

@@ -0,0 +1,7 @@
+---
+-
+    name: "Deploy {{ backup_name }} docker volume backup script"
+    template:
+        src: backup-docker-volumes.sh.j2
+        dest: "{{ backup_hook_dir }}/{{ backup_name }}.sh"
+        mode: "0755"

ansible/roles/docker/tasks/install-docker.yml

@@ -0,0 +1,34 @@
+---
+-
+    name: Install Docker prerequisites
+    apt:
+        name: "{{ docker_prerequisites }}"
+        state: present
+        update_cache: yes
+
+-
+    name: Add Docker GPG key
+    apt_key:
+        url: "{{ docker_gpg_url }}"
+        state: present
+
+-
+    name: Add Docker repository
+    apt_repository:
+        repo: "{{ docker_repo }}"
+        state: present
+
+-
+    name: Install Docker Engine and Compose plugin
+    apt:
+        name: "{{ docker_packages }}"
+        state: present
+        update_cache: yes
+
+-
+    name: Ensure Docker service is running
+    service:
+        name: docker
+        state: started
+        enabled: yes
+

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+-
+    name: Load OS-specific variables
+    ansible.builtin.include_vars: "{{ ansible_os_family }}.yml"
+
+-
+    name: Install and configure Docker
+    ansible.builtin.include_tasks: install-docker.yml
+
+-
+    name: Configure registry mirrors
+    ansible.builtin.include_tasks: configure-mirror.yml
+    when: registry_mirrors is defined

ansible/roles/docker/tasks/start-compose.yml

@@ -0,0 +1,13 @@
+---
+-
+    name: "Create {{ compose_project_dir }} directory"
+    file:
+        path: "{{ compose_project_dir }}"
+        state: directory
+
+-
+    name: "Start docker compose stack in {{ compose_project_dir }}"
+    community.docker.docker_compose_v2:
+        project_src: "{{ compose_project_dir }}"
+        state: present
+        build: "{{ compose_build | default(omit) }}"

ansible/roles/docker/templates/backup-docker-volumes.sh.j2

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -euo pipefail
+BACKUP_DIR="{{ backup_staging_dir | default('/var/backups') }}/{{ backup_name }}"
+mkdir -p "$BACKUP_DIR"
+{% for vol in backup_volumes | default([]) %}
+docker run --rm -v {{ vol }}:/data:ro -v "$BACKUP_DIR":/backup alpine sh -c "tar czf /backup/{{ vol }}.tar.gz -C /data . || [ \$? -eq 1 ]"
+{% endfor %}
+{% for f in backup_files | default([]) %}
+cp "{{ f }}" "$BACKUP_DIR/"
+{% endfor %}

ansible/roles/docker/vars/Debian.yml

@@ -0,0 +1,15 @@
+---
+docker_prerequisites:
+    - apt-transport-https
+    - ca-certificates
+    - curl
+    - gnupg
+    - lsb-release
+docker_packages:
+    - docker-ce
+    - docker-ce-cli
+    - containerd.io
+    - docker-buildx-plugin
+    - docker-compose-plugin
+docker_repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_facts['distribution_release'] }} stable"
+docker_gpg_url: "https://download.docker.com/linux/debian/gpg"