-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathinstall-docker-rootless.yml
44 lines (40 loc) · 1.83 KB
/
install-docker-rootless.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
---
- name: Checkout and configure konstruktoid.docker_rootless
hosts: all
any_errors_fatal: true
tasks:
- name: Ensure role directory for konstruktoid.docker_rootless does not exist
ansible.builtin.file:
path: "{{ lookup('env', 'HOME') }}/.ansible/roles/konstruktoid.docker_rootless"
state: absent
delegate_to: localhost
run_once: true
- name: Create the empty directory
ansible.builtin.file:
path: "{{ lookup('env', 'HOME') }}/.ansible/roles/konstruktoid.docker_rootless"
state: directory
mode: '0755'
delegate_to: localhost
run_once: true
- name: Clone hardening repository
ansible.builtin.git:
repo: https://github.com/konstruktoid/ansible-role-docker-rootless.git
dest: "{{ lookup('env', 'HOME') }}/.ansible/roles/konstruktoid.docker_rootless"
version: 'v0.58.0'
delegate_to: localhost
run_once: true
- name: Include the hardening role
ansible.builtin.include_role:
name: konstruktoid.docker_rootless
vars:
# noqa: var-naming[no-role-prefix]
docker_allow_privileged_ports: "{{ DOCKER_ALLOW_PRIVILEGED_PORTS | default(false) }}"
docker_compose: "{{ DOCKER_COMPOSE | default(false) }}"
docker_compose_arch: "{{ DOCKER_COMPOSE_ARCH | default('x86_64') }}"
docker_rootful_enabled: "{{ DOCKER_ROOTFUL_ENABLED | default(false) }}"
docker_rootful: "{{ DOCKER_ROOTFUL | default(false) }}"
docker_rootful_opts: "{{ DOCKER_ROOTFUL_OPTS | default(false) }}"
docker_service_restart: "{{ DOCKER_SERVICE_RESTART | default(true) }}"
docker_unattended_upgrades: "{{ DOCKER_UNATTENDED_UPGRADES | default(true) }}"
docker_user_bashrc: "{{ DOCKER_USER_BASHRC | default(true) }}"
docker_user: "{{ DOCKER_USER | default('dockeruser') }}"