initial commit, here be dragons

2021-04-04 18:45:11 +02:00
commit 58137668b7
39 changed files with 1237 additions and 0 deletions
--- a/roles/docker/files/docker-prune.service
+++ b/roles/docker/files/docker-prune.service
@ -0,0 +1,9 @@
+[Unit]
+Description=Docker Housekeeping
+
+[Service]
+Type=oneshot
+Nice=19
+IOSchedulingClass=2
+IOSchedulingPriority=7
+ExecStart=/usr/local/bin/docker-prune.sh
--- a/roles/docker/files/docker-prune.sh
+++ b/roles/docker/files/docker-prune.sh
@ -0,0 +1,10 @@
+#!/bin/sh
+
+# prune *all* images not currently used
+docker image prune -af
+# prune unused volumes (we keep all state host-mounts)
+docker volume prune -f
+# prune images, containers, networks etc. but keep potentially used one (no -a)
+docker system prune -f
+# update left-over images
+docker images | grep -v "^REPO" | grep -v "^<none>" | sed 's/ \+/:/g' | cut -d: -f1,2 | xargs -L1 docker pull
--- a/roles/docker/files/docker-prune.timer
+++ b/roles/docker/files/docker-prune.timer
@ -0,0 +1,2 @@
+[Timer]
+OnCalendar=Mon 12:04
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@ -0,0 +1,55 @@
+---
+
+- name: Add docker repository key
+  ansible.builtin.apt_key:
+    id: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
+    url: https://download.docker.com/linux/debian/gpg
+    state: present
+
+- name: Configure apt docker repository
+  ansible.builtin.apt_repository:
+    repo: deb https://download.docker.com/linux/ubuntu focal stable
+    state: present
+
+- name: Install docker tools and dependencies
+  ansible.builtin.apt:
+    name: "{{ packages }}"
+    state: present
+  vars:
+    packages:
+      - docker-ce
+      - docker-compose
+
+- name: Create service directory for docker services
+  ansible.builtin.file: { path: "/opt/service", state: directory, mode: '0755' }
+
+- name: Copy docker-prune script
+  copy: { src: docker-prune.sh, dest: /usr/local/bin, owner: root, group: root, mode: '0744' }
+
+- name: Copy docker-prune systemd service
+  ansible.builtin.copy:
+    src: docker-prune.service
+    dest: /etc/systemd/system/
+    owner: root
+    group: root
+    mode: '0644'
+    # Causes weird "Attempted to remove disk file system, and we can't allow that." issue.
+    # This might be broken due to https://bugs.launchpad.net/ubuntu-manpage-repository/+bug/1817627
+    #validate: systemd-analyze verify %s
+
+- name: Copy docker-prune systemd timer
+  ansible.builtin.copy:
+    src: docker-prune.timer
+    dest: /etc/systemd/system/
+    owner: root
+    group: root
+    mode: '0644'
+    # See previous task
+    #validate: systemd-analyze verify %s
+
+- name: Activate docker-prune timer
+  ansible.builtin.systemd:
+    name: docker-prune.timer
+    state: started
+    enabled: yes
+    daemon_reload: yes