sinibaldi
/
SSE-Lab
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: sinibaldi:main
Branches Tags
sinibaldi:main
sinibaldi:nextcloud_aio
sinibaldi:ansible_init
sinibaldi:ftpd
sinibaldi:PKI
sinibaldi:simple_site
...
pull from: sinibaldi:nextcloud_aio
Branches Tags
sinibaldi:nextcloud_aio
sinibaldi:main
sinibaldi:ansible_init
sinibaldi:ftpd
sinibaldi:PKI
sinibaldi:simple_site

9 Commits
main ... nextcloud_

Author SHA1 Message Date
Fabio Sinibaldi 25396b7c0f Install pip and docker (specific version for nextcloud AIO) 2025-11-13 19:00:04 +01:00
Fabio Sinibaldi 104f799d58 Specify version of docker 2025-11-13 18:59:38 +01:00
Fabio Sinibaldi 9e1d07d17f imported geerlingguy.pip (galaxy) 2025-11-13 16:52:36 +01:00
Fabio Sinibaldi 92151e10bd imported geerlingguy.docker (galaxy) 2025-11-13 16:46:55 +01:00
Fabio Sinibaldi 7e3b65ca83 basic checks 2025-11-13 16:45:02 +01:00
Fabio Sinibaldi 97863633d0 added docker pwd 2025-11-13 16:44:24 +01:00
Fabio Sinibaldi b2029ad6ad commented unused variable 2025-11-13 16:44:14 +01:00
Fabio Sinibaldi 497389b081 Basic Checks 2025-11-13 16:42:00 +01:00
Fabio Sinibaldi c9cde03e58 Nextcloud AIO playbook and role 2025-11-11 17:32:52 +01:00
53 changed files with 1410 additions and 11 deletions
Show Stats Expand all files Collapse all files

2
ansible/inventories/group_vars/all/all.yml
View File

@ -1,3 +1,3 @@
ansible_user: ansible
ansible_password: "{{ ansible_crypted_password }}"
#ansible_password: "{{ ansible_crypted_password }}"
ansible_python_interpreter: /usr/bin/python3

14
ansible/inventories/group_vars/all/vault.yaml
View File

@ -1,7 +1,9 @@
$ANSIBLE_VAULT;1.1;AES256
37333066623836633836613066346434626134336537663236396639346235386362336637376534
3833636230313835326663306236333837343337393530390a636464393562346662613838343738
39356439343862633937313539323661303866316164343830363431626435396636386366376263
6536393735363663650a383461666230633838303436643837636562343366313235393264666462
38643366653861666364363538333230656539663134646566666664626463343433613166393337
3432333863646664336262353262333635323436326430376465
36323030396532326432653332633031386532393564653565623231343037376432626337353666
3136663234656635613337653036356366363431346263630a313034633838663263663662653639
64333761373334633465363632646366656430626362623630343830383735663830303462623630
6465323036343965640a393536313637623930613431643962613237363733653163613366643837
64616462626165396632353365666334363035393864386534363831643631646530663739323538
61646635343264393737336666653330383863623362663166306632653939376463653362363431
33366334306330643266303730653863633363303964316361626665363262343833323063343932
31313938626338326431

6
ansible/playbooks/bootstrap.yml
View File

@ -18,7 +18,7 @@
password: "{{ ansible_crypted_password | password_hash('sha512') }}"
shell: /bin/bash
# Uncomment to prevent password reset
# update_password: on_create
update_password: on_create
system: yes
home: /srv/ansible
state: present
@ -31,6 +31,10 @@
group: root
mode: 0440
# Inserts public keys of allowed externals users to log in as ansible
# e.g. fabio
- name: Create the .ssh directory
file: path=/srv/ansible/.ssh owner=ansible group=ansible mode=0700 state=directory

17
ansible/playbooks/nextcloud.yaml Normal file
View File

@ -0,0 +1,17 @@
---
- name: Install Nextcloud AIO Docker
hosts: all
become: true
vars:
pip_install_packages:
- name: docker
docker_version: "=5:28.2.2-1~ubuntu.24.04~noble"
docker_users:
- fabio
- ansible
roles:
- geerlingguy.pip
- geerlingguy.docker
# - nextcloud_aio

23
ansible/playbooks/roles/common/tasks/basic_checks.yaml Normal file
View File

@ -0,0 +1,23 @@
---
## Register output of whoami
- name: Who am I
ansible.builtin.command: whoami
register: _my_whoiam_var
## Displays variable as to stdout
- name: Debug
ansible.builtin.debug:
var: _my_whoiam_var.stdout
## Check if can write on tmp
- name: Check write operation
ansible.builtin.copy:
content: "Hello world"
dest: /tmp/{{ _my_whoiam_var.stdout}}.hello-world.txt
## Cleans up
- name: Clean up
ansible.builtin.file:
path: /tmp/{{ _my_whoiam_var.stdout}}.hello-world.txt
state: absent

1
ansible/playbooks/roles/common/tasks/main.yml
View File

@ -1,2 +1,3 @@
---
- import_tasks: basic_checks.yaml
- import_tasks: connectivity.yml

4
ansible/playbooks/roles/geerlingguy.docker/.ansible-lint Normal file
View File

@ -0,0 +1,4 @@
skip_list:
- 'yaml'
- 'risky-shell-pipe'
- 'role-name'

4
ansible/playbooks/roles/geerlingguy.docker/.github/FUNDING.yml vendored Normal file
View File

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

71
ansible/playbooks/roles/geerlingguy.docker/.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,71 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 7 * * 0"
defaults:
run:
working-directory: 'geerlingguy.docker'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint
- name: Lint code.
run: |
yamllint .
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- rockylinux9
- ubuntu2404
- ubuntu2204
- debian12
- debian11
- fedora40
- opensuseleap15
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule molecule-plugins[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

40
ansible/playbooks/roles/geerlingguy.docker/.github/workflows/release.yml vendored Normal file
View File

@ -0,0 +1,40 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.docker'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.docker'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-core
- name: Trigger a new import on Galaxy.
run: >-
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

34
ansible/playbooks/roles/geerlingguy.docker/.github/workflows/stale.yml vendored Normal file
View File

@ -0,0 +1,34 @@
---
name: Close inactive issues
'on':
schedule:
- cron: "55 6 * * 1" # semi-random time
jobs:
close-issues:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v8
with:
days-before-stale: 120
days-before-close: 60
exempt-issue-labels: bug,pinned,security,planned
exempt-pr-labels: bug,pinned,security,planned
stale-issue-label: "stale"
stale-pr-label: "stale"
stale-issue-message: |
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
close-issue-message: |
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
stale-pr-message: |
This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
close-pr-message: |
This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
repo-token: ${{ secrets.GITHUB_TOKEN }}

5
ansible/playbooks/roles/geerlingguy.docker/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
*.retry
*/__pycache__
*.pyc
.cache

10
ansible/playbooks/roles/geerlingguy.docker/.yamllint Normal file
View File

@ -0,0 +1,10 @@
---
extends: default
rules:
line-length:
max: 200
level: warning
ignore: |
.github/workflows/stale.yml

20
ansible/playbooks/roles/geerlingguy.docker/LICENSE Normal file
View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

173
ansible/playbooks/roles/geerlingguy.docker/README.md Normal file
View File

@ -0,0 +1,173 @@
# Ansible Role: Docker
[![CI](https://github.com/geerlingguy/ansible-role-docker/actions/workflows/ci.yml/badge.svg)](https://github.com/geerlingguy/ansible-role-docker/actions/workflows/ci.yml)
An Ansible Role that installs [Docker](https://www.docker.com) on Linux.
## Requirements
None.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
```yaml
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_packages:
- "docker-{{ docker_edition }}"
- "docker-{{ docker_edition }}-cli"
- "docker-{{ docker_edition }}-rootless-extras"
docker_packages_state: present
```
The `docker_edition` should be either `ce` (Community Edition) or `ee` (Enterprise Edition).
You can also specify a specific version of Docker to install using the distribution-specific format:
Red Hat/CentOS: `docker-{{ docker_edition }}-<VERSION>` (Note: you have to add this to all packages);
Debian/Ubuntu: `docker-{{ docker_edition }}=<VERSION>` (Note: you have to add this to all packages).
You can control whether the package is installed, uninstalled, or at the latest version by setting `docker_packages_state` to `present`, `absent`, or `latest`, respectively. Note that the Docker daemon will be automatically restarted if the Docker package is updated. This is a side effect of flushing all handlers (running any of the handlers that have been notified by this and any other role up to this point in the play).
```yaml
docker_obsolete_packages:
- docker
- docker.io
- docker-engine
- docker-doc
- docker-compose
- docker-compose-v2
- podman-docker
- containerd
- runc
```
`docker_obsolete_packages` for different os-family:
- [`RedHat.yaml`](./vars/RedHat.yml)
- [`Debian.yaml`](./vars/Debian.yml)
- [`Suse.yaml`](./vars/Suse.yml)
A list of packages to be uninstalled prior to running this role. See [Docker's installation instructions](https://docs.docker.com/engine/install/debian/#uninstall-old-versions) for an up-to-date list of old packages that should be removed.
```yaml
docker_service_manage: true
docker_service_state: started
docker_service_enabled: true
docker_service_start_command: ""
docker_restart_handler_state: restarted
```
Variables to control the state of the `docker` service, and whether it should start on boot. If you're installing Docker inside a Docker container without systemd or sysvinit, you should set `docker_service_manage` to `false`.
```yaml
docker_install_compose_plugin: true
docker_compose_package: docker-compose-plugin
docker_compose_package_state: present
```
Docker Compose Plugin installation options. These differ from the below in that docker-compose is installed as a docker plugin (and used with `docker compose`) instead of a standalone binary.
```yaml
docker_install_compose: false
docker_compose_version: "v2.32.1"
docker_compose_arch: "{{ ansible_facts.architecture }}"
docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
docker_compose_path: /usr/local/bin/docker-compose
```
Docker Compose installation options.
```yaml
docker_add_repo: true
```
Controls whether this role will add the official Docker repository. Set to `false` if you want to use the default docker packages for your system or manage the package repository on your own.
```yaml
docker_repo_url: https://download.docker.com/linux
```
The main Docker repo URL, common between Debian and RHEL systems.
```yaml
docker_apt_release_channel: stable
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ ansible_facts.distribution | lower }}/gpg"
docker_apt_filename: "docker"
```
(Used only for Debian/Ubuntu.) You can switch the channel to `nightly` if you want to use the Nightly release.
You can change `docker_apt_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
`docker_apt_filename` controls the name of the source list file created in `sources.list.d`. If you are upgrading from an older (<7.0.0) version of this role, you should change this to the name of the existing file (e.g. `download_docker_com_linux_debian` on Debian) to avoid conflicting lists.
```yaml
docker_yum_repo_url: "{{ docker_repo_url }}/{{ 'fedora' if ansible_facts.distribution == 'Fedora' else 'rhel' if ansible_facts.distribution == 'RedHat' else 'centos' }}/docker-{{ docker_edition }}.repo"
docker_yum_repo_enable_nightly: '0'
docker_yum_repo_enable_test: '0'
docker_yum_gpg_key: "{{ docker_repo_url }}/{{ 'fedora' if ansible_facts.distribution == 'Fedora' else 'rhel' if ansible_facts.distribution == 'RedHat' else 'centos' }}/gpg"
```
(Used only for RedHat/CentOS.) You can enable the Nightly or Test repo by setting the respective vars to `1`.
You can change `docker_yum_gpg_key` to a different url if you are behind a firewall or provide a trustworthy mirror.
Usually in combination with changing `docker_yum_repository` as well.
```yaml
docker_users:
- user1
- user2
```
A list of system users to be added to the `docker` group (so they can use Docker on the server).
```yaml
docker_daemon_options:
storage-driver: "overlay2"
log-opts:
max-size: "100m"
```
Custom `dockerd` options can be configured through this dictionary representing the json file `/etc/docker/daemon.json`.
## Use with Ansible (and `docker` Python library)
Many users of this role wish to also use Ansible to then _build_ Docker images and manage Docker containers on the server where Docker is installed. In this case, you can easily add in the `docker` Python library using the `geerlingguy.pip` role:
```yaml
- hosts: all
vars:
pip_install_packages:
- name: docker
roles:
- geerlingguy.pip
- geerlingguy.docker
```
## Dependencies
None.
## Example Playbook
```yaml
- hosts: all
roles:
- geerlingguy.docker
```
## License
MIT / BSD
## Sponsors
* [We Manage](https://we-manage.de): Helping start-ups and grown-ups scaling their infrastructure in a sustainable way.
The above sponsor(s) are supporting Jeff Geerling on [GitHub Sponsors](https://github.com/sponsors/geerlingguy). You can sponsor Jeff's work too, to help him continue improving these Ansible open source projects!
## Author Information
This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

66
ansible/playbooks/roles/geerlingguy.docker/defaults/main.yml Normal file
View File

@ -0,0 +1,66 @@
---
# Edition can be one of: 'ce' (Community Edition) or 'ee' (Enterprise Edition).
docker_edition: 'ce'
docker_version: ''
docker_packages:
- "docker-{{ docker_edition }}{{ docker_version }}"
- "docker-{{ docker_edition }}-cli{{ docker_version }}"
- "docker-{{ docker_edition }}-rootless-extras{{ docker_version }}"
- "containerd.io"
- docker-buildx-plugin
docker_packages_state: present
docker_obsolete_packages:
- docker
- docker.io
- docker-engine
- docker-doc
- docker-compose
- docker-compose-v2
- podman-docker
- containerd
- runc
# Service options.
docker_service_manage: true
docker_service_state: started
docker_service_enabled: true
docker_service_start_command: ""
docker_restart_handler_state: restarted
# Docker Compose Plugin options.
docker_install_compose_plugin: true
docker_compose_package: docker-compose-plugin
docker_compose_package_state: present
# Docker Compose options.
docker_install_compose: false
docker_compose_version: "v2.32.1"
docker_compose_arch: "{{ ansible_facts.architecture }}"
docker_compose_url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-linux-{{ docker_compose_arch }}"
docker_compose_path: /usr/local/bin/docker-compose
# Enable repo setup
docker_add_repo: true
# Docker repo URL.
docker_repo_url: https://download.docker.com/linux
# Used only for Debian/Ubuntu/Pop!_OS/Linux Mint. Switch 'stable' to 'nightly' if needed.
docker_apt_release_channel: stable
# docker_apt_ansible_distribution is a workaround for Ubuntu variants which can't be identified as such by Ansible,
# and is only necessary until Docker officially supports them.
docker_apt_ansible_distribution: "{{ 'ubuntu' if ansible_facts.distribution in ['Pop!_OS', 'Linux Mint'] else ansible_facts.distribution }}"
docker_apt_gpg_key: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}/gpg"
docker_apt_filename: "docker"
# Used only for RedHat/CentOS/Fedora.
docker_yum_repo_url: "{{ docker_repo_url }}/{{ 'fedora' if ansible_facts.distribution == 'Fedora' else 'rhel' if ansible_facts.distribution == 'RedHat' else 'centos' }}/docker-{{ docker_edition }}.repo"
docker_yum_repo_enable_nightly: '0'
docker_yum_repo_enable_test: '0'
docker_yum_gpg_key: "{{ docker_repo_url }}/{{ 'fedora' if ansible_facts.distribution == 'Fedora' else 'rhel' if ansible_facts.distribution == 'RedHat' else 'centos' }}/gpg"
# A list of users who will be added to the docker group.
docker_users: []
# Docker daemon options as a dict
docker_daemon_options: {}

11
ansible/playbooks/roles/geerlingguy.docker/handlers/main.yml Normal file
View File

@ -0,0 +1,11 @@
---
- name: restart docker
ansible.builtin.service:
name: docker
state: "{{ docker_restart_handler_state }}"
ignore_errors: "{{ ansible_check_mode }}"
when: docker_service_manage | bool
- name: apt update
ansible.builtin.apt:
update_cache: true

2
ansible/playbooks/roles/geerlingguy.docker/meta/.galaxy_install_info Normal file
View File

@ -0,0 +1,2 @@
install_date: Thu Nov 13 15:43:34 2025
version: 7.8.0

46
ansible/playbooks/roles/geerlingguy.docker/meta/main.yml Normal file
View File

@ -0,0 +1,46 @@
---
dependencies: []
galaxy_info:
role_name: docker
author: geerlingguy
description: Docker for Linux.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 2.15.1
platforms:
- name: Fedora
versions:
- all
- name: Debian
versions:
- buster
- bullseye
- bookworm
- trixie
- name: Ubuntu
versions:
- bionic
- focal
- jammy
- noble
- name: Alpine
version:
- all
- name: ArchLinux
versions:
- all
- name: SLES
versions:
- all
- name: openSUSE
versions:
- all
galaxy_tags:
- web
- system
- containers
- docker
- orchestration
- compose
- server

24
ansible/playbooks/roles/geerlingguy.docker/molecule/default/converge.yml Normal file
View File

@ -0,0 +1,24 @@
---
- name: Converge
hosts: all
# become: true
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_facts.os_family == 'Debian'
- name: Wait for systemd to complete initialization. # noqa 303
command: systemctl is-system-running
register: systemctl_status
until: >
'running' in systemctl_status.stdout or
'degraded' in systemctl_status.stdout
retries: 30
delay: 5
when: ansible_facts.service_mgr == 'systemd'
changed_when: false
failed_when: systemctl_status.rc > 1
roles:
- role: geerlingguy.docker

21
ansible/playbooks/roles/geerlingguy.docker/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,21 @@
---
role_name_check: 1
dependency:
name: galaxy
options:
ignore-errors: true
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

51
ansible/playbooks/roles/geerlingguy.docker/molecule/default/verify.yml Normal file
View File

@ -0,0 +1,51 @@
---
- name: Verify Docker Role
hosts: all
tasks:
- name: Verify Docker binary is available
command: docker version
register: docker_version_result
changed_when: false
failed_when: docker_version_result.rc != 0
- name: Show Docker version details
debug:
msg: >
Docker Version Output:
{{ docker_version_result.stdout_lines | join('\n') }}
- name: Verify Docker service is running
command: systemctl is-active docker
register: docker_service_status
when: ansible_facts.service_mgr == 'systemd'
changed_when: false
failed_when: docker_service_status.stdout.strip() != "active"
- name: Display Docker service status
debug:
msg: "Docker service is {{ docker_service_status.stdout.strip() }}"
when: ansible_facts.service_mgr == 'systemd'
- name: Pull the 'hello-world' image
command: docker pull hello-world
register: docker_pull_result
changed_when: true
failed_when: docker_pull_result.rc != 0
- name: Show result of pulling the 'hello-world' image
debug:
msg: >
Pulling 'hello-world' completed with output:
{{ docker_pull_result.stdout_lines | join('\n') }}
- name: Run a test container (hello-world)
command: docker run --rm hello-world
register: docker_run_result
changed_when: true
failed_when: docker_run_result.rc != 0
- name: Display test container output
debug:
msg: >
Running 'hello-world' container completed with output:
{{ docker_run_result.stdout_lines | join('\n') }}

31
ansible/playbooks/roles/geerlingguy.docker/tasks/docker-compose.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: Check current docker-compose version.
command: "{{ docker_compose_path }} --version"
register: docker_compose_vsn
check_mode: false
changed_when: false
failed_when: false
- set_fact:
docker_compose_current_version: "{{ docker_compose_vsn.stdout | regex_search('(\\d+(\\.\\d+)+)') }}"
when: >
docker_compose_vsn.stdout is defined
and (docker_compose_vsn.stdout | length > 0)
- name: Delete existing docker-compose version if it's different.
file:
path: "{{ docker_compose_path }}"
state: absent
when: >
docker_compose_current_version is defined
and (docker_compose_version | regex_replace('v', '')) not in docker_compose_current_version
- name: Install Docker Compose (if configured).
get_url:
url: "{{ docker_compose_url }}"
dest: "{{ docker_compose_path }}"
mode: 0755
when: >
(docker_compose_current_version is not defined)
or (docker_compose_current_version | length == 0)
or (docker_compose_current_version is version((docker_compose_version | regex_replace('v', '')), '<'))

10
ansible/playbooks/roles/geerlingguy.docker/tasks/docker-users.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Ensure docker users are added to the docker group.
user:
name: "{{ item }}"
groups: docker
append: true
with_items: "{{ docker_users }}"
- name: Reset ssh connection to apply user changes.
meta: reset_connection

122
ansible/playbooks/roles/geerlingguy.docker/tasks/main.yml Normal file
View File

@ -0,0 +1,122 @@
---
- name: Load OS-specific vars.
include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- '{{ansible_facts.distribution}}.yml'
- '{{ansible_facts.os_family}}.yml'
- main.yml
paths:
- 'vars'
- include_tasks: setup-RedHat.yml
when: ansible_facts.os_family == 'RedHat'
- include_tasks: setup-Suse.yml
when: ansible_facts.os_family == 'Suse'
- include_tasks: setup-Debian.yml
when: ansible_facts.os_family == 'Debian'
- name: Install Docker packages.
package:
name: "{{ docker_packages }}"
state: "{{ docker_packages_state }}"
notify: restart docker
ignore_errors: "{{ ansible_check_mode }}"
when: "ansible_version.full is version_compare('2.12', '<') or ansible_facts.os_family not in ['RedHat', 'Debian']"
- name: Install Docker packages (with downgrade option).
package:
name: "{{ docker_packages }}"
state: "{{ docker_packages_state }}"
allow_downgrade: true
notify: restart docker
ignore_errors: "{{ ansible_check_mode }}"
when: "ansible_version.full is version_compare('2.12', '>=') and ansible_facts.os_family in ['RedHat', 'Debian']"
- name: Install docker-compose plugin.
package:
name: "{{ docker_compose_package }}"
state: "{{ docker_compose_package_state }}"
notify: restart docker
ignore_errors: "{{ ansible_check_mode }}"
when: "docker_install_compose_plugin | bool == true and (ansible_version.full is version_compare('2.12', '<') or ansible_facts.os_family not in ['RedHat', 'Debian', 'Suse'])"
- name: Install docker-compose-plugin (with downgrade option).
package:
name: "{{ docker_compose_package }}"
state: "{{ docker_compose_package_state }}"
allow_downgrade: true
notify: restart docker
ignore_errors: "{{ ansible_check_mode }}"
when: "docker_install_compose_plugin | bool == true and ansible_version.full is version_compare('2.12', '>=') and ansible_facts.os_family in ['RedHat', 'Debian']"
- name: Ensure /etc/docker/ directory exists.
file:
path: /etc/docker
state: directory
mode: 0755
when: docker_daemon_options.keys() | length > 0
- name: Configure Docker daemon options.
copy:
content: "{{ docker_daemon_options | to_nice_json }}"
dest: /etc/docker/daemon.json
mode: 0644
when: docker_daemon_options.keys() | length > 0
notify: restart docker
- name: Replace Docker service ExecStart command if configured.
when: docker_service_start_command != ""
notify: restart docker
block:
- name: Get Docker service status
ansible.builtin.systemd_service:
name: docker
register: docker_service_status
- name: Patch docker.service
ansible.builtin.replace:
path: "{{ docker_service_status.status['FragmentPath'] }}"
regexp: "^ExecStart=.*$"
replace: "ExecStart={{ docker_service_start_command }}"
register: docker_service_patch
- name: Reload systemd services
service:
daemon_reload: true
when: docker_service_patch is changed
- name: Ensure Docker is started and enabled at boot.
service:
name: docker
state: "{{ docker_service_state }}"
enabled: "{{ docker_service_enabled }}"
ignore_errors: "{{ ansible_check_mode }}"
when: docker_service_manage | bool
- name: Ensure handlers are notified now to avoid firewall conflicts.
meta: flush_handlers
- include_tasks: docker-compose.yml
when: docker_install_compose | bool
- name: Get docker group info using getent.
getent:
database: group
key: docker
split: ':'
when: docker_users | length > 0
- name: Check if there are any users to add to the docker group.
set_fact:
at_least_one_user_to_modify: true
when:
- docker_users | length > 0
- item not in ansible_facts.getent_group["docker"][2]
with_items: "{{ docker_users }}"
- include_tasks: docker-users.yml
when: at_least_one_user_to_modify is defined

42
ansible/playbooks/roles/geerlingguy.docker/tasks/setup-Debian.yml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Ensure apt key is not present in trusted.gpg.d
ansible.builtin.file:
path: /etc/apt/trusted.gpg.d/docker.asc
state: absent
- name: Ensure old apt source list is not present in /etc/apt/sources.list.d
ansible.builtin.file:
path: "/etc/apt/sources.list.d/download_docker_com_linux_{{ docker_apt_ansible_distribution | lower }}.list"
state: absent
# See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
- name: Ensure old versions of Docker are not installed.
ansible.builtin.package:
name: "{{ docker_obsolete_packages }}"
state: absent
- name: Ensure legacy repo file is not present.
ansible.builtin.file:
path: "/etc/apt/sources.list.d/docker.list"
state: absent
- name: Ensure dependencies are installed.
ansible.builtin.apt:
name:
- ca-certificates
- python3-debian
state: present
- name: Add or remove Docker repository.
ansible.builtin.deb822_repository:
name: "{{ docker_apt_filename }}"
types: deb
uris: "{{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }}"
suites: "{{ ansible_facts.distribution_release }}"
components: "{{ docker_apt_release_channel }}"
signed_by: "{{ docker_apt_gpg_key }}"
state: "{{ 'present' if docker_add_repo | bool else 'absent' }}"
notify: apt update
- name: Ensure handlers are notified immediately to update the apt cache.
ansible.builtin.meta: flush_handlers

58
ansible/playbooks/roles/geerlingguy.docker/tasks/setup-RedHat.yml Normal file
View File

@ -0,0 +1,58 @@
---
- name: Ensure old versions of Docker are not installed.
package:
name: "{{ docker_obsolete_packages }}"
state: absent
- name: Add Docker GPG key.
rpm_key:
key: "{{ docker_yum_gpg_key }}"
state: present
when: docker_add_repo | bool
- name: Add Docker repository.
get_url:
url: "{{ docker_yum_repo_url }}"
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
owner: root
group: root
mode: 0644
when: docker_add_repo | bool
- name: Configure Docker Nightly repo.
ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-nightly'
option: enabled
value: '{{ docker_yum_repo_enable_nightly }}'
mode: 0644
no_extra_spaces: true
when: docker_add_repo | bool
- name: Configure Docker Test repo.
ini_file:
dest: '/etc/yum.repos.d/docker-{{ docker_edition }}.repo'
section: 'docker-{{ docker_edition }}-test'
option: enabled
value: '{{ docker_yum_repo_enable_test }}'
mode: 0644
no_extra_spaces: true
when: docker_add_repo | bool
- name: Configure containerd on RHEL 8.
block:
- name: Ensure runc is not installed.
package:
name: runc
state: absent
- name: Ensure container-selinux is installed.
package:
name: container-selinux
state: present
- name: Ensure containerd.io is installed.
package:
name: containerd.io
state: present
when: ansible_facts.distribution_major_version | int == 8

39
ansible/playbooks/roles/geerlingguy.docker/tasks/setup-Suse.yml Normal file
View File

@ -0,0 +1,39 @@
---
# Remove old or conflicting Docker packages
- name: Ensure old versions of Docker are not installed
package:
name: "{{ docker_obsolete_packages }}"
state: absent
check_mode: no
changed_when: false
# Add Docker repository (openSUSE / SLES)
- name: Add Docker repository
zypper_repository:
name: "docker-ce"
repo: "{{ docker_zypper_repo_url }}"
state: present
auto_import_keys: yes
when: docker_add_repo | bool
# Refresh zypper repositories only if the repo was added
- name: Refresh zypper repositories
command: zypper --non-interactive refresh
when: docker_add_repo | bool
register: zypper_refresh
changed_when: false # idempotent for Molecule
# Install Docker packages
- name: Ensure Docker packages are installed
ansible.legacy.zypper:
name: "{{ docker_packages }}"
state: present
changed_when: false # idempotent for Molecule
# Ensure Docker is started and enabled at boot
- name: Ensure Docker is started and enabled at boot
systemd:
name: docker
state: started
enabled: true
changed_when: false # idempotent for Molecule

3
ansible/playbooks/roles/geerlingguy.docker/vars/Alpine.yml Executable file
View File

@ -0,0 +1,3 @@
---
docker_packages: "docker"
docker_compose_package: docker-cli-compose

3
ansible/playbooks/roles/geerlingguy.docker/vars/Archlinux.yml Normal file
View File

@ -0,0 +1,3 @@
---
docker_packages: "docker"
docker_compose_package: docker-compose

14
ansible/playbooks/roles/geerlingguy.docker/vars/Debian.yml Normal file
View File

@ -0,0 +1,14 @@
---
# Used only for Debian/Ubuntu (Debian OS-Family)
# https://docs.docker.com/engine/install/debian/#uninstall-old-versions
docker_obsolete_packages:
- docker
- docker.io
- docker-engine
- docker-doc
- docker-compose
- docker-compose-v2
- podman-docker
- containerd
- runc

14
ansible/playbooks/roles/geerlingguy.docker/vars/RedHat.yml Normal file
View File

@ -0,0 +1,14 @@
---
# Used only for Fedora/Rocky (RedHat OS-Family)
# https://docs.docker.com/engine/install/fedora/#uninstall-old-versions
# https://docs.docker.com/engine/install/centos/#uninstall-old-versions
docker_obsolete_packages:
- docker
- docker-client
- docker-client-latest
- docker-common
- docker-latest
- docker-latest-logrotate
- docker-logrotate
- docker-engine

41
ansible/playbooks/roles/geerlingguy.docker/vars/Suse.yml Normal file
View File

@ -0,0 +1,41 @@
---
# Used only for openSUSE / SLES (SUSE OS-Family)
# https://en.opensuse.org/Docker
# https://docs.docker.com/engine/install/binaries/
# Packages to remove if present (old or conflicting Docker packages)
docker_obsolete_packages:
- docker-engine
- docker.io
- docker-ce
- docker-ce-cli
- docker-buildx-plugin
- docker-ce-rootless-extras
- containerd.io
- runc
# Packages to install on openSUSE / SLES
# Use 'runc' from repo, not 'docker-runc' (avoids conflicts on Leap 15.6)
docker_packages:
- docker
- containerd
- runc
# Map SUSE releases to Docker repository paths
docker_suse_release: >-
{% if ansible_distribution_version is match('15\\.6') %}
openSUSE_Leap_15.6
{% elif ansible_distribution_version is match('15\\.5') %}
openSUSE_Leap_15.5
{% elif ansible_distribution_version is match('15\\.4') %}
openSUSE_Leap_15.4
{% else %}
openSUSE_Tumbleweed
{% endif %}
# Official Docker repo URL for openSUSE Leap
docker_zypper_repo_url: >-
https://download.opensuse.org/repositories/Virtualization:/containers/{{ docker_suse_release | trim }}/
# Control whether to add the Docker repository
docker_add_repo: true

2
ansible/playbooks/roles/geerlingguy.docker/vars/main.yml Executable file
View File

@ -0,0 +1,2 @@
---
# Empty file

3
ansible/playbooks/roles/geerlingguy.pip/.ansible-lint Normal file
View File

@ -0,0 +1,3 @@
skip_list:
- 'yaml'
- 'role-name'

4
ansible/playbooks/roles/geerlingguy.pip/.github/FUNDING.yml vendored Normal file
View File

@ -0,0 +1,4 @@
# These are supported funding model platforms
---
github: geerlingguy
patreon: geerlingguy

70
ansible/playbooks/roles/geerlingguy.pip/.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,70 @@
---
name: CI
'on':
pull_request:
push:
branches:
- master
schedule:
- cron: "0 4 * * 5"
defaults:
run:
working-directory: 'geerlingguy.pip'
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v3
with:
path: 'geerlingguy.pip'
- name: Set up Python 3.
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint
- name: Lint code.
run: |
yamllint .
molecule:
name: Molecule
runs-on: ubuntu-latest
strategy:
matrix:
distro:
- rockylinux9
- fedora39
- ubuntu2204
- ubuntu2004
- debian12
- debian11
steps:
- name: Check out the codebase.
uses: actions/checkout@v3
with:
path: 'geerlingguy.pip'
- name: Set up Python 3.
uses: actions/setup-python@v4
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install ansible molecule molecule-plugins[docker] docker
- name: Run Molecule tests.
run: molecule test
env:
PY_COLORS: '1'
ANSIBLE_FORCE_COLOR: '1'
MOLECULE_DISTRO: ${{ matrix.distro }}

40
ansible/playbooks/roles/geerlingguy.pip/.github/workflows/release.yml vendored Normal file
View File

@ -0,0 +1,40 @@
---
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
# repository or organization.
#
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
# See: https://github.com/ansible/galaxy/issues/46
name: Release
'on':
push:
tags:
- '*'
defaults:
run:
working-directory: 'geerlingguy.pip'
jobs:
release:
name: Release
runs-on: ubuntu-latest
steps:
- name: Check out the codebase.
uses: actions/checkout@v4
with:
path: 'geerlingguy.pip'
- name: Set up Python 3.
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Install Ansible.
run: pip3 install ansible-core
- name: Trigger a new import on Galaxy.
run: >-
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)

34
ansible/playbooks/roles/geerlingguy.pip/.github/workflows/stale.yml vendored Normal file
View File

@ -0,0 +1,34 @@
---
name: Close inactive issues
'on':
schedule:
- cron: "55 21 * * 5" # semi-random time
jobs:
close-issues:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v8
with:
days-before-stale: 120
days-before-close: 60
exempt-issue-labels: bug,pinned,security,planned
exempt-pr-labels: bug,pinned,security,planned
stale-issue-label: "stale"
stale-pr-label: "stale"
stale-issue-message: |
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
close-issue-message: |
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
stale-pr-message: |
This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
close-pr-message: |
This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
repo-token: ${{ secrets.GITHUB_TOKEN }}

5
ansible/playbooks/roles/geerlingguy.pip/.gitignore vendored Normal file
View File

@ -0,0 +1,5 @@
*.retry
*/__pycache__
*.pyc
.cache

10
ansible/playbooks/roles/geerlingguy.pip/.yamllint Normal file
View File

@ -0,0 +1,10 @@
---
extends: default
rules:
line-length:
max: 120
level: warning
ignore: |
.github/workflows/stale.yml

20
ansible/playbooks/roles/geerlingguy.pip/LICENSE Normal file
View File

@ -0,0 +1,20 @@
The MIT License (MIT)
Copyright (c) 2017 Jeff Geerling
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
the Software, and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

80
ansible/playbooks/roles/geerlingguy.pip/README.md Normal file
View File

@ -0,0 +1,80 @@
# Ansible Role: Pip (for Python)
[![CI](https://github.com/geerlingguy/ansible-role-pip/actions/workflows/ci.yml/badge.svg)](https://github.com/geerlingguy/ansible-role-pip/actions/workflows/ci.yml)
An Ansible Role that installs [Pip](https://pip.pypa.io) on Linux.
## Requirements
On RedHat/CentOS, you may need to have EPEL installed before running this role. You can use the `geerlingguy.repo-epel` role if you need a simple way to ensure it's installed.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
pip_package: python3-pip
The name of the package to install to get `pip` on the system. For older systems that don't have Python 3 available, you can set this to `python-pip`.
pip_executable: pip3
The role will try to autodetect the pip executable based on the `pip_package` (e.g. `pip` for Python 2 and `pip3` for Python 3). You can also override this explicitly, e.g. `pip_executable: pip3.6`.
pip_install_packages: []
A list of packages to install with pip. Examples below:
pip_install_packages:
# Specify names and versions.
- name: docker
version: "1.2.3"
- name: awscli
version: "1.11.91"
# Or specify bare packages to get the latest release.
- docker
- awscli
# Or uninstall a package.
- name: docker
state: absent
# Or update a package to the latest version.
- name: docker
state: latest
# Or force a reinstall.
- name: docker
state: forcereinstall
# Or install a package in a particular virtualenv.
- name: docker
virtualenv: /my_app/venv
# Or pass through any extra arguments.
- name: my_special_package_from_my_special_repo
extra_args: --extra-index-url https://my-domain/pypi/pypi-master/simple
## Dependencies
None.
## Example Playbook
- hosts: all
vars:
pip_install_packages:
- name: docker
- name: awscli
roles:
- geerlingguy.pip
## License
MIT / BSD
## Author Information
This role was created in 2017 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/).

6
ansible/playbooks/roles/geerlingguy.pip/defaults/main.yml Normal file
View File

@ -0,0 +1,6 @@
---
# For Python 3, use python3-pip.
pip_package: python3-pip
pip_executable: "{{ 'pip3' if pip_package.startswith('python3') else 'pip' }}"
pip_install_packages: []

2
ansible/playbooks/roles/geerlingguy.pip/meta/.galaxy_install_info Normal file
View File

@ -0,0 +1,2 @@
install_date: Thu Nov 13 15:51:53 2025
version: 3.1.1

28
ansible/playbooks/roles/geerlingguy.pip/meta/main.yml Normal file
View File

@ -0,0 +1,28 @@
---
dependencies: []
galaxy_info:
role_name: pip
author: geerlingguy
description: Pip (Python package manager) for Linux.
issue_tracker_url: https://github.com/geerlingguy/ansible-role-pip/issues
company: "Midwestern Mac, LLC"
license: "MIT"
min_ansible_version: 2.10
platforms:
- name: Fedora
versions:
- all
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- all
galaxy_tags:
- system
- server
- packaging
- python
- pip
- tools

28
ansible/playbooks/roles/geerlingguy.pip/molecule/default/converge.yml Normal file
View File

@ -0,0 +1,28 @@
---
- name: Converge
hosts: all
#become: true
vars:
pip_install_packages:
# Test installing a specific version of a package.
- name: ipaddress
version: "1.0.18"
# Test installing a package by name.
- colorama
pre_tasks:
- name: Update apt cache.
apt: update_cache=true cache_valid_time=600
when: ansible_facts.os_family == 'Debian'
- name: Set package name for older OSes.
set_fact:
pip_package: python-pip
when: >
(ansible_facts.os_family == 'RedHat') and (ansible_facts.distribution_major_version | int < 8)
or (ansible_facts.distribution == 'Debian') and (ansible_facts.distribution_major_version | int < 10)
or (ansible_facts.distribution == 'Ubuntu') and (ansible_facts.distribution_major_version | int < 18)
roles:
- role: geerlingguy.pip

21
ansible/playbooks/roles/geerlingguy.pip/molecule/default/molecule.yml Normal file
View File

@ -0,0 +1,21 @@
---
role_name_check: 1
dependency:
name: galaxy
options:
ignore-errors: true
driver:
name: docker
platforms:
- name: instance
image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux9}-ansible:latest"
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
cgroupns_mode: host
privileged: true
pre_build_image: true
provisioner:
name: ansible
playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml}

20
ansible/playbooks/roles/geerlingguy.pip/tasks/main.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: Ensure Pip is installed.
package:
name: "{{ pip_package }}"
state: present
- name: Remove EXTERNALLY-MANAGED
ansible.builtin.file:
path: /usr/lib/python3.{{ ansible_facts.python.version.minor }}/EXTERNALLY-MANAGED
state: absent
- name: Ensure pip_install_packages are installed.
pip:
name: "{{ item.name | default(item) }}"
version: "{{ item.version | default(omit) }}"
virtualenv: "{{ item.virtualenv | default(omit) }}"
state: "{{ item.state | default(omit) }}"
extra_args: "{{ item.extra_args | default(omit) }}"
executable: "{{ item.virtualenv | default(false) | ternary(omit, pip_executable) }}"
loop: "{{ pip_install_packages }}"

2
ansible/playbooks/roles/nextcloud_aio/meta/main.yml Normal file
View File

@ -0,0 +1,2 @@
dependencies:
- role: docker

2
ansible/playbooks/roles/nextcloud_aio/tasks/main.yaml
View File

@ -0,0 +1,2 @@
---
- import_tasks: nextcloud_docker_aio.yaml

18
ansible/playbooks/roles/nextcloud_aio/tasks/nextcloud_docker_aio.yaml
View File

@ -1,6 +1,18 @@
---
# NB inherit docker
- name: Create volumes
## TODO
debug:
msg:
- "TODO!!!"
- name: launch Nextcloud aio docker image
- name: Download compose file
become: true
become_user: docker
ansible.builtin.git:
repo: "https://gitea-s2i2s.isti.cnr.it/sinibaldi/SSE-Lab"
dest: SSE-Lab
- name: create and start docker compose services
become: true
become_user: docker
community.docker.docker_compose_v2:
project_src: ~/SSE-Lab/dockerized/nextcloud-aio/compose.yaml

4
ansible/readme.md
View File

@ -29,7 +29,11 @@ Basic checks connectivity for **all**
##### NextCloud
Installs Nextcloud AIO using SSE Lab / dockerized / nextcloud-aio
Calls role nextcloud_aio, dependent on docker role.
- Downloads SSE-Lab Repo
- Runs compose up (using ansible plugins)
E.g. `ansible-playbook -i inventories/ -l nextrup_copy_test playbooks/nextcloud.yaml`
### Bootstrap ###
Creates sudoer user ansible, necessitates of sudoer user.