homelab/roles/docker/tasks/main.yml

- name: Install Docker
  ansible.builtin.apt:
    name: ['docker.io', 'docker-compose']
    state: present
    update_cache: true

- name: Login to private registry
  community.docker.docker_login:
    registry_url: "{{ docker_login_url | default('') }}"
    username: "{{ docker_login_user }}"
    password: "{{ docker_login_pass }}"
  when: docker_login_user is defined and docker_login_pass is defined

- name: Create docker-compose root
  ansible.builtin.file:
    path: "{{ docker_compose_root }}"
    state: directory
    mode: 0500

- name: Install docker-compose systemd service
  ansible.builtin.template:
    src: docker-compose.service.j2
    dest: "/etc/systemd/system/{{ docker_compose_service }}@.service"
    mode: 0400
  notify: compose_systemd

- name: Create directories to clone docker-compose repositories
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: 0400
  loop:
    - "{{ docker_repos_path }}"
    - "{{ docker_repos_keys }}"
  when: docker_compose_deploy is defined

- name: Generate OpenSSH deploy keys for docker-compose clones
  community.crypto.openssh_keypair:
    path: "{{ docker_repos_keys }}/id_{{ docker_repos_keytype }}"
    type: "{{ docker_repos_keytype }}"
    comment: "{{ ansible_hostname }}-deploy-key"
    mode: 0400
    state: present
  when: docker_compose_deploy is defined

- name: Clone external docker-compose projects
  ansible.builtin.git:
    repo: "{{ item.url }}"
    dest: "{{ docker_repos_path }}/{{ item.name }}"
    version: "{{ item.version }}"
    accept_newhostkey: "{{ item.accept_newhostkey | default('false') }}"
    gpg_whitelist: "{{ item.trusted_keys | default([]) }}"
    verify_commit: "{{ true if (item.trusted_keys is defined and item.trusted_keys) else false }}"
    key_file: "{{ docker_repos_keys }}/id_{{ docker_repos_keytype }}"
  loop: "{{ docker_compose_deploy }}"
  loop_control:
    label: "{{ item.url }}"
  when: docker_compose_deploy is defined

- name: Create directories for docker-compose projects using the systemd service
  ansible.builtin.file:
    path: "{{ docker_compose_root }}/{{ item.name }}"
    state: directory
    mode: 0400
  loop: "{{ docker_compose_deploy }}"
  loop_control:
    label: "{{ item.name }}"
  when: docker_compose_deploy is defined

- name: Synchronize docker-compose.yml
  ansible.posix.synchronize:
    src: "{{ docker_repos_path }}/{{ item.name }}/{{ item.path | default('docker-compose.yml') }}"
    dest: "{{ docker_compose_root }}/{{ item.name }}/docker-compose.yml"
  delegate_to: "{{ inventory_hostname }}"
  register: compose_update
  notify: compose_restart
  loop: "{{ docker_compose_deploy | default([]) }}"
  loop_control:
    label: "{{ item.name }}"
  when: docker_compose_deploy is defined and docker_compose_deploy | length > 0

- name: Set environment variables for docker-compose projects
  ansible.builtin.template:
    src: docker-compose-env.j2
    dest: "{{ docker_compose_root }}/{{ item.name }}/.env"
    mode: 0400
  register: compose_env_update
  notify: compose_restart
  no_log: "{{ docker_compose_env_nolog | default('true') }}"
  loop: "{{ docker_compose_deploy }}"
  loop_control:
    label: "{{ item.name }}"
  when: docker_compose_deploy is defined and item.env is defined

- name: Add users to docker group
  ansible.builtin.user:
    name: "{{ item }}"
    groups: docker
    append: true
  loop: "{{ docker_users }}"
  when: docker_users is defined

- name: Start Docker and enable on boot
  ansible.builtin.service:
    name: docker
    state: started
    enabled: true

- name: Start docker-compose services and enable on boot
  ansible.builtin.service:
    name: "{{ docker_compose_service }}@{{ item.name }}"
    state: started
    enabled: true
  loop: "{{ docker_compose_deploy }}"
  loop_control:
    label: "{{ docker_compose_service }}@{{ item.name }}"
  when: item.enabled is defined and item.enabled is true