Add dockhand role to initial_install
Tagged never,dockhand_install so it only runs when explicitly requested. Installs docker.io + docker-compose-v2, templates a compose file for fnsys/dockhand:latest at /docker/dockhand, and wires a oneshot systemd unit that brings the stack up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -22,6 +22,18 @@
|
||||
roles:
|
||||
- role: freeipa_client
|
||||
|
||||
# ==============================
|
||||
# DOCKHAND (optional)
|
||||
# ==============================
|
||||
|
||||
- name: Install dockhand
|
||||
hosts: all
|
||||
become: true
|
||||
tags: never,dockhand_install
|
||||
|
||||
roles:
|
||||
- role: dockhand
|
||||
|
||||
# ==============================
|
||||
# SSH HARDENING (run last!)
|
||||
# ==============================
|
||||
|
||||
@@ -0,0 +1,9 @@
|
||||
---
|
||||
- name: Reload systemd
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
|
||||
- name: Restart dockhand
|
||||
ansible.builtin.systemd:
|
||||
name: dockhand
|
||||
state: restarted
|
||||
@@ -0,0 +1,46 @@
|
||||
---
|
||||
- name: Install Docker and Compose
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- docker.io
|
||||
- docker-compose-v2
|
||||
state: present
|
||||
|
||||
- name: Ensure Docker is running
|
||||
ansible.builtin.systemd:
|
||||
name: docker
|
||||
enabled: true
|
||||
state: started
|
||||
|
||||
- name: Ensure /docker/dockhand exists
|
||||
ansible.builtin.file:
|
||||
path: /docker/dockhand
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
|
||||
- name: Deploy dockhand docker-compose.yml
|
||||
ansible.builtin.template:
|
||||
src: docker-compose.yml.j2
|
||||
dest: /docker/dockhand/docker-compose.yml
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Restart dockhand
|
||||
|
||||
- name: Deploy dockhand systemd unit
|
||||
ansible.builtin.template:
|
||||
src: dockhand.service.j2
|
||||
dest: /etc/systemd/system/dockhand.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: Reload systemd
|
||||
|
||||
- name: Enable and start dockhand
|
||||
ansible.builtin.systemd:
|
||||
name: dockhand
|
||||
enabled: true
|
||||
state: started
|
||||
daemon_reload: true
|
||||
@@ -0,0 +1,14 @@
|
||||
# Managed by Ansible — do not edit by hand.
|
||||
services:
|
||||
dockhand:
|
||||
image: fnsys/dockhand:latest
|
||||
container_name: dockhand
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "3000:3000"
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- dockhand_data:/app/data
|
||||
|
||||
volumes:
|
||||
dockhand_data:
|
||||
@@ -0,0 +1,16 @@
|
||||
[Unit]
|
||||
Description=dockhand (docker compose stack)
|
||||
Requires=docker.service
|
||||
After=docker.service network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
WorkingDirectory=/docker/dockhand
|
||||
ExecStart=/usr/bin/docker compose up -d --remove-orphans
|
||||
ExecStop=/usr/bin/docker compose down
|
||||
TimeoutStartSec=300
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user