feat: docker role

ansible/main.yml

@@ -22,6 +22,8 @@
       tags: "packages"
     - role: "firewall"
       tags: "firewall"
+    - role: "docker"
+      tags: "docker"
     - role: "databases"
       tags: "databases"
     - role: "backups"

ansible/roles/docker/tasks/docker-apt-repo.yml

@@ -0,0 +1,23 @@
+---
+# Based on the offical docker documentation on https://docs.docker.com/engine/install/ubuntu/
+
+- name: "Ensure dependencies are installed"
+  ansible.builtin.apt:
+    name:
+      - "ca-certificates"
+      - "curl"
+    state: "present"
+
+- name: "Add Docker apt key"
+  ansible.builtin.apt_key:
+    url: "https://download.docker.com/linux/ubuntu/gpg"
+    id: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
+    state: "present"
+    # NOTE: this differs from the official documentation, as it does not install the keyring to /etc/apt/keyrings
+
+- name: "Add Docker repository"
+  ansible.builtin.apt_repository:
+    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable"
+    state: "present"
+    update_cache: true
+    # NOTE: this differs from the official documentation, as it does not echo the string to /etc/apt/ as 'docker.list'

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+# FIXME docker exposed ports bypass ufw firefwall, which we use.
+# See https://docs.docker.com/network/packet-filtering-firewalls/#docker-and-ufw
+
+- name: "Install Docker"
+  block:
+
+  - name: "Add Docker apt repository"
+    ansible.builtin.include_tasks: "docker-apt-repo.yml"
+
+  - name: "Install Docker packages"
+    ansible.builtin.package:
+      name:
+        - "docker-ce={{ docker_engine_version }}"
+        - "docker-ce-cli={{ docker_engine_version }}"
+        - "containerd.io"
+        - "docker-buildx-plugin"
+      state: "present"
+
+  - name: "Ensure Docker is started and enabled at boot"
+    ansible.builtin.service:
+      name: "docker"
+      state: "started"
+      enabled: true
+
+- name: "Install Docker Compose"
+  ansible.builtin.package:
+    name: "docker-compose-plugin"
+    state: "present"
+
+- name: "Ensure admin users are added to the docker group"
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    groups: "docker"
+    append: true
+  with_items: "{{ users }}"
+  when: "item.admin"
+  loop_control:
+    label: "Adding '{{ item.name }}' to the docker group"

ansible/roles/docker/vars/main.yml

@@ -0,0 +1,4 @@
+---
+# Possible docker engine versions can be obtained through the following
+# command: apt-cache madison docker-ce | awk '{ print $3 }'
+docker_engine_version: "5:27.0.3-1~ubuntu.20.04~focal"