diff --git a/ansible/dockhand.yaml b/ansible/dockhand.yaml index c211668..3880c01 100644 --- a/ansible/dockhand.yaml +++ b/ansible/dockhand.yaml @@ -5,3 +5,4 @@ - common - ldap_client - docker + - dockhand diff --git a/ansible/roles/dockhand/tasks/main.yaml b/ansible/roles/dockhand/tasks/main.yaml new file mode 100644 index 0000000..3e41d3c --- /dev/null +++ b/ansible/roles/dockhand/tasks/main.yaml @@ -0,0 +1,19 @@ +- name: Create dockhand directory + file: + path: /root/dockhand + state: directory + mode: '0755' + +- name: Create or update docker-compose + template: + src: templates/docker-compose.yaml.j2 + dest: /root/dockhand/docker-compose.yaml + owner: root + group: root + mode: 0600 + +- name: Create and start dockhand + community.docker.docker_compose_v2: + project_src: /root/dockhand + build: always + register: output diff --git a/ansible/roles/dockhand/tasks/templates/docker-compose.yaml.j2 b/ansible/roles/dockhand/tasks/templates/docker-compose.yaml.j2 new file mode 100644 index 0000000..96b9098 --- /dev/null +++ b/ansible/roles/dockhand/tasks/templates/docker-compose.yaml.j2 @@ -0,0 +1,48 @@ +services: + socket-proxy: + image: tecnativa/docker-socket-proxy + container_name: socket-proxy + restart: unless-stopped + environment: + # Required for Dockhand core functionality + - CONTAINERS=1 + - IMAGES=1 + - NETWORKS=1 + - VOLUMES=1 + - EVENTS=1 + - POST=1 + - DELETE=1 + # Required for dashboard host info and disk usage + - INFO=1 + - SYSTEM=1 + # Required for vulnerability scanning + - ALLOW_START=1 + - ALLOW_STOP=1 + - ALLOW_RESTARTS=1 + # Optional: enable for terminal access + # - EXEC=1 + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + networks: + - socket-proxy + + dockhand: + image: fnsys/dockhand:latest + container_name: dockhand + restart: unless-stopped + depends_on: + - socket-proxy + ports: + - "3000:3000" + volumes: + - dockhand_data:/app/data + networks: + - socket-proxy + - default + +networks: + socket-proxy: + internal: true + +volumes: + dockhand_data: