init dockhand

ansible/dockhand.yaml

@@ -5,3 +5,4 @@
     - common
     - ldap_client
     - docker
+    - dockhand

ansible/roles/dockhand/tasks/main.yaml

@@ -0,0 +1,19 @@
+- name: Create dockhand directory
+  file:
+    path: /root/dockhand
+    state: directory
+    mode: '0755'
+
+- name: Create or update docker-compose
+  template:
+    src: templates/docker-compose.yaml.j2
+    dest: /root/dockhand/docker-compose.yaml
+    owner: root
+    group: root
+    mode: 0600
+
+- name: Create and start dockhand
+  community.docker.docker_compose_v2:
+    project_src: /root/dockhand
+    build: always
+  register: output

ansible/roles/dockhand/tasks/templates/docker-compose.yaml.j2

@@ -0,0 +1,48 @@
+services:
+  socket-proxy:
+    image: tecnativa/docker-socket-proxy
+    container_name: socket-proxy
+    restart: unless-stopped
+    environment:
+      # Required for Dockhand core functionality
+      - CONTAINERS=1
+      - IMAGES=1
+      - NETWORKS=1
+      - VOLUMES=1
+      - EVENTS=1
+      - POST=1
+      - DELETE=1
+      # Required for dashboard host info and disk usage
+      - INFO=1
+      - SYSTEM=1
+      # Required for vulnerability scanning
+      - ALLOW_START=1
+      - ALLOW_STOP=1
+      - ALLOW_RESTARTS=1
+      # Optional: enable for terminal access
+      # - EXEC=1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - socket-proxy
+
+  dockhand:
+    image: fnsys/dockhand:latest
+    container_name: dockhand
+    restart: unless-stopped
+    depends_on:
+      - socket-proxy
+    ports:
+      - "3000:3000"
+    volumes:
+      - dockhand_data:/app/data
+    networks:
+      - socket-proxy
+      - default
+
+networks:
+  socket-proxy:
+    internal: true
+
+volumes:
+  dockhand_data: