tokenbridge/deployment/oracle/roles/dependencies/tasks/main.yml

- name: Install the gpg key for docker
  apt_key:
    url: "https://download.docker.com/linux/ubuntu/gpg"
    state: present
    
- name: Install the docker repos
  apt_repository:
    repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
    state: present

- name: Install apt dependencies
  apt:
    update_cache: yes
    name: "{{ item }}"
  with_items:
    - apt-transport-https
    - ca-certificates
    - curl
    - software-properties-common
    - docker-ce
    - git
    - "{{ (ansible_python_interpreter | default ('python')).split('/')[-1] }}-pip"

- name: Install Docker Compose
  get_url:
    url: "https://github.com/docker/compose/releases/download/{{ docker_compose_version }}/docker-compose-Linux-x86_64"
    dest: "/usr/local/bin/docker-compose"
    force: True
    owner: "root"
    group: "root"
    mode: "0755"
    
- name: Install python docker library
  pip:
    name: "{{ item }}"
  with_items:
    - docker
    - docker-compose

- name: Add user to run docker-compose
  user:
    name: "{{ compose_service_user }}"
    comment: user to run docker-compose
    group: docker
    createhome: yes

- name: Install auditd
  apt:
    name: auditd
    update_cache: yes

- name: Configure auditd
  blockinfile:
    path: /etc/audit/audit.rules
    block: | 
     -w /usr/bin/docker -p wa
     -w /var/lib/docker -p wa
     -w /etc/docker -p wa
     -w /lib/systemd/system/docker.service -p wa
     -w /lib/systemd/system/docker.socket -p wa
     -w /etc/default/docker -p wa
     -w /etc/docker/daemon.json -p wa
     -w /usr/bin/docker-containerd -p wa
     -w /usr/bin/docker-runc -p wa 
  notify: restart auditd

- name: Configure docker engine
  copy:
    src: daemon.json
    dest: /etc/docker/daemon.json
    owner: root
    group: root
    mode: 0640
  notify: restart docker