From 5d114683272ff838b7d4dfac89050b56a51cba5b Mon Sep 17 00:00:00 2001
From: Ludovic Poujol <lpoujol@evolix.fr>
Date: Thu, 18 Apr 2024 16:10:26 +0200
Subject: [PATCH] docker-host: lint

---
 docker-host/defaults/main.yml | 14 +++++++-------
 docker-host/tasks/main.yml    | 22 ++++++++++++----------
 2 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/docker-host/defaults/main.yml b/docker-host/defaults/main.yml
index ac93e596..f2dc0e9e 100644
--- a/docker-host/defaults/main.yml
+++ b/docker-host/defaults/main.yml
@@ -4,24 +4,24 @@ docker_home: /var/lib/docker
 docker_tmpdir: "{{ docker_home }}/tmp"
 
 # Disable the possibility for containers processes to gain new privileges
-docker_conf_no_newprivileges: False
+docker_conf_no_newprivileges: false
 
 # Toggle live restore (need to be disabled in swarm mode)
-docker_conf_live_restore: True
+docker_conf_live_restore: true
 
 # Toggle user namespace
-docker_conf_user_namespace: True
+docker_conf_user_namespace: true
 
 # Disable all default network connectivity
-docker_conf_disable_default_networking: False
+docker_conf_disable_default_networking: false
 
 # Remote access
-docker_remote_access_enabled: False
+docker_remote_access_enabled: false
 docker_daemon_port: 2376
 docker_daemon_listening_ip: 0.0.0.0
 
 # TLS
-docker_tls_enabled: False
+docker_tls_enabled: false
 docker_tls_path: "{{ docker_home }}/tls"
 docker_tls_ca: ca/ca.pem
 docker_tls_ca_key: ca/ca-key.pem
@@ -29,4 +29,4 @@ docker_tls_cert: server/cert.pem
 docker_tls_key: server/key.pem
 docker_tls_csr: server/server.csr
 
-apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
\ No newline at end of file
+apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
diff --git a/docker-host/tasks/main.yml b/docker-host/tasks/main.yml
index d35b7d7d..f36dc457 100644
--- a/docker-host/tasks/main.yml
+++ b/docker-host/tasks/main.yml
@@ -32,7 +32,7 @@
   when: ansible_distribution_major_version is version('10', '<')
 
 - name: "Ensure {{ apt_keyring_dir }} directory exists"
-  file:
+  ansible.builtin.file:
     path: "{{ apt_keyring_dir }}"
     state: directory
     mode: "755"
@@ -53,35 +53,34 @@
     repo: 'deb [signed-by={{ apt_keyring_dir }}/docker-debian.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable'
     filename: docker
     state: present
-    update_cache: yes
+    update_cache: true
   when: ansible_distribution_major_version is version('12', '<')
 
 - name: Add Docker repository (Debian >=12)
   ansible.builtin.template:
     src: docker.sources.j2
     dest: /etc/apt/sources.list.d/docker.sources
-  register: docker_sources
+    owner: root
+    group: root
+    mode: "0644"
   when: ansible_distribution_major_version is version('12', '>=')
 
-- name: Update APT cache
-  ansible.builtin.apt:
-    update_cache: yes
-  when: docker_sources is changed
-
 - name: Install Docker
   ansible.builtin.apt:
     name:
       - docker-ce
       - docker-ce-cli
       - containerd.io
+    update_cache: true
+    cache_valid_time: 3600
 
-- name: python-docker is installed
+- name: Package python-docker is installed
   ansible.builtin.apt:
     name: python-docker
     state: present
   when: ansible_python_version is version('3', '<')
 
-- name: python3-docker is installed
+- name: Package python3-docker is installed
   ansible.builtin.apt:
     name: python3-docker
     state: present
@@ -91,6 +90,9 @@
   ansible.builtin.template:
     src: daemon.json.j2
     dest: /etc/docker/daemon.json
+    owner: root
+    group: root
+    mode: "0644"
   notify: restart docker
 
 - name: Creating Docker tmp directory