{"id":15645003,"url":"https://github.com/konstruktoid/ansible-role-docker-rootless","last_synced_at":"2026-04-21T00:09:58.087Z","repository":{"id":38215955,"uuid":"333209835","full_name":"konstruktoid/ansible-role-docker-rootless","owner":"konstruktoid","description":"Ansible role to install a rootless Docker server","archived":false,"fork":false,"pushed_at":"2026-04-12T21:54:51.000Z","size":1363,"stargazers_count":89,"open_issues_count":11,"forks_count":27,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-04-12T22:22:42.423Z","etag":null,"topics":["almalinux","ansible","centos","debian","docker","docker-daemon","docker-rootless","hacktoberfest","hardening","rootless","security","ubuntu"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/konstruktoid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"konstruktoid"}},"created_at":"2021-01-26T20:33:42.000Z","updated_at":"2026-04-12T21:54:58.000Z","dependencies_parsed_at":"2023-10-17T01:33:45.933Z","dependency_job_id":"6a133f0a-ff06-422b-b537-2b4b95126e90","html_url":"https://github.com/konstruktoid/ansible-role-docker-rootless","commit_stats":{"total_commits":585,"total_committers":13,"mean_commits":45.0,"dds":0.441025641025641,"last_synced_commit":"82f615468df462ea67d8d5937780cad8c64d7555"},"previous_names":[],"tags_count":92,"template":false,"template_full_name":null,"purl":"pkg:github/konstruktoid/ansible-role-docker-rootless","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/konstruktoid%2Fansible-role-docker-rootless","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/konstruktoid%2Fansible-role-docker-rootless/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/konstruktoid%2Fansible-role-docker-rootless/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/konstruktoid%2Fansible-role-docker-rootless/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/konstruktoid","download_url":"https://codeload.github.com/konstruktoid/ansible-role-docker-rootless/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/konstruktoid%2Fansible-role-docker-rootless/sbom","scorecard":{"id":49367,"data":{"date":"2025-08-14T21:41:15Z","repo":{"name":"github.com/konstruktoid/ansible-role-docker-rootless","commit":"9a70c5ed0f90ba9318a87dbc0a3ec6befe04c395"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":8.1,"checks":[{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1","Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Code-Review","score":5,"reason":"Found 1/2 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecards.yml:23","Info: jobLevel 'actions' permission set to 'read': .github/workflows/scorecards.yml:24","Info: jobLevel 'actions' permission set to 'read': .github/workflows/slsa.yml:51","Info: jobLevel 'actions' permission set to 'read': .github/workflows/slsa.yml:61","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/issues.yml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/lint.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/schedlint.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/schedmainlint.yml:8","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:11","Info: topLevel 'contents' permission set to 'read': .github/workflows/slsa.yml:11","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/konstruktoid/ansible-role-docker-rootless/lint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/schedlint.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/konstruktoid/ansible-role-docker-rootless/schedlint.yml/main?enable=pin","Warn: containerImage not pinned by hash: action-lint/Dockerfile:1: pin your Docker image by updating konstruktoid/alpine to konstruktoid/alpine@sha256:2e8aa3a724202f568abb404c243804adbe867b02e3197642b284a8d6c30087f4","Warn: pipCommand not pinned by hash: action-lint/Dockerfile:15-21","Info:  11 out of  11 GitHub-owned GitHubAction dependencies pinned","Info:  10 out of  12 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"Signed-Releases","score":10,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: provenance for release artifact: ansible-role-docker-rootless.sha256.intoto.jsonl: https://github.com/konstruktoid/ansible-role-docker-rootless/releases/tag/v0.61.0","Info: provenance for release artifact: ansible-role-docker-rootless.sha256.intoto.jsonl: https://github.com/konstruktoid/ansible-role-docker-rootless/releases/tag/v0.60.0","Info: provenance for release artifact: ansible-role-docker-rootless.sha256.intoto.jsonl: https://github.com/konstruktoid/ansible-role-docker-rootless/releases/tag/v0.59.0","Info: provenance for release artifact: ansible-role-docker-rootless.sha256.intoto.jsonl: https://github.com/konstruktoid/ansible-role-docker-rootless/releases/tag/v0.58.0","Info: provenance for release artifact: ansible-role-docker-rootless.sha256.intoto.jsonl: https://github.com/konstruktoid/ansible-role-docker-rootless/releases/tag/v0.57.0"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Contributors","score":10,"reason":"project has 3 contributing companies or organizations -- score normalized to 10","details":["Info: found contributions from: celements, mend, synventis"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"25 out of 25 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}}]},"last_synced_at":"2025-08-14T23:24:42.771Z","repository_id":38215955,"created_at":"2025-08-14T23:24:42.771Z","updated_at":"2025-08-14T23:24:42.771Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32071045,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-20T21:26:33.338Z","status":"ssl_error","status_checked_at":"2026-04-20T21:26:22.081Z","response_time":94,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["almalinux","ansible","centos","debian","docker","docker-daemon","docker-rootless","hacktoberfest","hardening","rootless","security","ubuntu"],"created_at":"2024-10-03T12:03:57.635Z","updated_at":"2026-04-21T00:09:58.081Z","avatar_url":"https://github.com/konstruktoid.png","language":"Jinja","funding_links":["https://github.com/sponsors/konstruktoid"],"categories":[],"sub_categories":[],"readme":"# Docker rootless Ansible role\n\nAn [Ansible](https://www.ansible.com/) role to configure install and configure\na [Docker](https://www.docker.com/) daemon running as a non-root user.\n\n```shell\nDo not use any of this without first testing in a non-operational environment.\n```\n\n\u003e Rootless mode allows running the Docker daemon and containers as a non-root\nuser to mitigate potential vulnerabilities in the daemon and the container\nruntime. ([docker](https://docs.docker.com/engine/security/rootless/))\n\n\u003e **Note**\n\u003e There is a [SLSA](https://slsa.dev/) artifact present under the\n\u003e [slsa action workflow](https://github.com/konstruktoid/ansible-role-docker-rootless/actions/workflows/slsa.yml)\n\u003e for verification.\n\n## Requirements\n\n```yaml\n---\nroles:\n  - name: konstruktoid.docker_rootless\n    version: v1.18.0\n    src: https://github.com/konstruktoid/ansible-role-docker-rootless.git\n    scm: git\n```\n\n## Playbook example\n\n```yaml\n---\n- hosts: all\n  any_errors_fatal: true\n  tasks:\n    - name: Include the konstruktoid.docker_rootless role\n      ansible.builtin.import_role:\n        name: konstruktoid.docker_rootless\n```\n\n## Role Variables with defaults\n\n```yaml\n---\nconfigure_sysctl: true\ncreate_docker_user: true\ninstall_dependencies: true\n\ndocker_arch: \"{{ ansible_facts.architecture }}\"\ndocker_sysctl_file: /etc/sysctl.d/90-docker-rootless.conf\ndocker_add_alias: true\ndocker_allow_ping: false\ndocker_allow_privileged_ports: false\ndocker_compose: false\ndocker_compose_release: v5.1.3\ndocker_compose_url: https://github.com/docker/compose/releases/download\ndocker_daemon_json_template: daemon.json.j2\ndocker_driver_network: slirp4netns\ndocker_driver_port: builtin\ndocker_release: 29.4.1\ndocker_repository_template: docker.repo.j2\ndocker_rootful_enabled: false\ndocker_rootful: false\ndocker_rootful_opts: false\ndocker_rootful_service_template: docker_rootful.service.j2\ndocker_rootless_script_template: docker_rootless.sh.j2\ndocker_rootless_service_template: docker_rootless.service.j2\ndocker_service_restart: true\ndocker_unattended_upgrades: false\ndocker_url: \"https://download.docker.com/linux/static/stable/{{ docker_arch }}\"\ndocker_user_bashrc: false\ndocker_user: dockeruser\ndocker_user_uid: false\ndocker_user_gid: false\nshasums:\n  docker_release:\n    aarch64: 53cfa1de79155f27643014a84f1de94e2185239726b179b5c30523d62e565bb0\n    x86_64: 0fb3d2b72414ab862d68517f0b17b78c93c149d1c5c461acb969aacde1a2189d\n  docker_rootless_release:\n    aarch64: 26db532cb5502da5e4486b2dcadfd0de2754fc388da31487ee3bc26f475f18e6\n    x86_64: 10d5ce325c6094febf00d8ad9659732bc2f1e15ad43d55b8bc842e2b2b23a1e2\n  docker_compose_release:\n    aarch64: e8105a3e687ea7e0b0f81abe4bf9269c8a2801fb72c2b498b5ff2472bc54145f\n    x86_64: a0298760c9772d2c06888fc8703a487c94c3c3b0134adeef830742a2fc7647b4\n```\n\nBefore using this role you first have to decide if you want to install Docker\nusing the packages available to the distribution, also known as the \"rootful\"\ninstallation since it requires `root` permissions and installs the upstream\nDocker daemon or if you want to download the static binaries and do a manual\ninstall.\n\nIf you run the role on a system without having `root` permissions, you will\nneed to set `configure_sysctl: false`, `create_docker_user: false` and\n`install_dependencies: false` and ensure that the system has the\nrequired dependencies installed and the `docker` user created beforehand.\n\nIf you set `docker_rootful: false` you will download the static binaries and do\na manual install, not requiring any `root` permissions.\n\nIf `docker_rootful: true`, then `docker_rootful_enabled` will decide if the\ndaemon should be enabled as a service or not.\n\n`docker_service_restart` will restart the rootless service after the Docker\nbinaries has been extracted. This may affect any running containers.\n\nUsing `docker_rootful: true` and `docker_rootful_enabled: true`, will result in\na standard Docker installation, with an additional Docker daemon, running as a\nnon-root user.\n\n\u003e Note that Debian 10 and earlier requires `docker_rootful: false` due to missing\ndependencies.\n\nThe `docker_url`, `docker_release`, `docker_compose_url` and `docker_compose_release`\nvariables define where you find the relevant binaries and which version you\nshould use when doing a manual installation.\n\nYou define the name of the Docker user that will be created with the\n`docker_user` variable. This user will download and install the binaries if\n`docker_rootful: false` or else the user will be the one running the\nrootless installation script and starting an isolated daemon. UID and GID\ncan be set using the `docker_user_uid` and `docker_user_gid` variables.\n\n\u003e Note that the sole purpose of the `docker_user` is to run the Docker\ndaemon and related containers, and not for system administration or used as a\nregular user.\n\n`docker_release_shasum`, `docker_release_rootless_shasum` and\n`docker_compose_release_shasum` are used to verify the files when\ndownloaded using the [get_url](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/get_url_module.html)\nmodule. The `docker_release_shasum` is used for the Docker `.tgz` file and\n`docker_release_rootless_shasum` for the `docker-ce-rootless-extras` package.\n\n`docker_rootful_opts` is the options to apply to the Docker daemon if\nrunning in rootful mode, if unset the settings in\n`docker_rootful_service_template` will be used.\n\nIf `docker_add_alias: true`, then a `docker` alias will be added to either `.bashrc`\nor `.bash_aliases` of the Ansible user. If `false`, a shell script named `docker_rootless.sh` is\ncreated in the Ansible user home directory. This works as a substitute to the\n`docker` command so that the Ansible user can execute the rootless Docker installation from the `docker_user`.\n\nIf `docker_compose: true`, then the Docker `compose` plugin or `docker-compose`\nwill be installed. `docker_compose_arch` are used to define the architecture of\nthe `docker-compose` binary.\n\nIf `docker_user_bashrc: true`, a .bashrc with completion for the `docker` and\n`docker compose` command will be placed inside the `docker_user` home.\n\nIf `docker_unattended_upgrades: true` and the `unattended-upgrades` package is installed,\nthe `docker` and `docker-compose` binaries will be updated automatically.\n\nThe `docker_allow_privileged_ports` variable configures if exposing\n[privileged ports (\u003c 1024)](https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports)\nis allowed.\n\nThe `docker_allow_ping` variable configures if unprivileged users can open\n[ICMP echo sockets](https://docs.docker.com/engine/security/rootless/#routing-ping-packets).\nOn some distributions, this is not allowed, and thereby containers cannot ping\nto the outside.\n\nThe `docker_driver_network` and `docker_driver_port` variables configure RootlessKit's\n[network driver](https://github.com/rootless-containers/rootlesskit/blob/master/docs/network.md) or\n[port driver](https://github.com/rootless-containers/rootlesskit/blob/master/docs/port.md),\nrespectively. This is useful for\n[optimising network performance](https://docs.docker.com/engine/security/rootless/#networking-errors)\nand necessary if\n[source IP propagation](https://docs.docker.com/engine/security/rootless/#docker-run--p-does-not-propagate-source-ip-addresses)\nis required. By default, the `builtin` port driver does not expose the actual source IP; instead,\nall connections appear to the container as originating from the Docker gateway (e.g. 172.19.0.1).\nSet `docker_driver_port: slirp4netns` to enable source IP propagation.\n\nThe variables named `*_template` are the locations of the\n[templates](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/template_module.html)\nin use, this to make it easier to replace them with custom ones.\n\nThe most important template is most likely\n`docker_daemon_json_template: daemon.json.j2`, which is the location of the\nDocker `daemon.json` configuration file template.\n\n## Container management\n\n### Standalone container\n\nRunning containers is not that much different from when a rootful Docker daemon\nis used, but you still need to become the unprivileged user and adapt any paths\nto the user working directores.\n\nIf `docker_add_alias: true` is used, the `docker` command will be\navailable as usual for the Ansible user, too. Type `alias` in the shell to see the keyword\nconfiguration.\n\n```yaml\n- name: Register Docker user info\n  become: true\n  ansible.builtin.user:\n    name: \"{{ docker_user }}\"\n  check_mode: true\n  register: docker_user_info\n\n- name: Example container block\n  environment:\n    XDG_RUNTIME_DIR: \"/run/user/{{ docker_user_info.uid }}\"\n    PATH: \"{{ docker_user_info.home }}/bin:{{ ansible_env.PATH }}\"\n    DOCKER_HOST: \"unix:///run/user/{{ docker_user_info.uid }}/docker.sock\"\n  block:\n    - name: Nginx container\n      become: true\n      become_user: \"{{ docker_user }}\"\n      community.docker.docker_container:\n        name: nginx\n        image: konstruktoid/nginx\n        state: started\n        cap_drop: all\n        capabilities:\n          - chown\n          - dac_override\n          - net_bind_service\n          - setgid\n          - setuid\n        pull: true\n        hostname: \"{{ ansible_nodename }}\"\n        container_default_behavior: compatibility\n```\n\n### Docker compose service\n\n```yaml\n- name: Register Docker user info\n  become: true\n  ansible.builtin.user:\n    name: \"{{ docker_user }}\"\n  check_mode: true\n  register: docker_user_info\n\n- name: Example docker compose block\n  become: true\n  become_user: \"{{ docker_user }}\"\n  environment:\n    XDG_RUNTIME_DIR: /run/user/{{ docker_user_info.uid }}\n    PATH: \"{{ docker_user_info.home }}/bin:{{ ansible_env.PATH }}\"\n    DOCKER_HOST: \"unix:///run/user/{{ docker_user_info.uid }}/docker.sock\"\n  block:\n    - name: Install pip dependencies\n      ansible.builtin.pip:\n        name:\n          - docker\u003c7 # https://github.com/docker/docker-py/issues/3194\n          - docker-compose\n\n    - name: Create and start services\n      community.docker.docker_compose:\n        project_src: /var/tmp/\n        files: \"{{ docker_user }}-docker-compose.yml\"\n      register: compose_output\n```\n\n## Testing with molecule\n\nIf [Ansible Molecule](https://molecule.readthedocs.io/en/latest/)\nwith the [vagrant plugin](https://github.com/ansible-community/molecule-plugins)\nand related software is installed, running `molecule test` is supported.\n\n`tox -l` will list all available `tox` test environments.\n\n## Contributing\n\nDo you want to contribute? Great! Contributions are always youlcome,\nno matter how large or small. If you found something odd, feel free to submit a\nissue, improve the code by creating a pull request, or by\n[sponsoring this project](https://github.com/sponsors/konstruktoid).\n\n## License\n\nApache License Version 2.0\n\n## Author Information\n\n[https://github.com/konstruktoid](https://github.com/konstruktoid \"github.com/konstruktoid\")\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkonstruktoid%2Fansible-role-docker-rootless","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkonstruktoid%2Fansible-role-docker-rootless","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkonstruktoid%2Fansible-role-docker-rootless/lists"}