Add Docker official apt repo to docker role (#24)

* Add Docker official apt repo to docker role

The docker role was installing docker-compose-plugin which is only
available from Docker's official apt repository. helsinki-a had it
configured manually, but london-b and copenhagen-a did not, causing
deploy failures.

Now the role:
- Adds Docker's GPG key and apt repo (handles both Debian and Ubuntu)
- Installs docker-ce, docker-ce-cli, containerd.io, docker-compose-plugin
- Removes conflicting stock packages (docker.io, docker-compose)

* fix: resolve yamllint violations in docker role

- Remove standalone comment blocks that caused indentation errors
- Collapse multiline repo string to single line
- Ensure document start marker is present

* fix: keep all lines under 160 chars for yamllint

Use set_fact to build the Docker repo line in parts instead of
one long inline string.

* fix: resolve yamllint errors in london-b host_vars and promtail config

- Remove trailing blank line in inventory/host_vars/london-b.yml
- Add missing document start marker to promtail config
- Fix indentation in promtail scrape_configs (indent list items under key)

* Remove ansible-lint on push, keep PR-only

Lint already runs on pull_request — no need to double up on push to main.

.github/workflows/lint-ansible.yml

@@ -1,10 +1,6 @@
 name: Lint Ansible
 
 on:
-  push:
-    paths:
-      - 'ansible/**'
-      - '.github/workflows/lint-ansible.yml'
   pull_request:
     paths:
       - 'ansible/**'

ansible/inventory/host_vars/london-b.yml

@@ -20,4 +20,3 @@ common_ufw_allowed_ports:
   - {port: 6881, proto: tcp, comment: "BitTorrent"}
   - {port: 6881, proto: udp, comment: "BitTorrent"}
   - {port: 445, proto: tcp, comment: "Samba"}
-

ansible/roles/docker/tasks/main.yml

@@ -1,17 +1,73 @@
 ---
-# Install Docker and docker-compose, start the daemon.
+# Set up Docker's official apt repository and install Docker + Compose plugin.
 
-- name: Install Docker (Debian)
+- name: Install prerequisites for Docker repo (Debian/Ubuntu)
   ansible.builtin.apt:
     name:
-      - docker.io
+      - ca-certificates
+      - curl
+      - gnupg
+    state: present
+    update_cache: true
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Create keyrings directory
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Set Docker repo variables
+  ansible.builtin.set_fact:
+    docker_distro: >-
+      {{ 'ubuntu' if ansible_facts['distribution'] == 'Ubuntu' else 'debian' }}
+    docker_arch: >-
+      {{ ansible_facts['architecture']
+      | regex_replace('x86_64', 'amd64')
+      | regex_replace('aarch64', 'arm64') }}
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Build Docker repo line
+  ansible.builtin.set_fact:
+    docker_repo: >-
+      deb [arch={{ docker_arch }}
+      signed-by=/etc/apt/keyrings/docker.asc]
+      https://download.docker.com/linux/{{ docker_distro }}
+      {{ ansible_facts['distribution_release'] }} stable
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Add Docker GPG key
+  ansible.builtin.get_url:
+    url: "https://download.docker.com/linux/{{ docker_distro }}/gpg"
+    dest: /etc/apt/keyrings/docker.asc
+    mode: '0644'
+    force: false
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Add Docker apt repository
+  ansible.builtin.apt_repository:
+    repo: "{{ docker_repo }}"
+    filename: docker
+    state: present
+    update_cache: true
+  when: ansible_facts["os_family"] == "Debian"
+
+- name: Install Docker (Debian/Ubuntu)
+  ansible.builtin.apt:
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
       - docker-compose-plugin
     state: present
   when: ansible_facts["os_family"] == "Debian"
 
-- name: Remove conflicting docker-compose package (Debian)
+- name: Remove old docker packages (Debian/Ubuntu)
   ansible.builtin.apt:
-    name: docker-compose
+    name:
+      - docker.io
+      - docker-compose
     state: absent
   when: ansible_facts["os_family"] == "Debian"
 

ansible/services/promtail/config/london-b.yml

@@ -1,3 +1,4 @@
+---
 server:
   http_listen_port: 9080
   grpc_listen_port: 0
@@ -9,23 +10,23 @@ clients:
   - url: http://192.168.1.254:3100/loki/api/v1/push
 
 scrape_configs:
-- job_name: london-b
+  - job_name: london-b
-  static_configs:
+    static_configs:
-  - targets:
+      - targets:
-      - localhost
+          - localhost
-    labels:
+        labels:
-      job: varlogs
+          job: varlogs
-      instance: london-b
+          instance: london-b
-      __path__: /var/log/*log
+          __path__: /var/log/*log
-  - targets:
+      - targets:
-      - localhost
+          - localhost
-    labels:
+        labels:
-      job: plex
+          job: plex
-      instance: london-b
+          instance: london-b
-      __path__: /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs/*log
+          __path__: /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs/*log
-  - targets:
+      - targets:
-      - localhost
+          - localhost
-    labels:
+        labels:
-      job: jellyfin
+          job: jellyfin
-      instance: london-b
+          instance: london-b
-      __path__: /var/log/jellyfin/*log
+          __path__: /var/log/jellyfin/*log