ansible-anu VS ansible-role-docker

I prefer to run Ubuntu machines and at least in terms of provisioning a new secure server I built an Ansible playbook I called 'ANU' (as in A New Ubuntu). I'd expand to other distros, but then I'd have to change the name!

https://github.com/MitchellCash/ansible-anu

It is based on the DevSec OS/SSH hardening playbooks, but I lean closer towards ease-of-use over security where I think it makes sense. For example, I disable forced password rotation and I keep the default umask value of '022' instead of the more secure '027'.

When I come across something the upstream playbooks change that "gets in my way", I will disable it if the security trade off makes sense for me. I'm not running highly sensitive systems, so these trade-offs make sense for me, and maybe they will for you as well!

In terms of ongoing security upkeep, I run the usual `apt update && apt dist-upgrade` when I can, but I’ll be keeping my eye on this thread for additional advice.

In this case, yeah sure, go ahead. Looks fine. But is the package really not available at all or rather called differently? (from my perspective packages named equally across a wide range of distros / package managers aren't to common) In the later case you would / could load a var file with a variable which contains distro-specific package names for Redhat and just reference the variable in your install task. (see for example https://github.com/geerlingguy/ansible-role-docker/blob/master/tasks/main.yml#L2 and https://github.com/geerlingguy/ansible-role-docker/tree/master/vars)

To install docker, there's multiple examples to find, I'd start with this role : https://github.com/geerlingguy/ansible-role-docker

You might want to check out https://github.com/geerlingguy/ansible-role-docker

before writing a playbook, check for an existing role to do the work for you

This might not be the answer you're looking for, but geerlingguy.docker is pretty good

I mark bugs, security-related issues, and planned features with appropriate labels, and the stale bot ignores those: https://github.com/geerlingguy/ansible-role-docker/blob/mast...

Not all maintainers do the same. And some even _lock issues_, which I hate, because even closed issues can have a very fruitful discussion long after the issue was originally posted.

As a teaching example, installing your own docker this way might be good.But it would be better to install using a role. One you design yourself, or even better use an existing role like geerlingguy.docker.

I use ansible to setup the docker VMs after provisioning (https://github.com/geerlingguy/ansible-role-docker)

PS. As a slight sidenote, I just wanted to thank you for your (many!) Ansible roles - today I was able to run Docker in Ansible in my side project because of your docker ansible role to investigate Opensearch. Just wanted to say thanks you very much