From 2e9fa4b9f438d5ddf3d866df31e977ce472a38b5 Mon Sep 17 00:00:00 2001
From: Administrator <gitlab_admin_a84168@example.com>
Date: Fri, 21 Nov 2025 07:30:03 +0000
Subject: [PATCH] Update 2 files

- /roles/base_setup/handlers/main.yml
- /roles/base_setup/tasks/main.yml
---
 roles/base_setup/handlers/main.yml | 11 ++++++++++
 roles/base_setup/tasks/main.yml    | 35 +++++++++++++++++++++++++++++-
 2 files changed, 45 insertions(+), 1 deletion(-)

diff --git a/roles/base_setup/handlers/main.yml b/roles/base_setup/handlers/main.yml
index d544a25..af77f86 100644
--- a/roles/base_setup/handlers/main.yml
+++ b/roles/base_setup/handlers/main.yml
@@ -10,4 +10,15 @@
     name: node_exporter
     state: restarted
     daemon_reload: yes
+  become: yes
+
+- name: restart docker
+  systemd:
+    name: docker
+    state: restarted
+    daemon_reload: yes
+  become: yes
+
+- name: reload sysctl
+  command: sysctl --system
   become: yes
\ No newline at end of file
diff --git a/roles/base_setup/tasks/main.yml b/roles/base_setup/tasks/main.yml
index dd5aaff..ddab720 100644
--- a/roles/base_setup/tasks/main.yml
+++ b/roles/base_setup/tasks/main.yml
@@ -19,7 +19,7 @@
     autoclean: yes
   become: yes
 
-- name: Disable IPv6 via sysctl
+- name: Configure sysctl parameters for Docker compatibility
   sysctl:
     name: "{{ item.name }}"
     value: "{{ item.value }}"
@@ -29,7 +29,40 @@
   loop:
     - { name: 'net.ipv6.conf.all.disable_ipv6', value: '1' }
     - { name: 'net.ipv6.conf.default.disable_ipv6', value: '1' }
+    - { name: 'net.ipv4.ip_forward', value: '1' }
+    - { name: 'net.ipv4.ip_unprivileged_port_start', value: '0' }
+    - { name: 'vm.max_map_count', value: '262144' }
+    - { name: 'fs.inotify.max_user_instances', value: '8192' }
+    - { name: 'fs.inotify.max_user_watches', value: '524288' }
   become: yes
+  notify: reload sysctl
+
+- name: Configure Docker daemon
+  copy:
+    content: |
+      {
+        "exec-opts": ["native.cgroupdriver=systemd"],
+        "log-driver": "json-file",
+        "log-opts": {
+          "max-size": "100m"
+        },
+        "storage-driver": "overlay2",
+        "userland-proxy": false,
+        "iptables": true,
+        "ipv6": false,
+        "default-ulimits": {
+          "nofile": {
+            "Name": "nofile",
+            "Hard": 65536,
+            "Soft": 65536
+          }
+        }
+      }
+    dest: /etc/docker/daemon.json
+    mode: '0644'
+  become: yes
+  when: ansible_facts.services['docker.service'] is defined or ansible_facts.services['docker.service'] is defined
+  notify: restart docker
 
 - name: Ensure /root/.bashrc exists
   file: