docker(role): move automatic cleanup of unused Docker data here

Move the automatic cleanup of unused Docker data to the docker role from
the docker_compose role, so that hosts, which only use Docker (like
renovate) also have an automatic cleanup set up.
Also use a systemd timer instead of cron.

roles/docker/files/docker-cleanup.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=cleanup unused docker data
+After=network-online.target docker.service
+Wants=network-online.target docker.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/docker system prune --all --force

roles/docker/files/docker-cleanup.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=cleanup unused docker data every day
+
+[Timer]
+OnCalendar=daily
+RandomizedDelaySec=1h
+
+[Install]
+WantedBy=timers.target

roles/docker/handlers/main.yaml

@@ -0,0 +1,4 @@
+- name: systemd daemon reload
+  ansible.builtin.systemd_service:
+    daemon_reload: true
+  become: true

roles/docker/tasks/main.yaml

@@ -9,3 +9,7 @@
 - name: Ensure Docker daemon configuration
   ansible.builtin.import_tasks:
     file: main/03_docker_config.yaml
+
+- name: Ensure automatic cleanup of unused Docker data is set up
+  ansible.builtin.import_tasks:
+    file: main/04_docker_auto_cleanup.yaml

roles/docker/tasks/main/04_docker_auto_cleanup.yaml

@@ -0,0 +1,28 @@
+- name: ensure systemd service exists
+  ansible.builtin.copy:
+    src: docker-cleanup.service
+    dest: /etc/systemd/system/docker-cleanup.service
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify:
+    - systemd daemon reload
+
+- name: ensure systemd timer exists
+  ansible.builtin.copy:
+    src: docker-cleanup.timer
+    dest: /etc/systemd/system/docker-cleanup.timer
+    owner: root
+    group: root
+    mode: "0644"
+  become: true
+  notify:
+    - systemd daemon reload
+
+- name: ensure systemd timer is started and enabled
+  ansible.builtin.systemd_service:
+    name: docker-cleanup.timer
+    state: started
+    enabled: true
+  become: true