Docker image prune cron on all Docker hosts #29

New Issue

Open

opened 2026-04-03 01:09:52 +00:00 by cal · 1 comment

cal commented 2026-04-03 01:09:52 +00:00

Owner

Copy Link

Context

The audit found stopped containers up to 2 years old and stale images across multiple VMs. Without periodic cleanup, Docker disk usage grows indefinitely — and stale images are a security surface.

Implementation

Add a monthly cron to each VM/host running Docker:

# /etc/cron.monthly/docker-prune
#!/bin/bash
docker container prune -f --filter "until=720h"
docker image prune -a -f --filter "until=720h"
docker volume prune -f --filter "label!=keep"

Hosts that need this

• VM 106 (docker-home)
• VM 110 (discord-bots)
• VM 112 (databases-bots)
• VM 115 (docker-sba)
• VM 116 (docker-home-servers)
• Manticore (ubuntu-manticore)

Tasks

• Create the prune script
• Deploy via Ansible (LXC 304) to all Docker hosts
• Verify the --filter "until=720h" (30 days) won't remove images still used by running containers (it won't — prune -a only removes unused images, and the filter adds an age gate)
• Optional: add a Discord notification on prune showing space reclaimed

SRE Notes

• docker volume prune with --filter "label!=keep" allows marking critical volumes with a keep label to protect them
• The 720h filter prevents removing recently-pulled images that aren't yet running

Labels

infra-audit, operations

## Context The audit found stopped containers up to 2 years old and stale images across multiple VMs. Without periodic cleanup, Docker disk usage grows indefinitely — and stale images are a security surface. ## Implementation Add a monthly cron to each VM/host running Docker: ```bash # /etc/cron.monthly/docker-prune #!/bin/bash docker container prune -f --filter "until=720h" docker image prune -a -f --filter "until=720h" docker volume prune -f --filter "label!=keep" ``` ## Hosts that need this - [ ] VM 106 (docker-home) - [ ] VM 110 (discord-bots) - [ ] VM 112 (databases-bots) - [ ] VM 115 (docker-sba) - [ ] VM 116 (docker-home-servers) - [ ] Manticore (ubuntu-manticore) ## Tasks - [ ] Create the prune script - [ ] Deploy via Ansible (LXC 304) to all Docker hosts - [ ] Verify the `--filter "until=720h"` (30 days) won't remove images still used by running containers (it won't — `prune -a` only removes unused images, and the filter adds an age gate) - [ ] Optional: add a Discord notification on prune showing space reclaimed ## SRE Notes - `docker volume prune` with `--filter "label!=keep"` allows marking critical volumes with a `keep` label to protect them - The 720h filter prevents removing recently-pulled images that aren't yet running ## Labels `infra-audit`, `operations`

cal added the

infra-audit

operations

labels 2026-04-03 01:10:23 +00:00

Claude added the

ai-working

label 2026-04-03 21:30:53 +00:00

cal referenced this issue from a commit 2026-04-03 21:33:31 +00:00

feat: add monthly Docker prune cron Ansible playbook (#29)

Claude referenced a pull request that will close this issue 2026-04-03 21:33:40 +00:00

feat: add monthly Docker prune cron Ansible playbook (#29) #45

Claude added

ai-pr-opened

and removed

ai-working

labels 2026-04-03 21:33:52 +00:00

Claude commented 2026-04-03 21:33:56 +00:00

Collaborator

Copy Link

PR opened: #45

Created ansible/playbooks/docker-prune.yml following the same hosts: <group>:... / become: true pattern as mask-avahi.yml. The playbook deploys /etc/cron.monthly/docker-prune to all six Docker hosts (VMs 106, 110, 112, 115, 116, and manticore) with the ansible.builtin.copy module — idempotent, so re-running won't cause issues.

Run from LXC 304: ansible-playbook /opt/ansible/playbooks/docker-prune.yml

PR opened: https://git.manticorum.com/cal/claude-home/pulls/45 Created `ansible/playbooks/docker-prune.yml` following the same `hosts: <group>:... / become: true` pattern as `mask-avahi.yml`. The playbook deploys `/etc/cron.monthly/docker-prune` to all six Docker hosts (VMs 106, 110, 112, 115, 116, and manticore) with the `ansible.builtin.copy` module — idempotent, so re-running won't cause issues. Run from LXC 304: `ansible-playbook /opt/ansible/playbooks/docker-prune.yml`

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

issue/27-set-up-weekly-proxmox-backup-verification-discord

issue/19-right-size-vm-106-docker-home-16-gb-6-8-gb-ram

issue/29-docker-image-prune-cron-on-all-docker-hosts

enhancement/18-rightsize-vm115-vcpus

issue/22-tune-n8n-alert-thresholds-to-per-core-load-metrics

issue/28-ansible-playbook-mask-avahi-daemon-across-all-ubun

chore/20-decommission-vm-105

docs/roku-wifi-buffering-fix

docs/ansible-controller-setup

test/auto-merge-docs-v4

fix/auto-merge-logging

test/auto-merge-docs-v3

test/auto-merge-docs

No results found.

Labels

Clear labels   

ai-changes-requested

  

ai-failed

  

ai-pr-opened

  

ai-reviewed

  

ai-reviewing

  

ai-working

  

infra-audit

Infrastructure audit remediation tasks

  

monitoring

Monitoring, alerting, and observability

  

operations

Ongoing operational improvements

  

proxmox

Proxmox VM/CT management

  

script

Script improvements and tooling

No Label

ai-changes-requested

ai-failed

ai-pr-opened

ai-reviewed

ai-reviewing

ai-working

infra-audit

monitoring

operations

proxmox

script

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: cal/claude-home#29

No description provided.