docker-cleanup might remove images which are in use
The docker-cleanup script (which just calls "docker system prune") can mistakenly remove images that are referenced by float systemd units, because of timing issues: if the container is restarted (or it is crash-looping for some external reason), docker-cleanup can "catch it" when it is not running, and it will proceed to remove it. The situation becomes unrecoverable until ansible is run manually again.
I am afraid that we're going to need to write a custom replacement for "docker system prune", that incorporates knowledge about float containers, and will avoid cleaning them up by mistake.