---
- name: Make sure that the required packages for Docker are installed
  remote_user: ansible
  ansible.builtin.apt:
    name: "{{ item }}"
    state: present
    update_cache: true
  loop: "{{ docker_rollout_apt_requirements }}"

- name: Install docker and jsondiff for pip
  remote_user: ansible
  become: true
  ansible.builtin.pip:
    name: "{{ item }}"
    state: present
    extra_args: "--break-system-packages"
  loop: "{{ docker_rollout_pip }}"

- name: Make sure we have a 'docker' group
  ansible.builtin.group:
    name: docker
    state: present

- name: Make sure, there are no Docker Installations
  remote_user: ansible
  ansible.builtin.shell: for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done
  args:
    executable: /bin/bash
  register: docker_ensured_removed
  changed_when: docker_ensured_removed.rc != 0

- name: Add keyrings folder to apt
  remote_user: ansible
  ansible.builtin.shell: sudo install -m 0755 -d /etc/apt/keyrings
  args:
    executable: /bin/bash
  register: docker_keyrings
  changed_when: docker_keyrings.rc != 0

- name: Add Dockers official GPG key
  remote_user: ansible
  ansible.builtin.shell: sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
  args:
    executable: /bin/bash
  register: docker_keyring
  changed_when: docker_keyring.rc != 0

- name: Add permissions to docker.asc in the keyrings folder
  remote_user: ansible
  ansible.builtin.shell: sudo chmod a+r /etc/apt/keyrings/docker.asc
  args:
    executable: /bin/bash
  register: docker_perm
  changed_when: docker_perm.rc != 0

- name: Verifying that we have the right key with the fingerprint
  remote_user: ansible
  ansible.builtin.shell: >
    set -o pipefail && curl -fsSL https://download.docker.com/linux/debian/gpg
    | gpg --dearmor | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  args:
    executable: /bin/bash
  register: docker_verification
  changed_when: docker_verification.rc != 0

- name: Configure Docker for Debian Bookworm stable repo
  remote_user: ansible
  ansible.builtin.shell: >
    set -o pipefail && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian
    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  args:
    executable: /bin/bash
  register: docker_configure_apt
  changed_when: docker_configure_apt.rc != 0

- name: Updating apt packages
  remote_user: ansible
  ansible.builtin.apt:
    update_cache: true

- name: Install Docker
  remote_user: ansible
  ansible.builtin.apt:
    name: "{{ item }}"
    state: present
    update_cache: true
  loop: "{{ docker_rollout_installation }}"

- name: Add users to Docker group
  remote_user: ansible
  ansible.builtin.user:
    name: "{{ item.docker_group }}"
    group: "docker"
    append: true
  loop:
    - {docker_group: "ansible"}
  notify: Docker_Restart_Handler