- name: Add official Docker APT key
  ansible.builtin.get_url:
    url: "{{ docker_apt_keyring_url }}"
    dest: "{{ docker_apt_keyring }}"
    checksum: "sha256:{{ docker_apt_keyring_hash }}"
    mode: "644"
    owner: root
    group: root
  when: docker_official

- name: Remove official Docker APT key
  ansible.builtin.file:
    path: "{{ docker_apt_keyring }}"
    state: absent
  when: not docker_official

- name: Add/remove official Docker APT repository
  ansible.builtin.apt_repository:
    repo: >
      deb [arch=amd64 signed-by={{ docker_apt_keyring }}]
      {{ docker_apt_repo }} {{ ansible_distribution_release }} stable
    state: "{{ 'present' if docker_official else 'absent' }}"
    filename: "{{ docker_apt_keyring | regex_replace('^.*/', '') }}"

- name: Install/uninstall Docker from Debian repositories
  ansible.builtin.apt:
    name: ['docker.io', 'docker-compose', 'containerd', 'runc']
    state: "{{ 'absent' if docker_official else 'present' }}"
    autoremove: true
    update_cache: true

- name: Install/uninstall Docker from Docker repositories
  ansible.builtin.apt:
    name: ['docker-ce', 'docker-ce-cli', 'containerd.io',
           'docker-buildx-plugin', 'docker-compose-plugin']
    state: "{{ 'present' if docker_official else 'absent' }}"
    autoremove: true
    update_cache: true

- name: Login to private registry
  community.docker.docker_login:
    registry_url: "{{ docker_login_url | default('') }}"
    username: "{{ docker_login_user }}"
    password: "{{ docker_login_pass }}"
  when: docker_login_user is defined and docker_login_pass is defined

- name: Create docker-compose root
  ansible.builtin.file:
    path: "{{ docker_compose_root }}"
    state: directory
    mode: "500"

- name: Install docker-compose systemd service
  ansible.builtin.template:
    src: docker-compose.service.j2
    dest: "/etc/systemd/system/{{ docker_compose_service }}@.service"
    mode: "400"
  notify: compose_systemd

- name: Create directories to clone docker-compose repositories
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: "400"
  loop:
    - "{{ docker_repos_path }}"
    - "{{ docker_repos_keys }}"
  when: docker_compose_deploy is defined

- name: Generate OpenSSH deploy keys for docker-compose clones
  community.crypto.openssh_keypair:
    path: "{{ docker_repos_keys }}/id_{{ docker_repos_keytype }}"
    type: "{{ docker_repos_keytype }}"
    comment: "{{ ansible_hostname }}-deploy-key"
    mode: "400"
    state: present
  when: docker_compose_deploy is defined

- name: Check for git installation
  ansible.builtin.apt:
    name: git
    state: present
  when: docker_compose_deploy is defined

- name: Clone external docker-compose projects
  ansible.builtin.git:
    repo: "{{ item.url }}"
    dest: "{{ docker_repos_path }}/{{ item.name }}"
    version: "{{ item.version }}"
    accept_newhostkey: "{{ item.accept_newhostkey | default(false) }}"
    gpg_whitelist: "{{ item.trusted_keys | default([]) }}"
    verify_commit: "{{ true if (item.trusted_keys is defined and item.trusted_keys) else false }}"
    key_file: "{{ docker_repos_keys }}/id_{{ docker_repos_keytype }}"
  loop: "{{ docker_compose_deploy }}"
  loop_control:
    label: "{{ item.url }}"
  when: docker_compose_deploy is defined

- name: Create directories for docker-compose projects using the systemd service
  ansible.builtin.file:
    path: "{{ docker_compose_root }}/{{ item.name }}"
    state: directory
    mode: "400"
  loop: "{{ docker_compose_deploy }}"
  loop_control:
    label: "{{ item.name }}"
  when: docker_compose_deploy is defined

- name: Synchronize docker-compose.yml
  ansible.posix.synchronize:
    src: "{{ docker_repos_path }}/{{ item.name }}/{{ item.path | default('docker-compose.yml') }}"
    dest: "{{ docker_compose_root }}/{{ item.name }}/docker-compose.yml"
  delegate_to: "{{ inventory_hostname }}"
  register: compose_update
  notify:
    - compose_restart
    - compose_enable
  loop: "{{ docker_compose_deploy | default([]) }}"
  loop_control:
    label: "{{ item.name }}"
  when: docker_compose_deploy is defined and docker_compose_deploy | length > 0

- name: Set environment variables for docker-compose projects
  ansible.builtin.template:
    src: docker-compose-env.j2
    dest: "{{ docker_compose_root }}/{{ item.name }}/.env"
    mode: "400"
  register: compose_env_update
  notify:
    - compose_restart
    - compose_enable
  no_log: "{{ docker_compose_env_nolog | default(true) }}"
  loop: "{{ docker_compose_deploy }}"
  loop_control:
    label: "{{ item.name }}"
  when: docker_compose_deploy is defined and item.env is defined

- name: Add users to docker group
  ansible.builtin.user:
    name: "{{ item }}"
    groups: docker
    append: true
  loop: "{{ docker_users }}"
  when: docker_users is defined

- name: Start Docker and enable on boot
  ansible.builtin.service:
    name: docker
    state: started
    enabled: true
  when: docker_managed | default(true)