# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Add Docker apt PGP key
  ansible.builtin.apt_key:
    id: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
    url: https://download.docker.com/linux/debian/gpg
    state: present

- name: Add Docker apt repository
  ansible.builtin.apt_repository:
    filename: docker
    repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
    state: present
    update_cache: true

- name: Install Docker
  ansible.builtin.apt:
    name:
      - containerd.io
      - docker-ce
      - docker-ce-cli
      - docker-buildx-plugin
      - docker-compose-plugin
    state: present

- name: Configure rootful Docker
  when: not docker_rootless
  block:
    - name: Make sure Docker is running
      ansible.builtin.service:
        name: docker
        state: started
        enabled: true

    - name: Configure cron job to prune unused Docker data weekly
      ansible.builtin.cron:
        name: Prune unused Docker data
        cron_file: ansible_docker_prune
        job: docker system prune -fa --volumes --filter "until=6h"
        special_time: weekly
        user: root
        state: present

- name: Configure rootless Docker
  when: docker_rootless
  block:
    - name: Make sure rootful Docker is stopped and disabled
      ansible.builtin.systemd_service:
        scope: system
        name: docker
        state: stopped
        enabled: false

    - name: Install packages needed by rootless Docker
      ansible.builtin.apt:
        name:
          - docker-ce-rootless-extras
          - uidmap
          - dbus-user-session
          - fuse-overlayfs
          - slirp4netns

    - name: Create group for Docker socket
      ansible.builtin.group:
        name: docker
        state: present

    - name: Create user for rootless Docker
      ansible.builtin.user:
        name: "{{ docker_rootless_user }}"
        uid: "{{ docker_rootless_user_uid }}"
        comment: Rootless Docker User
        groups:
          - docker
        state: present

    - name: Enable lingering for Docker user
      ansible.builtin.command:
        cmd: loginctl enable-linger {{ docker_rootless_user }}
        creates: /var/lib/systemd/linger/{{ docker_rootless_user }}

    - name: Set DOCKER_HOST environment variable globally
      ansible.builtin.lineinfile:
        path: /etc/profile
        regexp: '^export DOCKER_HOST='
        line: export DOCKER_HOST=unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock
        state: present

    - name: Run rootless Docker setup script
      ansible.builtin.command:
        cmd: dockerd-rootless-setuptool.sh install
        creates: /home/{{ docker_rootless_user }}/.config/systemd/user/docker.service
      become: true
      become_user: "{{ docker_rootless_user }}"

    - name: Make sure rootless Docker is running
      ansible.builtin.systemd_service:
        scope: user
        name: docker.service
        state: started
        enabled: true
      become: true
      become_user: "{{ docker_rootless_user }}"

    - name: Configure cron job to prune unused Docker data weekly
      ansible.builtin.cron:
        name: Prune unused Docker data
        cron_file: ansible_docker_rootless_prune
        job: docker --host unix:///run/user/{{ docker_rootless_user_uid }}/docker.sock system prune -fa --volumes --filter "until=6h"
        special_time: weekly
        user: "{{ docker_rootless_user }}"
        state: present