- name: Setup docker
  become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
  block:
    - name: Facts
      ansible.builtin.setup:

    - name: Print arch
      ansible.builtin.debug:
        msg: "{{ ansible_architecture }}"
    - name: Install docker dependencies
      ansible.builtin.apt:
        name:
          - ca-certificates
          - curl
          - telnet
          - net-tools
          - python3-pip
          - python3-dev
          - tee
        state: present
        update_cache: true
    - name: Get keys for raspotify
      ansible.builtin.command:
        install -m 0755 -d /etc/apt/keyrings


    # - name: Add an Apt signing key to a specific keyring file
    #   ansible.builtin.apt_key:
    #     url: https://download.docker.com/linux/debian/gpg
    #     keyring: /etc/apt/keyrings/docker.asc
    #   when:
    #     - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"

    # - name: Get keys for raspotify
    #   ansible.builtin.shell:
    #     curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
    #   when:
    #     - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"

    - name: Get keys for raspotify
      ansible.builtin.shell:
        curl -fsSL https://download.docker.com/linux/raspbian/gpg -o /etc/apt/keyrings/docker.asc
      when:
        - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"




    - name: Add an Apt signing key to a specific keyring file
      ansible.builtin.apt_key:
        url: https://download.docker.com/linux/ubuntu/gpg
        keyring: /etc/apt/keyrings/docker.asc
      when:
        - ansible_distribution == "Ubuntu"

    # - name: Get keys for raspotify
    #   ansible.builtin.shell:
    #     curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
    #   when:
    #     - ansible_distribution == "Ubuntu"
    - name: Change file ownership, group and permissions
      ansible.builtin.file:
        path: /etc/apt/keyrings/docker.asc
        owner: root
        group: root
        mode: '0644'

    # - name: Get keys for raspotify
    #   ansible.builtin.shell:
    #     chmod a+r /etc/apt/keyrings/docker.asc

    - name: Get keys for raspotify
      ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc]\
       https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |\
       tee /etc/apt/sources.list.d/docker.list > /dev/null
      when:
        - ansible_distribution == "Debian"  and ansible_distribution_major_version  == "12"

    - name: Get keys for raspotify
      ansible.builtin.shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc]\
       https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" |\
       sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
      when:
        - ansible_distribution == "Ubuntu"

    - name: Install docker
      ansible.builtin.apt:
        name:
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-buildx-plugin
          - docker-compose-plugin
        update_cache: true

    - name: Create a directory docker.service.d
      ansible.builtin.file:
        path: /etc/systemd/system/docker.service.d/
        state: directory
        mode: '0755'
    - name: Create a directory for certs
      ansible.builtin.file:
        path: /etc/docker/certs
        state: directory
        mode: '0700'
        owner: root
        group: root

    - name: Copy files
      ansible.builtin.copy:
        src: server-key.pem
        dest: /etc/docker/certs/
        mode: '0600'
        owner: root
        group: root
    - name: Copy files
      ansible.builtin.copy:
        src: ca.pem
        dest: /etc/docker/certs/
        mode: '0600'
        owner: root
        group: root
    - name: Copy files
      ansible.builtin.copy:
        src: server-cert.pem
        dest: /etc/docker/certs/
        mode: '0600'
        owner: root
        group: root
    - name: Creating a file with content
      ansible.builtin.copy:
        dest: "/etc/systemd/system/docker.service.d/override.conf"
        content: |
          [Service]
          ExecStart=
          ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
        mode: '0600'
        owner: root
        group: root
      notify: restart_docker
      when: mode == "nocert"

    # - name: Creating a file with content
    #   ansible.builtin.copy:
    #     dest: "/etc/systemd/system/docker.service.d/override.conf"
    #     content: |
    #       [Service]
    #       ExecStart=
    #       ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify \
    #       --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem \
    #       --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
    #     mode: '0600'
    #     owner: root
    #     group: root
    #   notify: restart_docker
    #   when: mode != "nocert"

    - name: Just force systemd to reread configs
      ansible.builtin.systemd:
        daemon_reload: true

    - name: Restart docker service
      ansible.builtin.service:
        name: docker
        state: restarted

    # - name: Get keys for raspotify
    #   ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions
    - name: Install a plugin
      community.docker.docker_plugin:
        plugin_name: grafana/loki-docker-driver:3.3.2
        alias: loki
        state: present