- name: Setup docker
  become: "{{ false if inventory_hostname == 'nas.home.lan' else true }}"
  block:
    - name: Facts
      ansible.builtin.setup:

    - name: Remove old Docker packages
      ansible.builtin.dnf:
        name:
          - docker
          - docker-client
          - docker-client-latest
          - docker-common
          - docker-latest
          - docker-latest-logrotate
          - docker-logrotate
          - docker-engine
        state: absent

    - name: Install required packages
      ansible.builtin.dnf:
        name:
          - dnf-plugins-core
          - ca-certificates
          - curl
          - gnupg2
        state: present

    - name: Add Docker repository
      ansible.builtin.get_url:
        url: https://download.docker.com/linux/centos/docker-ce.repo
        dest: /etc/yum.repos.d/docker-ce.repo
        mode: '0644'

    - name: Install Docker Engine
      ansible.builtin.dnf:
        name:
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-buildx-plugin
          - docker-compose-plugin
        state: latest

    - name: Add users to docker group
      ansible.builtin.user:
        name: "{{ item }}"
        groups: docker
        append: true
      loop: "{{ docker_users }}"
      when: docker_users | length > 0

    - name: Create a directory docker.service.d
      ansible.builtin.file:
        path: /etc/systemd/system/docker.service.d/
        state: directory
        mode: '0755'

    - name: Create a directory for certs
      ansible.builtin.file:
        path: /etc/docker/certs
        state: directory
        mode: '0700'
        owner: root
        group: root

    - name: Creating a file with content
      ansible.builtin.copy:
        dest: "/etc/systemd/system/docker.service.d/override.conf"
        content: |
          [Service]
          ExecStart=
          ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/server-cert.pem --tlskey=/etc/docker/certs/server-key.pem -H=0.0.0.0:2376
        mode: '0600'
        owner: root
        group: root
      notify: restart_docker
      when: mode == "cert"

    - name: Just force systemd to reread configs
      ansible.builtin.systemd:
        daemon_reload: true

    - name: Check if file exists
      ansible.builtin.stat:
        path: /etc/docker/certs/ca.pem
      register: file_check

    - name: Print file check result
      ansible.builtin.debug:
        var: file_check

    - name: Include role only if missing
      ansible.builtin.include_role:
        name: cert_gen
      when: not file_check.stat.exists and mode == "cert"


    - name: Create docker config file
      ansible.builtin.copy:
        dest: /etc/docker/daemon.json
        content: |
          {
            "log-driver": "json-file",
            "log-opts": {
              "max-size": "10m",
              "max-file": "3"
            },
            "data-root": "/var/lib/docker",
            "dns": ["192.168.77.101", "192.168.77.106", "8.8.8.8"],
            "dns-search": ["lan", "home.lan"]

          }
        mode: '0644'
        owner: root
        group: root


    - name: Restart docker service
      ansible.builtin.service:
        name: docker
        state: restarted

    # - name: Get keys for raspotify
    #   ansible.builtin.shell: docker plugin install grafana/loki-docker-driver:3.3.2-{{ ansible_architecture }} --alias loki --grant-all-permissions
    - name: Install a plugin
      community.docker.docker_plugin:
        plugin_name: grafana/loki-docker-driver
        alias: loki
        state: enable