# Save this file as: recipes/system/docker/playbook.yml
---
- name: Install and configure Docker
  hosts: localhost
  become: true
  gather_facts: true

  vars:
    docker_packages:
      - docker-ce
      - docker-ce-cli
      - containerd.io
      - docker-buildx-plugin
      - docker-compose-plugin

  tasks:
    - name: Ensure docker runtime user exists
      ansible.builtin.user:
        name: dockeruser
        shell: /usr/sbin/nologin
        create_home: yes
        state: present

    - name: Add current user to docker group
      ansible.builtin.user:
        name: "{{ ansible_env.USER }}"
        groups: docker
        append: yes

    - name: Ensure /srv/docker owned by dockeruser
      ansible.builtin.file:
        path: /srv/docker
        state: directory
        owner: dockeruser
        group: docker
        mode: '0755'

    # Existing tasks continue below
    - name: Ensure required packages are installed
      ansible.builtin.apt:
        name: ["ca-certificates", "curl", "gnupg", "lsb-release"]
        state: present
        update_cache: yes

    - name: Add Docker GPG key
      ansible.builtin.shell: |
        install -m 0755 -d /etc/apt/keyrings
        curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
        chmod a+r /etc/apt/keyrings/docker.gpg
      args:
        creates: /etc/apt/keyrings/docker.gpg

    - name: Add Docker APT repository
      ansible.builtin.copy:
        dest: /etc/apt/sources.list.d/docker.list
        content: |
          deb [arch={{ ansible_architecture }} signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_lsb.codename }} stable

    - name: Update apt cache
      ansible.builtin.apt:
        update_cache: yes

    - name: Install Docker packages
      ansible.builtin.apt:
        name: "{{ docker_packages }}"
        state: present

    - name: Ensure systemd is refreshed after Docker install
      ansible.builtin.systemd:
        daemon_reload: yes

    - name: Start and enable Docker
      ansible.builtin.service:
        name: docker
        state: started
        enabled: yes

    - name: Add current user to docker group
      ansible.builtin.user:
        name: "{{ ansible_user_id }}"
        groups: docker
        append: yes

    - name: Create /srv/docker base directory
      ansible.builtin.file:
        path: /srv/docker
        state: directory
        owner: dockeruser
        group: docker
        mode: '0755'

    - name: Create /srv/docker/services directory
      ansible.builtin.file:
        path: /srv/docker/services
        state: directory
        owner: dockeruser
        group: docker
        mode: '0755'

    - name: Create /srv/docker/stacks directory
      ansible.builtin.file:
        path: /srv/docker/stacks
        state: directory
        owner: dockeruser
        group: docker
        mode: '0755'