---
# - name: Add docker apt key
#   ansible.builtin.get_url:
#     url: https://download.docker.com/linux/ubuntu/gpg.asc
#     dest: /etc/apt/keyrings/docker.gpg
#   when:
#     - docker_ver == "docker_ce"
- name: Add docker apt key
  ansible.builtin.copy:
    src: etc/apt/keyrings/docker.gpg
    dest: /etc/apt/keyrings/docker.gpg
    group: root
    owner: root
    mode: 0644
  when:
    - docker_ver == "docker_ce"

- name: Add docker repository
  ansible.builtin.apt_repository:
    repo: 'deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable'
    filename: docker-ce
    state: present
    update_cache: true
  when:
    - docker_ver == "docker_ce"

- name: "Ensure GRUB_CMDLINE_LINUX is updated"
  ansible.builtin.lineinfile:
    dest: /etc/default/grub
    regexp: '^(GRUB_CMDLINE_LINUX=".*)"$'
    line: '\1 cgroup_enable=memory swapaccount=1"'
    backrefs: true
  when:
    - not docker_installed.stat.exists

- name: "Update grub.conf"
  ansible.builtin.command: update-grub
  when:
    - not docker_installed.stat.exists

- name: Check whether ufw status is active
  ansible.builtin.command: ufw status
  changed_when: false
  ignore_errors: true
  register: ufw_check
  check_mode: false

- name: "Ensure DEFAULT_FORWARD_POLICY in /etc/default/ufw is updated"
  ansible.builtin.lineinfile:
    dest: /etc/default/ufw
    regexp: '^(DEFAULT_FORWARD_POLICY=").*"$'
    line: '\1ACCEPT"'
    backrefs: true
  notify: reload ufw
  when: "'inactive' not in ufw_check.stdout"
  tags: [docker, firewall]

# Need Certificat ? Only in local
# - name: "Add docker port 2376/TCP "
#   ufw: rule=allow port=2376 proto=tcp
#   notify: reload ufw
#   tags: [docker,firewall]

# - name: "Start UFW rules"
#   service: name=ufw state=started
#   tags: [docker,firewall]