pez-infra/ansible/roles/docker/tasks/main.yml

---
# Set up Docker's official apt repository and install Docker + Compose plugin.

- name: Install prerequisites for Docker repo (Debian/Ubuntu)
  ansible.builtin.apt:
    name:
      - ca-certificates
      - curl
      - gnupg
    state: present
    update_cache: true
  when: ansible_facts["os_family"] == "Debian"

- name: Create keyrings directory
  ansible.builtin.file:
    path: /etc/apt/keyrings
    state: directory
    mode: '0755'
  when: ansible_facts["os_family"] == "Debian"

- name: Set Docker repo variables
  ansible.builtin.set_fact:
    docker_distro: >-
      {{ 'ubuntu' if ansible_facts['distribution'] == 'Ubuntu' else 'debian' }}
    docker_arch: >-
      {{ ansible_facts['architecture']
      | regex_replace('x86_64', 'amd64')
      | regex_replace('aarch64', 'arm64') }}
  when: ansible_facts["os_family"] == "Debian"

- name: Build Docker repo line
  ansible.builtin.set_fact:
    docker_repo: >-
      deb [arch={{ docker_arch }}
      signed-by=/etc/apt/keyrings/docker.asc]
      https://download.docker.com/linux/{{ docker_distro }}
      {{ ansible_facts['distribution_release'] }} stable
  when: ansible_facts["os_family"] == "Debian"

- name: Add Docker GPG key
  ansible.builtin.get_url:
    url: "https://download.docker.com/linux/{{ docker_distro }}/gpg"
    dest: /etc/apt/keyrings/docker.asc
    mode: '0644'
    force: false
  when: ansible_facts["os_family"] == "Debian"

- name: Add Docker apt repository
  ansible.builtin.apt_repository:
    repo: "{{ docker_repo }}"
    filename: docker
    state: present
    update_cache: true
  when: ansible_facts["os_family"] == "Debian"

- name: Remove old docker packages (Debian/Ubuntu)
  ansible.builtin.apt:
    name:
      - docker.io
      - docker-compose
      - docker-compose-v2
    state: absent
  when: ansible_facts["os_family"] == "Debian"

- name: Install Docker (Debian/Ubuntu)
  ansible.builtin.apt:
    name:
      - docker-ce
      - docker-ce-cli
      - containerd.io
      - docker-compose-plugin
    state: present
  when: ansible_facts["os_family"] == "Debian"

- name: Install Docker (Alpine)
  community.general.apk:
    name:
      - docker
      - docker-cli-compose
    state: present
  when: ansible_facts["os_family"] == "Alpine"

- name: Enable and start Docker
  ansible.builtin.service:
    name: docker
    state: started
    enabled: true

# ── Loki logging driver ───────────────────────────────────────────────────────

- name: Install Loki Docker logging plugin
  ansible.builtin.command:
    cmd: docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions
  register: docker_loki_plugin_install
  changed_when: "'Installed plugin' in docker_loki_plugin_install.stdout"
  failed_when:
    - docker_loki_plugin_install.rc != 0
    - "'already exists' not in docker_loki_plugin_install.stderr"

- name: Deploy Docker daemon.json
  ansible.builtin.template:
    src: daemon.json.j2
    dest: /etc/docker/daemon.json
    mode: '0644'
  notify: Restart docker

# ── Compose project directories ───────────────────────────────────────────────

- name: Create docker compose project directories
  ansible.builtin.file:
    path: "/opt/docker/{{ item }}"
    state: directory
    mode: '0755'
  loop: "{{ docker_services | default([]) }}"