- name: install docker-ce
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become_var}}"
  tasks:

  # todo - deal with docker_type == 'upstream' and system == 'debian' everywhere

  # todo - make it happen for redhat also
  - name: package requirements
    ansible.builtin.package:
      #use: "{{ 'yum' if system == 'redhat' else 'apt' }}"
      name:
        - apparmor
        - bridge-utils
        - ca-certificates
        - colorized-logs # provides ansi2txt
        - curl
        - gnupg1
        - lsb-release
        - wget
    diff: true

  # after package (requires colorized-logs / ansi2txt)
  # fetched file goes into user's homedir
  - name: check kernel config
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: |
        set -e
        which ansi2txt
        wget -qc https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh
        chmod +x check-config.sh
        ./check-config.sh | ansi2txt | grep -i missing
    register: check
    # we cannot run this as check mode because colorized-logs nor wget might now yet be installed
    # that's not exactly right but not much harmful either
    changed_when: false

  - debug: var=check.msg
    when: check.msg != ''
  - debug: var=check.stdout
    when: check.stdout != ''

  # todo - check fingerprint
  - name: grab docker-ce pgp pubkey
    ansible.builtin.shell:
      executable: /bin/bash
      cmd: |
        set -e
        # same as https://download.docker.com/linux/ubuntu/gpg
        curl -fsSL https://download.docker.com/linux/debian/gpg > /usr/share/keyrings/docker-ce.asc
        gpg1 --dearmor < /usr/share/keyrings/docker-ce.asc > /usr/share/keyrings/docker-ce.gpg
      creates: /usr/share/keyrings/docker-ce.gpg
    register: grab

  - debug: var=grab.stdout
    when: grab.stdout != ''
  - debug: var=grab.stderr
    when: grab.stderr != ''

  - name: define distro flavor
    ansible.builtin.shell: lsb_release -is 2>/dev/null | tr A-Z a-z
    register: flavor
    check_mode: false
    changed_when: false

  #- debug: var=flavor.stdout
  #  when: flavor.stdout != ''

  - name: define distro release
    ansible.builtin.shell: lsb_release -cs 2>/dev/null
    register: release
    check_mode: false
    changed_when: false

  #- debug: var=release.stdout
  #  when: release.stdout != ''

  - name: setup repo
    ansible.builtin.copy:
      content: |

        # CONFIGURED BY ANSIBLE

        deb [arch=amd64 signed-by=/usr/share/keyrings/docker-ce.gpg] https://download.docker.com/linux/{{flavor.stdout}} {{release.stdout}} stable
      dest: /etc/apt/sources.list.d/docker-ce.list
    diff: true

  - name: update repository cache
    ansible.builtin.apt:
      update_cache: true
      autoremove: true
      purge: true
    when: docker_type == 'upstream' and system == 'debian'
    # won't harm and avoid 'changed' in check mode
    check_mode: false

  - name: install docker ce
    ansible.builtin.package:
      name:
        - docker-ce
    # we cannot run this as check mode because colorized-logs nor wget might now yet be installed
    when: not ansible_check_mode