---
# Installation Docker + Docker Compose
# Cible : forgejo, nextcloud, tools (pas gateway)

- name: Installation Docker
  hosts: forgejo:nextcloud:tools
  become: true

  tasks:
    - name: Installation des prerequis
      ansible.builtin.dnf:
        name:
          - dnf-utils
          - device-mapper-persistent-data
          - lvm2
        state: present
      tags: [docker]

    - name: Ajout du repo Docker CE
      ansible.builtin.yum_repository:
        name: docker-ce
        description: Docker CE Stable
        baseurl: https://download.docker.com/linux/centos/$releasever/$basearch/stable
        gpgcheck: true
        gpgkey: https://download.docker.com/linux/centos/gpg
        enabled: true
      tags: [docker]

    - name: Installation Docker CE + Compose plugin
      ansible.builtin.dnf:
        name:
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-compose-plugin
        state: present
      tags: [docker]

    - name: Chargement des modules kernel requis par Docker
      community.general.modprobe:
        name: "{{ item }}"
        state: present
      loop:
        - overlay
        - br_netfilter
      tags: [docker]

    - name: Persistance des modules kernel au reboot
      ansible.builtin.copy:
        dest: /etc/modules-load.d/docker.conf
        content: |
          overlay
          br_netfilter
        mode: "0644"
      tags: [docker]

    - name: Parametres sysctl requis par Docker
      ansible.posix.sysctl:
        name: "{{ item.key }}"
        value: "{{ item.value }}"
        sysctl_set: true
        reload: true
      loop:
        - { key: "net.bridge.bridge-nf-call-iptables",  value: "1" }
        - { key: "net.bridge.bridge-nf-call-ip6tables", value: "1" }
        - { key: "net.ipv4.ip_forward",                 value: "1" }
      tags: [docker]

    - name: Demarrage containerd
      ansible.builtin.systemd:
        name: containerd
        state: started
        enabled: true
      tags: [docker]

    - name: Demarrage et activation Docker
      ansible.builtin.systemd:
        name: docker
        state: started
        enabled: true
      tags: [docker]

    - name: Ajout de {{ admin_user }} au groupe docker
      ansible.builtin.user:
        name: "{{ admin_user }}"
        groups: docker
        append: true
      tags: [docker]

  handlers:
    - name: reload firewalld
      ansible.builtin.systemd:
        name: firewalld
        state: reloaded