---
- name: Clean install by removing any docker package
  package: name={{ item }} state=absent
  with_items: "{{ clean_install_remove_packages }}"

- name: Ensure curl & ca-certs are installed 
  package:
    name:
      - ca-certificates
      - curl
      - gnupg
    state: latest

# Map Ansible distro -> Docker repo distro segment
- name: Determine Docker repository distro (ubuntu/debian)
  set_fact:
    docker_repo_distro: >-
      {{
        'ubuntu' if ansible_distribution | lower == 'ubuntu'
        else 'debian' if ansible_distribution | lower == 'debian'
        else ansible_distribution | lower
      }}

# Prefer the suite/codename Ansible already knows; fall back to os-release.
- name: Determine OS suite/codename
  set_fact:
    docker_repo_codename: "{{ ansible_distribution_release | default(ansible_lsb.codename, true) }}"

- name: Ensure docker keyring file exists
  file:
    path: /etc/apt/keyrings/docker.gpg
    state: touch
  
- name: Download docker gpg key and add to keyrings
  shell: |
    curl -fsSL "https://download.docker.com/linux/{{ docker_repo_distro }}/gpg" \
      | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg
    chmod a+r /etc/apt/keyrings/docker.gpg
  args:
    creates: /etc/apt/keyrings/docker.gpg

- name: Sign and add docker deb source (Ubuntu/Debian)
  copy:
    dest: /etc/apt/sources.list.d/docker.list
    mode: "0644"
    content: |
      deb [signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/{{ docker_repo_distro }} {{ docker_repo_codename }} stable

- name: Update apt sources
#  become: true
  apt:
    update_cache: yes
    cache_valid_time: 10

- name: Install docker packages
  package: name={{ item }} state=latest
  with_items: "{{ install_packages }}"

- name: Ensure group docker exists
  user:
    name: docker
    state: present