- name: Install Docker from official repo
  when: docker_install_source == "official"
  block:
    - name: Ensure Docker GPG key is dearmored and installed
      ansible.builtin.get_url:
        url: https://download.docker.com/linux/debian/gpg
        dest: /tmp/docker.gpg
        mode: '0644'

    - name: Convert Docker GPG key to binary format (dearmor)
      ansible.builtin.command:
        cmd: gpg --dearmor -o /etc/apt/trusted.gpg.d/docker.gpg /tmp/docker.gpg
      args:
        creates: /etc/apt/trusted.gpg.d/docker.gpg

    - name: Remove temporary Docker GPG key
      ansible.builtin.file:
        path: /tmp/docker.gpg
        state: absent

    - name: Add Docker APT repository (official)
      ansible.builtin.copy:
        dest: /etc/apt/sources.list.d/docker.list
        content: |
          deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.gpg] https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
        mode: '0644'
      register: docker_repo

- name: Install Docker from tinc mirror
  when: docker_install_source == "tinc"
  block:

    - name: Ensure Docker GPG key is dearmored and installed
      ansible.builtin.get_url:
        url: https://mirror.tinc.gmbh/docker/debian/gpg
        dest: /tmp/docker.gpg
        mode: '0644'

    - name: Convert Docker GPG key to binary format (dearmor)
      ansible.builtin.command:
        cmd: gpg --dearmor -o /etc/apt/trusted.gpg.d/docker.gpg /tmp/docker.gpg
      args:
        creates: /etc/apt/trusted.gpg.d/docker.gpg

    - name: Remove temporary Docker GPG key
      ansible.builtin.file:
        path: /tmp/docker.gpg
        state: absent

    - name: Add Docker APT repository (tinc)
      ansible.builtin.copy:
        dest: /etc/apt/sources.list.d/docker.list
        content: |
          deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.gpg] https://mirror.tinc.gmbh/docker/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} stable
        mode: '0644'
      register: docker_repo

- name: Update APT cache
  ansible.builtin.apt:
    update_cache: yes
  when: docker_repo.changed

- name: Install Docker packages from mirror
  ansible.builtin.apt:
    name:
      - docker-ce
      - docker-ce-cli
      - containerd.io
      - docker-compose-plugin
      - docker-buildx-plugin
      - docker-ce-rootless-extras
    state: present
  notify:
    - Enable Docker
    - Start Docker
  when: docker_repo.changed