---
- name: Install prerequisites
  ansible.builtin.package:
    name:
      - ca-certificates
      - curl
      - gnupg
      - lsb-release
    state: present

- name: Ensure docker keyring dir
  ansible.builtin.file:
    path: /etc/apt/keyrings
    state: directory
    mode: "0755"

- name: Add Docker GPG (dearmored)
  ansible.builtin.get_url:
    url: https://download.docker.com/linux/ubuntu/gpg
    dest: /etc/apt/keyrings/docker.gpg
    mode: "0644"
  register: docker_gpg_raw

- name: Dearmor Docker GPG if needed
  ansible.builtin.shell: |
    gpg --dearmor < /etc/apt/keyrings/docker.gpg > /etc/apt/keyrings/docker.gpg.tmp
    mv /etc/apt/keyrings/docker.gpg.tmp /etc/apt/keyrings/docker.gpg
    chmod a+r /etc/apt/keyrings/docker.gpg
  args:
    creates: /etc/apt/keyrings/docker.gpg.tmp
  when: docker_gpg_raw is changed

- name: Map architecture to repo arch
  ansible.builtin.set_fact:
    repo_arch: "{{ 'arm64' if ansible_architecture in ['aarch64','arm64'] else 'amd64' }}"

- name: Add Docker repo (correct arch + signed-by)
  ansible.builtin.copy:
    dest: /etc/apt/sources.list.d/docker.list
    mode: "0644"
    content: |
      deb [arch={{ repo_arch }} signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable

- name: apt update
  ansible.builtin.apt:
    update_cache: true

- name: Install Docker Engine & Compose plugin
  ansible.builtin.apt:
    name:
      - docker-ce
      - docker-ce-cli
      - containerd.io
      - docker-buildx-plugin
      - docker-compose-plugin
    update_cache: true
    state: present