---
- name: Install docker packages
  dnf:
    name:
      - moby-engine
      - docker-compose
    state: present

- name: Start/enable docker service
  systemd:
    name: docker
    state: started
    enabled: yes

- name: Create docker service folders
  file:
    path: /root/docker/{{ item }}
    state: directory
    owner: root
    group: root
    mode: '0750'
  with_items:
    - "{{ containers | map(attribute='service_name') | flatten }}"

- name: Create docker networks
  docker_network:
    name: "{{ item.name }}"
    ipam_config:
      - subnet: "{{ item.subnet }}"
        gateway: "{{ item.gateway }}"
        iprange: "{{ item.ip_range }}"
    state: present
  with_items:
    - "{{ container_networks }}"
  when:
    - container_networks is defined
  loop_control:
    label: "{{ item.name }}"

- name: Write docker compose file
  template:
    src: docker-compose.yml.j2
    dest: /root/docker/{{ item }}/docker-compose.yml
    owner: root
    group: root
    mode: '0640'
  with_items:
    - "{{ containers | map(attribute='service_name') | flatten }}"

- name: Create container group
  group:
    name: "{{ container_group }}"
    gid: "{{ container_gid }}"

- name: Create container user
  user:
    name: "{{ container_user }}"
    uid: "{{ container_uid }}"
    group: "{{ container_group }}"

- name: Generate list of persistent container directories
  set_fact:
    persistent_container_dirs: "{{ containers | map(attribute='volumes') | flatten | map('regex_replace', ':.*' ) | list }}"
  changed_when: false

- name: Create persistent container directories
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{ container_user }}"
    group: "{{ container_group }}"
    mode: '0770'
  with_items:
    - "{{ persistent_container_dirs }}"

- name: Modify SELinux contexts for container directories
  sefcontext:
    target: '{{ item }}(/.*)?'
    setype: container_file_t
    state: present
  with_items:
    - "{{ persistent_container_dirs }}"
  notify: Apply SELinux contexts

- name: Copy systemd service file
  template:
    src: service.j2
    dest: /etc/systemd/system/{{ item }}.service
    owner: root
    group: root
    mode: '0640'
  notify: Refresh systemd service files
  with_items:
    - "{{ containers | map(attribute='service_name') | flatten }}"

- meta: flush_handlers

- name: Open up firewall ports
  firewalld:
    port: "{{ item }}"
    permanent: yes
    state: enabled
  with_items:
    - "{{ firewall_ports }}"

- name: Start/enable services
  systemd:
    name: "{{ item }}"
    enabled: yes
    state: started
  with_items:
    - "{{ containers | map(attribute='service_name') | flatten }}"