---
- name: Ensure apt key is not present in trusted.gpg.d
  ansible.builtin.file:
    path: /etc/apt/trusted.gpg.d/docker.asc
    state: absent

- name: Ensure old apt source list is not present in /etc/apt/sources.list.d
  ansible.builtin.file:
    path: /etc/apt/sources.list.d/download_docker_com_linux_ubuntu.list
    state: absent

- name: Ensure the repo referencing the previous trusted.gpg.d key is not present
  ansible.builtin.apt_repository:
    repo: "deb [arch={{ docker_apt_arch }} signed-by=/etc/apt/trusted.gpg.d/docker.asc] {{ docker_repo_url }}/{{ docker_apt_ansible_distribution | lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
    state: absent
    filename: "{{ docker_apt_filename }}"
    update_cache: true
  environment: "{{ proxy_env | default({}) }}"
  when: docker_add_repo | bool

- # See https://docs.docker.com/engine/install/debian/#uninstall-old-versions
  name: Ensure old versions of Docker are not installed.
  ansible.builtin.package:
    name: "{{ docker_obsolete_packages_debian }}"
    state: absent

- name: Ensure dependencies are installed.
  ansible.builtin.apt:
    name:
      - apt-transport-https
      - ca-certificates
    state: present
  environment: "{{ proxy_env | default({}) }}"
  when: docker_add_repo | bool

- name: Ensure directory exists for /etc/apt/keyrings
  ansible.builtin.file:
    path: /etc/apt/keyrings
    state: directory
    mode: "0755"

- name: Add Docker apt key.
  ansible.builtin.get_url:
    url: "{{ docker_apt_gpg_key }}"
    dest: /etc/apt/keyrings/docker.asc
    mode: "0644"
    force: false
    checksum: "{{ docker_apt_gpg_key_checksum | default(omit) }}"
  register: add_repository_key
  ignore_errors: "{{ docker_apt_ignore_key_error }}"
  environment: "{{ proxy_env | default({}) }}"
  when: docker_add_repo | bool

- name: Fallback for older systems without SNI.
  when: add_repository_key is failed and docker_add_repo | bool
  block:
    - name: Ensure curl is present (on older systems without SNI).
      ansible.builtin.package:
        name: curl
        state: present
      environment: "{{ proxy_env | default({}) }}"

    - name: Add Docker apt key (alternative for older systems without SNI).  # noqa command-instead-of-module
      ansible.builtin.command: >
        curl -sSL {{ docker_apt_gpg_key }} | apt-key add -
      environment: "{{ proxy_env | default({}) }}"
      changed_when: false

- name: Add Docker repository.
  ansible.builtin.apt_repository:
    repo: "{{ docker_apt_repository }}"
    state: present
    filename: "{{ docker_apt_filename }}"
    update_cache: true
  environment: "{{ proxy_env | default({}) }}"
  when: docker_add_repo | bool