---
- block:
    - name: Add docker group
      group:
        name: docker
        state: present
      notify: __docker_restart
      when: dockerengine_docker_group_enabled | bool

    - name: Deploy config files to setup environment
      template:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        owner: root
        group: root
        mode: 0644
      loop:
        - { src: 'etc/sysconfig/docker.j2', dest: '/etc/sysconfig/{{ dockerengine_service }}' }
        - { src: 'etc/sysconfig/docker-storage-setup.j2', dest: '/etc/sysconfig/{{ dockerengine_service }}-storage-setup' }
        - { src: 'etc/containers/registries.conf.j2', dest: '/etc/containers/registries.conf' }
      loop_control:
        label: "{{ item.dest }}"
      notify: __docker_restart

    - name: Add namespace group
      group:
        name: "{{ dockerengine_nsremap_user }}"
        state: present
      when: dockerengine_usernamespace_enabled | bool

    - name: Setup namespace user
      user:
        name: "{{ dockerengine_nsremap_user }}"
        group: "{{ dockerengine_nsremap_user }}"
        shell: /sbin/nologin
        state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}"

    - name: Remove namespace group
      group:
        name: "{{ dockerengine_nsremap_user }}"
        state: absent
      when: not dockerengine_usernamespace_enabled | bool

    - name: Configure namespace id range
      lineinfile:
        dest: "{{ item }}"
        regexp: "^{{ dockerengine_nsremap_user }}:"
        line: "{{ dockerengine_nsremap_user }}:{{ dockerengine_nsremap_range_start }}:{{ dockerengine_nsremap_range_length }}"
        state: "{{ 'present' if dockerengine_usernamespace_enabled | bool else 'absent' }}"
      loop:
        - /etc/subuid
        - /etc/subgid

    - name: Create docker networks
      docker_network:
        name: "{{ item.name }}"
        enable_ipv6: "{{ item.enable_ipv6 | default(False) }}"
        ipam_config: "{{ item.ipam_config | default(omit) }}"
        force: "{{ item.force | default(omit) }}"
        state: "{{ item.state | default('present') }}"
      loop: "{{ dockerengine_networks + dockerengine_networks_extra }}"
      loop_control:
        label: "{{ item.name }}"
      notify: __docker_restart

    - name: Ensure docker engine is up and running
      service:
        name: "{{ dockerengine_service }}"
        enabled: True
        state: started
  become: True
  become_user: root