---
- name: Install Docker dependencies
  ansible.builtin.package:
    name:
      - ca-certificates
      - curl
      - gnupg
      - lsb-release
    state: latest

- name: Add Docker GPG key
  ansible.builtin.apt_key:
    url: https://download.docker.com/linux/ubuntu/gpg
    state: present
    keyring: /etc/apt/keyrings/docker.gpg

- name: Add Docker repository
  ansible.builtin.apt_repository:
    repo: deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu   jammy stable
    state: present

- name: Install Docker
  ansible.builtin.package:
    name:
      - docker-ce
      - docker-ce-cli 
      - containerd.io
      - docker-compose-plugin
    state: latest
  register: install_docker

- name: Restart Docker service
  ansible.builtin.service:
    name: docker
    state: restarted
  when: install_docker.changed

- name: Download concourse
  ansible.builtin.get_url:
    url: https://github.com/concourse/concourse/releases/download/v{{ concourse_version }}/concourse-{{ concourse_version }}-linux-amd64.tgz
    dest: /tmp/concourse.tgz
    mode: '0640'
    checksum: sha1:https://github.com/concourse/concourse/releases/download/v{{ concourse_version }}/concourse-{{ concourse_version }}-linux-amd64.tgz.sha1
  register: download_concourse

- name: Extract concourse
  ansible.builtin.unarchive:
    src: /tmp/concourse.tgz
    dest: /opt/
    remote_src: true
  when: download_concourse.changed

- name: Create concourse user
  ansible.builtin.user:
    name: concourse
    home: /var/lib/concourse
    shell: /bin/false
    groups: users,docker

- name: Create /etc/concourse
  ansible.builtin.file:
    path: /etc/concourse
    state: directory

- name: Create /etc/concourse
  ansible.builtin.file:
    path: /var/lib/concourse/.ssh
    state: directory
    owner: concourse

- name: Deploy concourse keys
  ansible.builtin.copy:
    content: "{{ item.content }}"
    dest: "{{ item.dest }}"
    mode: '0440'
  loop:
    - content: "{{ concourse.worker.workerKey }}"
      dest: /var/lib/concourse/.ssh/id_rsa
    - content: "{{ concourse.worker.workerKeyPub }}"
      dest: /var/lib/concourse/.ssh/id_rsa.pub
    - content: "{{ concourse.worker.hostKeyPub }}"
      dest: /var/lib/concourse/.ssh/web_key.pub

- name: Create concourse config
  ansible.builtin.template:
    src: concourse-cfg.j2
    dest: /etc/concourse/worker
    mode: '0640'
  register: create_concourse_config

- name: Create concourse service file
  ansible.builtin.template:
    src: concourse-worker.service.j2
    dest: /lib/systemd/system/concourse-worker.service
    mode: '0640'
  register: create_concourse_service

- name: Make sure a service unit is running
  ansible.builtin.systemd:
    name: concourse-worker
    state: restarted
    daemon_reload: true
    enabled: true
  when: create_concourse_service.changed or create_concourse_config.changed