---
- name: "Docker Certs enable"
  hosts: "{{ my_hosts | d([]) }}"
  become: true
  vars:
    certs_path: "/root/docker-certs"

  tasks:
    - name: Check if docker certs are existing
      ansible.builtin.stat:
        path: "{{ certs_path }}"
      register: certs_dir

    - name: Fail if docker certs are not existing
      ansible.builtin.fail:
        msg: "Docker certificates are not existing in /root/docker-certs."
      when: not certs_dir.stat.exists

    - name: Get machine's primary internal ip address from eth0 interface
      ansible.builtin.setup:
      register: ip_address

    - name: Set machine's primary internal ip address
      ansible.builtin.set_fact:
        ip_address: "{{ ip_address.ansible_facts.ansible_default_ipv4.address }}"

    - name: Check if ip_address is a valid ip address
      ansible.builtin.assert:
        that:
          - ip_address is match("^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$")
        fail_msg: "ip_address is not a valid ip address."
        success_msg: "ip_address is a valid ip address."

    - name: Change docker daemon to use certs
      ansible.builtin.lineinfile:
        path: /lib/systemd/system/docker.service
        line: >
          ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
          -H tcp://{{ ip_address }}:2376 --tlsverify --tlscacert={{ certs_path }}/ca.pem
          --tlscert={{ certs_path }}/server-cert.pem --tlskey={{ certs_path }}/server-key.pem
        regexp: '^ExecStart='
        state: present

    - name: Reload systemd daemon
      ansible.builtin.systemd:
        daemon_reload: true

    - name: Restart docker daemon
      ansible.builtin.systemd:
        name: docker
        state: restarted
        enabled: true