---
- hosts: all
  user: mike
  become: true
  tasks:
#    - name: Update Server
#      apt:
#        upgrade: true
#        update-cache: true
#        cache_valid_time: 3600

    - name: Make users passwordless for sudo in group mike
      lineinfile:
        path: /etc/sudoers
        state: present
        regexp: '^%sudo'
        line: '%sudo ALL=(ALL) NOPASSWD: ALL'
        validate: 'visudo -cf %s'


    - name: Install Core Server Utils
      apt:
        pkg:
          - curl
          - python3
          - ufw
          - samba
          - smbclient
          - cifs-utils
          - apt-transport-https
          - ca-certificates
          - curl
          - software-properties-common
          - python3-pip
          - virtualenv
          - python3-setuptools
          - rsync

        state: present
#        update_cache: true
        cache_valid_time: 3600

    - name: Add Docker GPG apt Key
      apt_key:
        url: https://download.docker.com/linux/ubuntu/gpg
        state: present

    - name: Add Docker Repository
      apt_repository:
        repo: deb https://download.docker.com/linux/ubuntu focal stable
        state: present

    - name: Update apt and install docker-ce
      apt:
        name:
          - docker-ce
          - containerd.io
          - docker-compose
        state: latest
        update_cache: true

    - name: Add user to docker group
      user:
        name: "{{ansible_user}}"
        group: docker
    
    - name: Install Docker Containers
      community.docker.docker_container:
        name: portainer
        image: portainer/portainer-ce

#    - name: Create Portainer Directory
#      file:
#        path: /home/mike/docker/portainer
#        state: directory
#      become_user: mike

    - name: Create UFW directory
      file:
        path: /home/mike/ufw/applications.d
        state: directory
      become_user: mike

#    - name: Sync Portainer docker-compose file
#      synchronize:
#        src: /home/mike/Software/ansible-debian/portainer/docker-compose.yml
#        dest: /home/mike/docker/portainer
#      become_user: mike

    - name: Install UFW config files
      synchronize:
        src: /home/mike/Software/ansible-debian/ufw/applications.d/TG-portainer
        dest: /home/mike/ufw/applications.d
      become_user: mike

#    - name: Move UFW files to proper directory
#      command: mv /home/mike/ufw/applications.d/TG-portainer /etc/ufw/applications.d/TG-portainer

    - name: Set ownership of UFW files to root
      file: dest=/etc/ufw/applications.d owner=root group=root recurse=yes
       ### Need to change ownership to root ###

### THIS DOES NOT WORK!
### IF RUN IN THIS SCRIPT, THIS CONTAINER IS started as 'mike' and cannot view /var/run/docker.sock
### if run alone (with --tags portainer) it works.
#    - name: Start Portainer
#      docker_compose:
#        project_src: /home/mike/docker/portainer
#        state: present
#      become: yes
#      become_method: sudo
#      tags: portainer

    - name: Configure UFW - allow OpenSSH, samba, and TG-portainer
      ufw:
        rule: allow
        name: "{{ item }}"
      with_items:
        - OpenSSH
        - samba
#        - TG-portainer

#    - name: Configure UFW - delete default allow 22
#      ufw:
#        rule: allow
#        port: 22
#        proto: tcp
#        delete: yes

    - name: Configure UFW - deny all else
      ufw:
        state: enabled
        policy: deny