---
- hosts: all
  user: mike
  become: true
  tasks:
#    - name: Update Server
#      apt:
#        upgrade: true
#        update-cache: true
#        cache_valid_time: 3600

    - name: Install Docker Containers
      community.docker.docker_container:
        name: portainer
        image: portainer/portainer-ce

    - name: Create Portainer Directory
      file:
        path: /home/mike/docker/portainer
        state: directory
      become_user: mike

    - name: Sync Portainer docker-compose file
      synchronize:
        src: /home/mike/Software/ansible-debian/portainer/docker-compose.yml
        dest: /home/mike/docker/portainer
      become_user: mike

#    - name: Set ownership of UFW files to root
#      file: dest=/etc/ufw/applications.d owner=root group=root recurse=yes
       ### Need to change ownership to root ###

### THIS DOES NOT WORK!
### IF RUN IN THIS SCRIPT, THIS CONTAINER IS started as 'mike' and cannot view /var/run/docker.sock
### if run alone (with --tags portainer) it works.
    - name: Start Portainer
      docker_compose:
        project_src: /home/mike/docker/portainer
        state: present
      become: yes
      become_method: sudo
      tags: portainer

    - name: Configure UFW - allow OpenSSH, samba, and TG-portainer
      ufw:
        rule: allow
        name: "{{ item }}"
      with_items:
#        - OpenSSH
#        - samba
        - TG-portainer

#    - name: Configure UFW - delete default allow 22
#      ufw:
#        rule: allow
#        port: 22
#        proto: tcp
#        delete: yes

#    - name: Configure UFW - deny all else
#      ufw:
#        state: enabled
#        policy: deny