---
- name: Update web servers
  hosts: all
  remote_user: root
  tasks:
  - name: Install a list of packages
    ansible.builtin.apt:
      pkg:
      - ca-certificates
      - curl
      - gnupg
      
  - name: Add an Apt signing key, uses whichever key is at the URL
    ansible.builtin.apt_key:
      url: https://download.docker.com/linux/debian/gpg 
      state: present

  - name: Add docker repository
    ansible.builtin.apt_repository:
      repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
      state: present

  - name: Install a list of packages
    ansible.builtin.apt:
      update_cache: yes
      pkg:
      - docker-ce
      - docker-ce-cli
      - containerd.io
      - docker-buildx-plugin
      - docker-compose-plugin
      - docker-compose

  - name: Create docker-compose folder for traefik
    ansible.builtin.file:
      path: /opt/docke-compsoe/traefik
      state: directory
      mode: '0755'
  
  - name: Create a symbolic link
    ansible.builtin.file:
      src: /opt/docke-compsoe/
      dest: /root/docker-compose
      state: link

  - name: Template a file to /opt/docke-compsoe/traefik/docker-compose.yml
    ansible.builtin.template:
      src: traefic-docker-compose.yml
      dest: /opt/docke-compsoe/traefik/docker-compose.yml
      mode: '0644'

  - name: Create and start services
    community.docker.docker_compose_v2:
      project_src: /opt/docke-compsoe/traefik/
  
  - name: Log into DockerHub
    docker_login:
      username: kekskurse
      password: "{{ docker_kekskurse_password }}"

  - name: Allow all access to tcp port 80
    community.general.ufw:
      rule: allow
      port: '80'
      proto: tcp

  - name: Allow all access to tcp port 443
    community.general.ufw:
      rule: allow
      port: '443'
      proto: tcp