# SPDX-License-Identifier: MIT-0
---
- name: Ensure prerequisite packages on the control target
  ansible.builtin.apt:
    name:
      - ca-certificates
      - python3-docker
      - python3-cryptography
    state: present
    update_cache: true

- name: Verify docker compose plugin is available
  ansible.builtin.command: docker compose version
  register: ess_compose_check
  changed_when: false
  failed_when: ess_compose_check.rc != 0

- name: Create project directory tree
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: "0750"
    owner: root
    group: root
  loop: "{{ _ess_dirs }}"

- name: Tighten secrets directory permissions
  ansible.builtin.file:
    path: "{{ ess_compose_secrets_dir }}"
    state: directory
    mode: "0700"
    owner: root
    group: root

- name: Ensure the external Traefik proxy network exists
  community.docker.docker_network:
    name: "{{ ess_compose_traefik_network }}"
    state: present

- name: Authenticate against the Element container registry
  community.docker.docker_login:
    registry_url: "{{ ess_registry_url }}"
    username: "{{ ess_registry_username }}"
    password: "{{ ess_registry_token }}"
  no_log: true