private-ai-platform/ansible/roles/docker/tasks/main.yml

---
# 1) Чистим потенциально битый repo-файл (как у тебя было)
- name: remove broken docker repo if exists
  file:
    path: /etc/apt/sources.list.d/docker.list
    state: absent

# 2) Минимум нужных пакетов
- name: install prerequisites
  apt:
    name:
      - ca-certificates
      - curl
      - gnupg
    state: present
    update_cache: yes

# 3) Keyring + ключ
- name: ensure keyrings dir exists
  file:
    path: /etc/apt/keyrings
    state: directory
    mode: "0755"

- name: download docker GPG key
  get_url:
    url: https://download.docker.com/linux/debian/gpg
    dest: /etc/apt/keyrings/docker.gpg
    mode: "0644"

# 4) Repo (архитектура через ansible_architecture -> amd64)
- name: add docker apt repository
  copy:
    dest: /etc/apt/sources.list.d/docker.list
    content: |
      deb [arch={{ 'amd64' if ansible_architecture in ['x86_64','amd64'] else ansible_architecture }} signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_lsb.codename }} stable

# 5) Пробуем поставить containerd.io, перебирая версии (и сразу держим)
- name: install first working containerd.io (skip broken versions) and hold
  shell: |
    set -euo pipefail
    apt-get update
    mapfile -t versions < <(apt-cache madison containerd.io | awk '{print $3}' | sort -V | tac)

    for v in "${versions[@]}"; do
      echo "Trying containerd.io=$v"
      if apt-get install -y "containerd.io=$v"; then
        apt-mark hold containerd.io
        exit 0
      fi
    done

    echo "No working containerd.io version found in repo"
    exit 1
  args:
    executable: /bin/bash
  changed_when: true

# 6) Docker пакеты (containerd.io уже стоит/held)
- name: install docker packages
  apt:
    name:
      - docker-ce
      - docker-ce-cli
      - docker-buildx-plugin
      - docker-compose-plugin
    state: present
    update_cache: yes

- name: enable & start docker service
  service:
    name: docker
    state: started
    enabled: yes