docker(role): provide option to set up gVisor (runsc runtime)

roles/docker/tasks/main/01_repo_setup.yaml

@@ -1,15 +1,36 @@
-- name: Ensure Dockers GPG key is added
-  ansible.builtin.get_url:
-    url: https://download.docker.com/linux/debian/gpg
-    dest: /etc/apt/trusted.gpg.d/docker.asc
-    mode: "0644"
-    owner: root
-    group: root
-  become: true
+- name: ensure Docker repo
+  block:
+    - name: Ensure Dockers GPG key is added
+      ansible.builtin.get_url:
+        url: https://download.docker.com/linux/debian/gpg
+        dest: /etc/apt/trusted.gpg.d/docker.asc
+        mode: "0644"
+        owner: root
+        group: root
+      become: true
 
-- name: Ensure Docker APT repository is added
-  ansible.builtin.apt_repository:
-    repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.asc] https://download.docker.com/linux/debian {{ ansible_facts['distribution_release'] }} stable"
-    filename: docker
-    state: present
-  become: true
+    - name: Ensure Docker APT repository is added
+      ansible.builtin.apt_repository:
+        repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/docker.asc] https://download.docker.com/linux/debian {{ ansible_facts['distribution_release'] }} stable"
+        filename: docker
+        state: present
+      become: true
+
+- name: ensure gVisor repo
+  when: docker__gvisor_setup
+  block:
+    - name: Ensure gVisors GPG key is added
+      ansible.builtin.get_url:
+        url: https://gvisor.dev/archive.key
+        dest: /etc/apt/keyrings/gvisor.asc
+        mode: "0644"
+        owner: root
+        group: root
+      become: true
+
+    - name: Ensure gVisors APT repository is added
+      ansible.builtin.apt_repository:
+        repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/gvisor.asc] https://storage.googleapis.com/gvisor/releases release main"
+        filename: gvisor
+        state: present
+      become: true