---
# TASK DESCRIPTION:
# Nomad jobs which can not run with NFS storage use pre-start and post-stop tasks to invoke
# shell scripts which keep the job's filesystem in sync.  This task does the following:
#
#     1. Copies a backup and restore shellscript to /usr/local/bin
#     2. Edits the sudoers file to allow the script to be invoked with sudo privileges

- name: Copy backup shellscript to server
  become: true
  ansible.builtin.template:
      src: scripts/service_backups.sh.j2
      dest: /usr/local/bin/service_backups
      mode: 0755
  when:
      - is_nomad_client or is_nomad_server

- name: Copy restore shellscript to server
  become: true
  ansible.builtin.template:
      src: scripts/service_restore.sh.j2
      dest: /usr/local/bin/service_restore
      mode: 0755
  when:
      - is_nomad_client or is_nomad_server

- name: "SUDO: Confirm users can run service_backups"
  become: true
  ansible.builtin.lineinfile:
      path: "/etc/sudoers.d/010_{{ item }}-backups-nopasswd"
      line: "{{ item }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
      state: present
      create: true
      mode: "0440"
      validate: "/usr/sbin/visudo -cf %s"
  loop:
      - nomad
      - "{{ ansible_user }}"
  when:
      - is_nomad_client or is_nomad_server
      - "'pis' in group_names"