- name: Create backup group
  group:
    name: "{{ group }}"
    state: present

- name: Create backup client user
  user:
    name: "{{ user }}"
    home: "{{ home }}"
    createhome: yes
    group: "{{ group }}"
    groups: ""
    state: present

- name: Set authorized key for backup
  authorized_key:
    user: "{{ user }}"
    state: present
    key: "{{ key }}"

- name: Add backup user to the sudoers
  lineinfile:
    path: "/etc/sudoers"
    state: present
    regexp: '^di-backup'
    line: 'di-backup ALL=(ALL) NOPASSWD: ALL'
    validate: '/usr/sbin/visudo -cf %s'

- name: Install backup client script
  template:
    src: di-backup.j2
    dest: /usr/local/bin/di-backup
    mode: 0700
    owner: root
    group: root