---

- name: Install needed tools
  package:
    name:
      - tar
      - zstd
      - unzip
      - acl
  tags: nomad

- name: Install task driver packages
  package: name={{ nomad_task_driver_packages[item] }}
  loop: "{{ nomad_enabled_task_drivers }}"
  when: nomad_task_driver_packages[item] is defined and nomad_conf.client.enabled
  notify: restart nomad
  tags: nomad

- when: nomad_install_mode == 'upgrade'
  name: Clear plugin dir on upgrades
  file: path={{ nomad_root_dir }}/plugins state={{ item }} owner={{ nomad_user }} group={{ nomad_user }}
  loop:
    - absent
    - directory
  tags: nomad

- when: nomad_install_mode != 'none'
  block:
    - name: Download nomad
      get_url:
        url: "{{ nomad_archive_url }}"
        dest: "{{ nomad_root_dir }}/tmp"
        checksum: sha256:{{ nomad_archive_sha256 }}

    - name: Extract the archive
      unarchive:
        src: "{{ nomad_root_dir }}/tmp/nomad_{{ nomad_version }}_linux_amd64.zip"
        dest: "{{ nomad_root_dir }}/tmp"
        remote_src: True

    - name: Install nomad binary
      copy:
        src: "{{ nomad_root_dir }}/tmp/nomad"
        dest: "{{ nomad_root_dir }}/bin/nomad"
        remote_src: True
        mode: 755
      notify: restart nomad

    - name: Link in /usr/local/bin
      file: src={{ nomad_root_dir }}/bin/nomad dest=/usr/local/bin/nomad state=link force=True

  tags: nomad

- when: nomad_install_mode != 'none' and nomad_conf.client.enabled
  block:

    - name: Download plugins
      get_url:
        url: "{{ nomad_plugins[item].archive_url }}"
        dest: "{{ nomad_root_dir }}/tmp"
        checksum: sha256:{{ nomad_plugins[item].sha256 }}
      register: nomad_plugin_dl
      loop: "{{ nomad_plugins.keys() | list }}"

    - name: Extract nomad plugins
      unarchive:
        src: "{{ item.dest }}"
        dest: "{{ nomad_root_dir }}/plugins/"
        remote_src: True
      loop: "{{ nomad_plugin_dl.results }}"
      when: item.dest | basename | splitext | last in ['.zip','.tgz', '.txz', '.tar.gz', '.tar.xz']
      notify: restart nomad

    - name: Copy nomad plugins
      copy:
        src: "{{ item.dest }}"
        dest: "{{ nomad_root_dir }}/plugins/"
        remote_src: True
      loop: "{{ nomad_plugin_dl.results }}"
      when: item.dest | basename | splitext | last not in ['.zip','.tgz', '.txz', '.tar.gz', '.tar.xz']
      notify: restart nomad

    - name: List installed plugins
      command: ls {{ nomad_root_dir }}/plugins/
      register: nomad_installed_plugins
      changed_when: False

    - name: Set permissions on plugins
      file: path={{ nomad_root_dir }}/plugins/{{ item }} owner=root group=root mode=755
      loop: "{{ nomad_installed_plugins.stdout_lines }}"

  tags: nomad

# Nomad looks for the qemu-system-x86_64 bin in $PATH
# so it needs to be available for Nomad to detect it
- name: Link qemu-kvm to qemu-system-x86_64
  file:
    src: /usr/libexec/qemu-kvm
    dest: /usr/local/bin/qemu-system-x86_64
    state: link
  when: nomad_conf.client.enabled and 'qemu' in nomad_enabled_task_drivers
  tags: nomad

- name: Install bash completion support
  copy:
    content: |
      complete -C {{ nomad_root_dir }}/bin/nomad nomad
    dest: /etc/bash_completion.d/nomad
    mode: 0644
  tags: nomad

- name: Deploy systemd service unit
  template: src=nomad.service.j2 dest=/etc/systemd/system/nomad.service
  register: nomad_unit
  notify: restart nomad
  tags: nomad

- name: Install consul-template unit
  template: src=consul-template-nomad.service.j2 dest=/etc/systemd/system/consul-template-nomad.service
  register: nomad_consul_tpl_unit
  notify: restart consul-template-nomad
  when: nomad_vault_secrets.pki.enabled or nomad_vault_secrets.consul_pki.enabled
  tags: nomad

- name: Install backup hooks
  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/nomad mode=755
  loop:
    - pre
    - post
  tags: nomad

- name: Install iptables cleanup script
  copy: src=iptables_cleanup.pl dest={{ nomad_root_dir }}/bin/iptables_cleanup.pl mode=755
  tags: nomad

- name: Install iptables-nomad-cleanup unit
  template: src=iptables-nomad-cleanup.service.j2 dest=/etc/systemd/system/iptables-nomad-cleanup.service
  register: nomad_ipt_cleanup_unit
  tags: nomad

- name: Reload systemd
  systemd: daemon_reload=True
  when: nomad_unit.changed or nomad_ipt_cleanup_unit.changed or (nomad_consul_tpl_unit is defined and nomad_consul_tpl_unit.changed)
  tags: nomad

# This is needed for containers to be able to reach their own services through the host published port
- name: Install a script to set nomad bridge in promisc mode
  copy: src=50-nomad-promisc dest=/etc/NetworkManager/dispatcher.d/50-nomad-promisc mode=755
  tags: nomad

- name: Create host_volume directories
  file: path={{ item.path }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
  loop: "{{ nomad_conf.client.host_volumes | default([]) }}"
  when: item.create | default(False)
  tags: nomad