# {{ ansible_managed }}

{% for item in sudoers_file_defaults | default([]) %}
Defaults {{ item }}
{% endfor %}

# Host alias specification
{% for item in sudoers_file_host_aliases | default([]) %}
Host_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}

# User alias specification
{% for item in sudoers_file_user_aliases | default([]) %}
User_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}

# Cmnd alias specification
{% for item in sudoers_file_cmnd_aliases | default([]) %}
Cmnd_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}

# Runas alias specification
{% for item in sudoers_file_runas_aliases | default([]) %}
Runas_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}

# User privilege specification

{# rule for user 'back' #}
{% for item in sudoers_file_user_back_privileges | default([]) %}
back {{ item }}
{% endfor -%}

{%- for item in sudoers_file_user_back_svn_privileges | default([]) %}
back {{ item }}
{% endfor -%}


{%- for item in sudoers_file_user_back_mount_privileges | default([]) %}
back {{ item }}
{% endfor -%}


{%- if ansible_facts['virtualization_role'] == 'host' %}

{% for item in sudoers_file_user_back_disk_privileges | default([]) %}
back {{ item }}
{% endfor %}
{% endif -%}


{%- if inventory_hostname in (groups["webadmin"] | default([])) %}

{% for item in sudoers_file_user_webadmin_disk_privileges | default([]) %}
webadmin {{ item }}
{% endfor %}
{% endif -%}


{%- if inventory_hostname in (groups["postgresql_server"] | default([])) %}

{% for item in sudoers_file_user_back_postgres_privileges | default([]) %}
back {{ item }}
{% endfor %}
{% endif -%}


{# dns server #}
{%- if inventory_hostname in (groups["dns_server"] | default([])) %}

{% for item in sudoers_file_dns_server_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
{% endif -%}


{# postfixadmin rules #}
{%- if inventory_hostname in (groups["mail_server"] | default([])) %}

{% for item in sudoers_file_postfixadmin_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
{% endif -%}

{# other (host specific) rules #} 
{%-  if (sudoers_file_user_privileges is defined and sudoers_file_user_privileges) %}

{% for item in sudoers_file_user_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
{% endif %}

# Group privilege specification