# {{ ansible_managed }}

{% for item in sudoers_file_defaults | default([]) %}
Defaults {{ item }}
{% endfor %}

# Host alias specification
{% for item in sudoers_file_host_aliases | default([]) %}
Host_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}

# User alias specification
{% for item in sudoers_file_user_aliases | default([]) %}
User_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}

# Cmnd alias specification
{% for item in sudoers_file_cmnd_aliases | default([]) %}
Cmnd_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}

# Runas alias specification
{% for item in sudoers_file_runas_aliases | default([]) %}
Runas_Alias {{ item.name }} = {{ item.entry }}
{% endfor %}

# User privilege specification

{# rule for user 'back' #}
{% for item in sudoers_file_user_back_privileges | default([]) %}
back {{ item }}
{% endfor -%}

{%- for item in sudoers_file_user_back_svn_privileges | default([]) %}
back {{ item }}
{% endfor -%}


{%- if ansible_virtualization_role == 'host' %}

{% for item in sudoers_file_user_back_disk_privileges | default([]) %}
back {{ item }}
{% endfor %}
{% endif -%}


{%- if groups['webadmin']|string is search(inventory_hostname) %}

{% for item in sudoers_file_user_webadmin_disk_privileges | default([]) %}
webadmin {{ item }}
{% endfor %}
{% endif -%}


{%- if groups['postgresql_server']|string is search(inventory_hostname) %}

{% for item in sudoers_file_user_back_postgres_privileges | default([]) %}
back {{ item }}
{% endfor %}
{% endif -%}


{# dns server #}
{%- if groups['dns_server']|string is search(inventory_hostname) %}

{% for item in sudoers_file_dns_server_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
{% endif -%}


{# postfixadmin rules #}
{%- if groups['mail_server']|string is search(inventory_hostname) %}

{% for item in sudoers_file_postfixadmin_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
{% endif -%}

{# other (host specific) rules #} 
{%-  if (sudoers_file_user_privileges is defined and sudoers_file_user_privileges) %}

{% for item in sudoers_file_user_privileges | default([]) %}
{{ item.name }} {{ item.entry }}
{% endfor %}
{% endif %}

# Group privilege specification