- hosts: all
  tasks:
    - name: Create nodepool directory
      file:
        path: /etc/nodepool
        state: directory
    - name: Create nodepool subnodes file
      copy:
        dest: /etc/nodepool/sub_nodes_private
        content: ""
    - name: Populate nodepool subnodes file
      lineinfile:
        path: /etc/nodepool/sub_nodes_private
        line: "{{ hostvars[item]['nodepool']['private_ipv4'] }}"
      with_items: "{{ groups['subnodes'] }}"
      when: groups['subnodes'] is defined
    - name: Create nodepool primary file
      copy:
        dest: /etc/nodepool/primary_node_private
        content: "{{ hostvars['primary']['nodepool']['private_ipv4'] }}"
      when: hostvars['primary'] is defined
    - name: Copy ssh keys to nodepool directory
      command: "cp .ssh/{{ item }} /etc/nodepool/{{ item }}"
      with_items:
        - id_rsa
        - id_rsa.pub

    - name: Copy zuul-sudo-grep.sh to the script dir on the node
      copy:
        dest: /usr/local/jenkins/slave_scripts/zuul-sudo-grep.sh
        src: zuul-sudo-grep.sh
        mode: 0755
      become: true

    - name: Add sudoers role for zuul-sudo-grep.sh
      copy:
        dest: /etc/sudoers.d/zuul-sudo-grep
        content: "zuul ALL = NOPASSWD:/usr/local/jenkins/slave_scripts/zuul-sudo-grep.sh\n"
        mode: 0440
      become: true

    - name: Validate sudoers config after edits
      command: "/usr/sbin/visudo -c"
      become: true

    - name: Modify run-tox.sh to use zuul-sudo-grep.sh pre
      lineinfile:
        path: /usr/local/jenkins/slave_scripts/run-tox.sh
        regexp: '^sudo .script_path/jenkins-sudo-grep.sh pre'
        line: 'sudo $script_path/zuul-sudo-grep.sh pre'
      become: true

    - name: Modify run-tox.sh to use zuul-sudo-grep.sh post
      lineinfile:
        path: /usr/local/jenkins/slave_scripts/run-tox.sh
        regexp: '^    sudo .script_path/jenkins-sudo-grep.sh post'
        line: '    sudo $script_path/zuul-sudo-grep.sh post'
      become: true