- name: create backup user
  user:
    name: backup
    create_home: yes
  when: run_once_backups_provider_user is not defined

- name: create .ssh directory
  file:
    path: /home/backup/.ssh
    state: directory
    owner: backup
    group: backup
    mode: '0700'
  when: run_once_backups_provider_user is not defined

- name: create /home/backup/.ssh/authorized_keys
  template:
    src: "authorized_keys.j2"
    dest: /home/backup/.ssh/authorized_keys
    owner: backup
    group: backup
    mode: '0644'
  when: run_once_backups_provider_user is not defined

- name: create /home/backup/ssh-wrapper.sh
  copy:
    src: "ssh-wrapper.sh"
    dest: /home/backup/ssh-wrapper.sh
    owner: backup
    group: backup
    mode: '0700'
  when: run_once_backups_provider_user is not defined

- name: grant backup sudo rights
  copy:
    src: "backup"
    dest: /etc/sudoers.d/backup
    mode: '0644'
    owner: root
    group: root
  notify: sshd restart
  when: run_once_backups_provider_user is not defined
  
- name: run the backups_provider_user tasks once
  set_fact:
    run_once_backups_provider_user: true
  when: run_once_backups_provider_user is not defined