---
- name: Install awscli (download static binary — works on Ubuntu 24.04)
  ansible.builtin.shell: |
    set -e
    ARCH=$(uname -m)
    if [ "$ARCH" = "x86_64" ]; then
      URL="https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"
    else
      URL="https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"
    fi
    cd /tmp
    curl -fsSL "$URL" -o awscliv2.zip
    unzip -q -o awscliv2.zip
    ./aws/install --update -i /usr/local/aws-cli -b /usr/local/bin
    rm -rf awscliv2.zip aws/
  args:
    creates: /usr/local/bin/aws

- name: Create backup directory
  ansible.builtin.file:
    path: "{{ backup_dir }}"
    state: directory
    owner: "{{ backup_user }}"
    group: "{{ backup_user }}"
    mode: "0750"

- name: Deploy backup script
  ansible.builtin.template:
    src: backup.sh.j2
    dest: /usr/local/bin/backup-services
    owner: root
    group: root
    mode: "0750"

- name: Schedule hourly backup
  ansible.builtin.cron:
    name: "Hourly services backup"
    minute: "0"
    job: "/usr/local/bin/backup-services >> /var/log/backup-services.log 2>&1"
    user: root
    state: present