hcp-ansible/roles/nomad/tasks/configure.yml

---
# task/configure file for nomad
- name: "Nomad | Create nomad.env"
  ansible.builtin.template:
    src: nomad.env.j2
    dest: "{{ nomad_config_dir }}/nomad.env"
    owner: "{{ nomad_user }}"
    group: "{{ nomad_group }}"
    mode: "0600"
  register: _nomad_env_file

- name: "Nomad | Copy nomad.json template"
  ansible.builtin.template:
    src: nomad.json.j2
    dest: "{{ nomad_config_dir }}/nomad.json"
    owner: "{{ nomad_user }}"
    group: "{{ nomad_group }}"
    mode: "0600"
  register: _nomad_config_file

- name: "Nomad | Set restart-check variable"
  ansible.builtin.set_fact:
    _nomad_service_need_restart: true
  when: _nomad_env_file.changed or
    _nomad_config_file.changed

- name: "Nomad | Gather initial checksums for certificate files"
  ansible.builtin.stat:
    path: "{{ item }}"
    checksum_algorithm: sha1
  loop: "{{ nomad_certificates_reload_watchlist }}"
  when: nomad_enable_tls
  register: _nomad_initial_cert_checksums

- name: "Nomad | Normalize initial checksums"
  ansible.builtin.set_fact:
    # This needs to be optimized, but I have spent so much time on it not
    # working that I will keep it as is for now, and we'll see later.
    _nomad_initial_checksums_normalized: >-
      {% filter trim %}
      {% set checksums = [] %}
      {% for item in _nomad_initial_cert_checksums.results %}
        {% set _ = checksums.append({
          'item': item.item,
          'initial_checksum': (item.stat.checksum | default('absent'))
        }) %}
      {% endfor %}
      {{ checksums }}
      {% endfilter %}      
  when: nomad_enable_tls

- name: "Nomad | Copy extra configuration files"
  when: nomad_extra_files
  block:
    - name: "Nomad | Get extra file types"
      ansible.builtin.stat:
        path: "{{ item.src }}"
      loop: "{{ nomad_extra_files_list }}"
      register: nomad_extra_file_stat
      delegate_to: localhost

    - name: "Nomad | Set list for file sources"
      vars:
        _nomad_file_sources: []
      ansible.builtin.set_fact:
        _nomad_file_sources: "{{ _nomad_file_sources + [item.item] }}"
      when: item.stat.isreg
      loop: "{{ nomad_extra_file_stat.results }}"
      loop_control:
        loop_var: item
      delegate_to: localhost

    - name: "Nomad | Set list for directory sources"
      vars:
        _nomad_dir_sources: []
      ansible.builtin.set_fact:
        _nomad_dir_sources: "{{ _nomad_dir_sources + [item.item] }}"
      when: item.stat.isdir
      loop: "{{ nomad_extra_file_stat.results }}"
      loop_control:
        loop_var: item
      delegate_to: localhost

    - name: "Nomad | Template extra file sources"
      ansible.builtin.template:
        src: "{{ item.src }}"
        dest: "{{ item.dest | regex_replace('\\.j2$', '') }}"
        owner: "{{ nomad_user }}"
        group: "{{ nomad_group }}"
        mode: "0700"
      loop: "{{ _nomad_file_sources }}"
      when: _nomad_file_sources is defined

    - name: "Nomad | Template extra directory sources"
      ansible.builtin.include_tasks: recursive_copy_extra_dirs.yml
      loop: "{{ _nomad_dir_sources }}"
      loop_control:
        loop_var: dir_source_item
      when: _nomad_dir_sources is defined

- name: "Nomad | Gather final checksums for certificate files"
  ansible.builtin.stat:
    path: "{{ item }}"
    checksum_algorithm: sha1
  loop: "{{ nomad_certificates_reload_watchlist }}"
  when: nomad_enable_tls
  register: _nomad_final_cert_checksums

- name: "Consul | Normalize final checksums"
  ansible.builtin.set_fact:
    # This needs to be optimized, but I have spent so much time on it not
    # working that I will keep it as is for now, and we'll see later.
    _nomad_final_checksums_normalized: >-
      {% filter trim %}
      {% set checksums = [] %}
      {% for item in _nomad_final_cert_checksums.results %}
        {% set _ = checksums.append({
          'item': item.item,
          'final_checksum': (item.stat.checksum | default('absent'))
        }) %}
      {% endfor %}
      {{ checksums }}
      {% endfilter %}      
  when: nomad_enable_tls

- name: "Consul | Merge initial and final checksum lists"
  ansible.builtin.set_fact:
    _nomad_checksums_list: >-
      {{
        _nomad_initial_checksums_normalized |
        community.general.lists_mergeby(_nomad_final_checksums_normalized, 'item')
      }}      
  when: nomad_enable_tls

- name: "Consul | Determine if certificates have changed or were newly added"
  ansible.builtin.set_fact:
    _nomad_service_need_reload: true
  when:
    - nomad_enable_tls
    - _nomad_checksums_list | json_query('[?initial_checksum!=final_checksum]') | list| length > 0