---
# Here we mostly work on {{ borg_server }} to:
# * create repository
# * configure authorized key for backup user
- name: create root ssh private key
  openssh_keypair:
    comment: "passwordless access to vm2, as backup user"
    path: /root/.ssh/id_rsa
    owner: root
    group: root

- name: create repo
  file:
    path: "/var/backups/borg/{{ ansible_hostname }}"
    state: directory
    owner: backup
    group: backup
  delegate_to: "{{ borg_server }}"

- name: get public key
  command: "cat /root/.ssh/id_rsa.pub"
  register: pubkey

- name: set pubkey as variable
  set_fact:
    public_key: "{{ pubkey.stdout }}"

# can't use authorized_key module here
- name: install ssh key
  lineinfile:
    path: /var/backups/.ssh/authorized_keys
    line: 'command="borg serve --restrict-to-path /var/backups/borg/" {{ public_key }} from {{ ansible_hostname }}'
    create: true
    owner: backup
    group: backup
    mode: 0600
  delegate_to: "{{ borg_server }}"