---
# Here we mostly work on {{ borg_server }} to:
# * create repository
# * configure authorized key for backup user
- name: create root ssh private key
  openssh_keypair:
    comment: "passwordless access to {{ borg_server }}, as backup user"
    path: /root/.ssh/id_rsa
    owner: root
    group: root

- name: create repo
  file:
    path: "{{ borg_remote_dir }}{{ inventory_hostname }}"
    state: directory
    owner: "{{ borg_account }}"
    group:  "backup"
  delegate_to: "{{ borg_server }}"

- name: get public key
  command: "cat /root/.ssh/id_rsa.pub"
  register: pubkey

- name: set pubkey as variable
  set_fact:
    public_key: "{{ pubkey.stdout }}"

# can't use authorized_key module here
- name: install ssh key
  lineinfile:
    path: "{{ borg_remote_dir }}/.ssh/authorized_keys"
    line: 'command="borg serve --restrict-to-path {{ borg_remote_dir }}" {{ public_key }} from {{ inventory_hostname }}'
    create: true
    owner: "{{ borg_account }}"
    group: "backup"
    mode: 0600
  delegate_to: "{{ borg_server }}"

- name: check if repository is created
  tags: wip
  delegate_to: "{{ borg_server }}"
  ansible.builtin.stat:
    path: "{{ borg_remote_dir }}{{ inventory_hostname }}/config"
  register: repo_content

- name: create repository
  tags: wip
  when: repo_content.stat.isfile is not defined
  ansible.builtin.command: "/usr/bin/borg init --encryption=keyfile {{ borg_account }}@{{ borg_server }}:{{ borg_remote_dir }}{{ inventory_hostname }}"
  environment:
    BORG_PASSPHRASE: "{{ borg_passphrase }}"