---

- name: Install borgmatic
  become: true
  ansible.builtin.apt:
    name: borgmatic

- name: Make sur /root/.ssh dir exists
  become: true
  ansible.builtin.file:
    path: ~/.ssh
    state: directory
    owner: root
    group: root
    mode: 0700

- name: Create SSH key for root
  become: true
  ansible.builtin.command:
    cmd: ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -N ''
    creates: /root/.ssh/id_ed25519

- name: Slurp SSH pubkey for root
  become: true
  ansible.builtin.slurp:
    src: ~/.ssh/id_ed25519.pub
  register: ssh_pubkey

- name: Authorize root pubkey on backup server
  delegate_to: "{{ backup_server }}"
  become: true
  become_user: borg
  ansible.builtin.lineinfile:
    path: ~/.ssh/authorized_keys
    line: "{{ ssh_pubkey.content | b64decode | trim }}"
    create: true
    mode: 0600

- name: Create /etc/borgmatic.d directory
  become: true
  ansible.builtin.file:
    path: /etc/borgmatic.d
    state: directory
    owner: root
    group: root
    mode: 0700

- name: Copy borgmatic config
  become: true
  ansible.builtin.template:
    src: borgmatic.d/config.yml.j2
    dest: "/etc/borgmatic.d/{{ ansible_hostname }}.yml"
    owner: root
    group: root
    mode: 0600

- name: Initialize borg repository
  become: true
  ansible.builtin.command:
    cmd: borgmatic init --encryption repokey
  register: borgmatic_init
  changed_when: borgmatic_init.stderr != ''

- name: Stop and disable borgmatic timer
  become: true
  ansible.builtin.systemd:
    name: borgmatic.timer
    state: stopped
    enabled: false

- name: Copy borgmatic cron
  become: true
  ansible.builtin.template:
    src: cron.d/borgmatic.j2
    dest: /etc/cron.d/borgmatic
    owner: root
    group: root
    mode: 0644