self-hosting/roles/borgmatic/tasks/main.yml

---

- name: Install borgmatic
  become: true
  ansible.builtin.apt:
    name: borgmatic

- name: Make sur /root/.ssh dir exists
  become: true
  ansible.builtin.file:
    path: ~/.ssh
    state: directory
    owner: root
    group: root
    mode: 0700

- name: Create SSH key for root
  become: true
  ansible.builtin.command:
    cmd: ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519 -N ''
    creates: /root/.ssh/id_ed25519

- name: Slurp SSH pubkey for root
  become: true
  ansible.builtin.slurp:
    src: ~/.ssh/id_ed25519.pub
  register: ssh_pubkey

- name: Authorize root pubkey on backup server
  delegate_to: "{{ backup_server }}"
  become: true
  become_user: borg
  ansible.builtin.lineinfile:
    path: ~/.ssh/authorized_keys
    line: "{{ ssh_pubkey.content | b64decode | trim }}"
    create: true