- name: mount backup disk
  mount:
      path: /backup
      src: LABEL=BACKUP
      fstype: ext4
      opts: noatime
      state: mounted

- name: create backup user
  user:
      name: backup
      comment: Backup
      create_home: yes
      home: /backup
      shell: /bin/bash
      system: yes
      state: present

- name: "create directory for borg clients"
  file:
      path: "/backup/repos/{{ hostvars[item]['ansible_fqdn'] }}"
      state: directory
      mode: '0750'
      owner: backup
      group: backup
  loop: "{{ groups['borg_client'] }}"

- name: "set authorized_keys for borg clients"
  authorized_key:
      user: backup
      key: "{{ hostvars[item]['ssh_keys']['stdout'] }}"
      key_options: "command=\"cd /backup/repos/{{ hostvars[item]['ansible_fqdn'] }}; borg serve --restrict-to-path /backup/repos/{{ hostvars[item]['ansible_fqdn'] }}\""
      state: present
  loop: "{{ groups['borg_client'] }}"