---

- name: Mount backup disk
  ansible.posix.mount:
    path: /backup
    src: LABEL=BACKUP
    fstype: xfs
    opts: noatime,nofail
    state: mounted

- name: Create backup user
  ansible.builtin.user:
    name: backup
    comment: Backup
    create_home: true
    home: /backup
    shell: /bin/bash
    system: true
    state: present

- name: Create directory for borg clients
  ansible.builtin.file:
    path: "/backup/repos/{{ hostvars[item]['ansible_fqdn'] }}"
    state: directory
    mode: '0750'
    owner: backup
    group: backup
  loop: "{{ groups['borg_client'] }}"

- name: Set authorized_keys for borg clients
  ansible.posix.authorized_key:
    user: backup
    key: "{{ hostvars[item]['ssh_keys']['stdout'] }}"
    key_options: "command=\"cd /backup/repos/{{ hostvars[item]['ansible_fqdn'] }}; borg serve --restrict-to-path /backup/repos/{{ hostvars[item]['ansible_fqdn'] }}\""
    state: present
  loop: "{{ groups['borg_client'] }}"