---
# tasks file for borgmatic

- name: Créer la paire de clés
  community.crypto.openssh_keypair:
    path: /etc/borgmatic/id_ed25519 
    type: ed25519
  become: true

- name: Récupérer le contenu de la clé publique
  ansible.builtin.slurp:
    src: /etc/borgmatic/id_ed25519.pub
  become: true
  register: key

- name: Créer le dépôt
  ansible.builtin.file:
    path: "{{ borgmatic_server.repo_path }}/{{ inventory_hostname }}"
    state: directory
    user: "{{ borgmatic_server.user }}"
    group: "{{ borgmatic_server.group }}"
    mode: u=rwX,g=rX,o=
  become: true
  delegate_to: "{{ borgmatic_server.host }}"

- name: Ajouter la clef publique
  ansible.posix.authorized_key:
    user: "{{ borgmatic_server.repo_path }}"
    state: present
    key: "{{ key['content'] | b64decode }}"
    key_options: 'command="cd {{ borgmatic_server.repo_path }}/{{ inventory_hostname }};borg serve --restrict-to-path {{ borgmatic_server.repo_path }}/{{ inventory_hostname }}",restrict'
  become: true
  delegate_to: "{{ borgmatic_server.host }}"

- name: Déployer la configuration de SSH
  ansible.builtin.blockinfile:
    path: /root/.ssh/config
    create: true
    marker: "# {mark} ANSIBLE MANAGED BLOCK for role_borgmatic"
    block: |
      {% for repository in borgmatic_repositories %}
      Host {{ repository.path | ansible.builtin.urlsplit('hostname') }}
        Compression yes
        Protocol 2
        PreferredAuthentications=publickey 
        StrictHostKeyChecking no
        UserKnownHostsFile /dev/null
        IdentityFile /etc/borgmatic/id_ed25519
        IdentitiesOnly yes
      {% endfor %}
  become: true

- name: Déployer la configuration
  ansible.builtin.template:
    src: config.yaml.j2
    dest: /etc/borgmatic/config.yaml
    owner: root
    group: root
    mode: u=rw,g=,o=
    validate: borgmatic config validate --config %s
  become: true
  notify: Créer le dépôt

- name: Déployer le service
  ansible.builtin.template:
    src: borgmatic.service.j2
    dest: /etc/systemd/system/borgmatic.service
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  become: true
  notify: Activer et démarrer le service

- name: Déployer le service et la planification
  ansible.builtin.template:
    src: borgmatic.timer.j2
    dest: /etc/systemd/system/borgmatic.timer
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  become: true
  notify: Activer la planification