---
# tasks file for borgmatic

- name: Déployer la clef privée
  ansible.builtin.copy:
    content: "{{ borgmatic_keys.private }}"
    dest: /etc/borgmatic/id_ed25519
    owner: root
    group: root
    mode: u=rw,g=,o=
  become: true

- name: Déployer la clef publique
  ansible.builtin.copy:
    content: "{{ borgmatic_keys.public }}"
    dest: /etc/borgmatic/id_ed25519.pub
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  become: true

- name: Déployer la configuration de SSH
  ansible.builtin.blockinfile:
    path: /root/.ssh/config
    create: true
    marker: "# {mark} ANSIBLE MANAGED BLOCK for role_borgmatic"
    block: |
      {% for repository in borgmatic_repositories %}
      Host {{ repository.path | ansible.builtin.urlsplit('hostname') }}
        IdentityFile /etc/borgmatic/id_ed25519
        IdentitiesOnly yes
      {% endfor %}
  become: true

- name: Déployer la configuration
  ansible.builtin.template:
    src: config.yaml.j2
    dest: /etc/borgmatic/config.yaml
    owner: root
    group: root
    mode: u=rw,g=,o=
  become: true
  notify: Créer le dépôt

- name: Déployer le service
  ansible.builtin.template:
    src: borgmatic.service.j2
    dest: /etc/systemd/system/borgmatic.service
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  become: true
  notify: Activer et démarrer le service

- name: Déployer le service et la planification
  ansible.builtin.template:
    src: borgmatic.timer.j2
    dest: /etc/systemd/system/borgmatic.timer
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  become: true
  notify: Activer la planification