From 26514325828807e6d8847abf185866959d2b8a36 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Sun, 14 Mar 2021 18:22:52 +0100
Subject: [PATCH] [WIP] various fixes

---
 roles/borgbackup_client/tasks/main.yml | 27 ++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/roles/borgbackup_client/tasks/main.yml b/roles/borgbackup_client/tasks/main.yml
index e22177e..b3e5c62 100644
--- a/roles/borgbackup_client/tasks/main.yml
+++ b/roles/borgbackup_client/tasks/main.yml
@@ -48,7 +48,7 @@
     regenerate: full_idempotence
     owner: root
     group: root
-    mode: u=r,g=r,o=
+    mode: u=rw,g=,o=
   register: ssh_key
  
 - name: Gather server facts
@@ -79,16 +79,18 @@
     exclusive: false
     user: "{{ borg_server_user }}"
     key: "{{ ssh_key.public_key }}"
-    key_options: >-
-      command="borg serve --restrict-to-path {{ borg_host_dir }},
-      no-agent-forwarding,
-      no-port-forwarding,
-      no-pty,
-      no-user-rc,
-      no-X11-forwarding
+    key_options: command="borg serve --restrict-to-path {{ borg_host_dir }}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding
   vars:
     borg_host_dir: "/borg/{{ ansible_fqdn }}"
 
+- name: Create configuration direcotory for borgmatic
+  file:
+    state: directory
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+    path: /etc/borgmatic
+
 - name: Add borgmatic configuration file
   become: true
   template:
@@ -97,6 +99,11 @@
     owner: root
     group: root
     mode: u=rw,g=r,o=
+  vars:
+    borg_host_dir: "/borg/{{ ansible_fqdn }}"
+
+- name: Init repository
+  command: borgmatic init --encryption repokey
 
 - name: Install timer and service for borgmatic
   template:
@@ -111,6 +118,10 @@
   notify:
     - Run systemd daemon-reload
 
+- name: Run systemd deamon-reload
+  systemd:
+    daemon_reload: true
+
 - name: Start and enable borgmatic timer
   systemd:
     name: borgmatic.timer