diff --git a/roles/borgbackup_client/tasks/main.yml b/roles/borgbackup_client/tasks/main.yml
index b3e5c62..7e330ae 100644
--- a/roles/borgbackup_client/tasks/main.yml
+++ b/roles/borgbackup_client/tasks/main.yml
@@ -33,17 +33,28 @@
   retries: 3
   until: apt_result is succeeded
 
-- name: Create /etc/borgbackup
+- name: Create configuration direcotory for borgmatic
   file:
-    path: /etc/borgbackup
+    path: /etc/borgmatic
     state: directory
     owner: root
     group: root
-    mode: u=rwx,g=rx,o=
+    mode: u=rw,g=r,o=
+
+- name: Add borgmatic configuration file
+  become: true
+  template:
+    src: config.yaml.j2
+    dest: /etc/borgmatic/config.yaml
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=
+  vars:
+    borg_host_dir: "/borg/{{ ansible_fqdn }}"
 
 - name: Create SSH key
   openssh_keypair:
-    path: "/etc/borgbackup/id_remote"
+    path: "/etc/borgmatic/id_remote"
     type: ed25519
     regenerate: full_idempotence
     owner: root
@@ -58,10 +69,6 @@
       - all
   register: server_facts
 
-- name: debug
-  debug:
-    var: "server_facts['ansible_facts'].ansible_ssh_host_key_ecdsa_public_keytype"
-
 - name: Add server key to known hosts
   known_hosts:
     hash_host: true
@@ -79,28 +86,16 @@
     exclusive: false
     user: "{{ borg_server_user }}"
     key: "{{ ssh_key.public_key }}"
-    key_options: command="borg serve --restrict-to-path {{ borg_host_dir }}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding
-  vars:
-    borg_host_dir: "/borg/{{ ansible_fqdn }}"
-
-- name: Create configuration direcotory for borgmatic
-  file:
-    state: directory
-    owner: root
-    group: root
-    mode: u=rw,g=r,o=
-    path: /etc/borgmatic
-
-- name: Add borgmatic configuration file
-  become: true
-  template:
-    src: config.yaml.j2
-    dest: /etc/borgmatic/config.yaml
-    owner: root
-    group: root
-    mode: u=rw,g=r,o=
+    key_options: "{{ options | join(',') }}"
   vars:
     borg_host_dir: "/borg/{{ ansible_fqdn }}"
+    options:
+      - 'command="borg serve --restrict-to-path {{ borg_host_dir }}"'
+      - no-agent-forwarding
+      - no-port-forwarding
+      - no-pty
+      - no-user-rc
+      - no-X11-forwarding
 
 - name: Init repository
   command: borgmatic init --encryption repokey