---
- name: Pin borgmatic
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: u=rw,g=r,o=
  loop:
    - src: apt/list.j2
      dest: /etc/apt/sources.list.d/bullseye.list
    - src: apt/preferences.j2
      dest: /etc/apt/preferences.d/borgmatic-bullseye
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version | int <= 10

- name: Don't pin borgmatic if we are on bullseye
  file:
    path: "/etc/apt/{{ item }}"
    state: absent
  loop:
    - sources.list.d/bullseye.list
    - preferences.d/borgmatic-bullseye
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_release == "bullseye"

- name: Install borgmatic
  apt:
    name: borgmatic
    update_cache: true
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Create configuration direcotory for borgmatic
  file:
    path: /etc/borgmatic
    state: directory
    owner: root
    group: root
    mode: u=rw,g=r,o=

- name: Add borgmatic configuration file
  become: true
  template:
    src: config.yaml.j2
    dest: /etc/borgmatic/config.yaml
    owner: root
    group: root
    mode: u=rw,g=r,o=
  vars:
    borg_host_dir: "/borg/{{ ansible_fqdn }}"

- name: Create SSH key
  openssh_keypair:
    path: "/etc/borgmatic/id_remote"
    type: ed25519
    regenerate: full_idempotence
    owner: root
    group: root
    mode: u=rw,g=,o=
  register: ssh_key
 
- name: Gather server facts
  delegate_to: "{{ borg_server_host }}"
  delegate_facts: true
  setup:
    gather_subset:
      - all
  register: server_facts

- name: Add server key to known hosts
  known_hosts:
    hash_host: true
    host: "{{ borg_server_host }}"
    key: "{{ borg_server_host }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public_keytype'] }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public'] }}"
  loop:
    - ecdsa
    - ed25519
    - rsa

- name: Add public key to remote
  delegate_to: "{{ borg_server_host }}"
  become: true
  authorized_key:
    exclusive: false
    user: "{{ borg_server_user }}"
    key: "{{ ssh_key.public_key }}"
    key_options: "{{ options | join(',') }}"
  vars:
    borg_host_dir: "/borg/{{ ansible_fqdn }}"
    options:
      - 'command="borg serve --restrict-to-path {{ borg_host_dir }}"'
      - no-agent-forwarding
      - no-port-forwarding
      - no-pty
      - no-user-rc
      - no-X11-forwarding

- name: Init repository
  command: borgmatic init --encryption repokey

- name: Install timer and service for borgmatic
  template:
    src: "{{ item }}.j2"
    dest: "/etc/systemd/system/{{ item }}"
    owner: root
    group: root
    mode: u=rw,g=r,o=
  loop:
    - borgmatic.timer
    - borgmatic.service
  notify:
    - Run systemd daemon-reload

- name: Run systemd deamon-reload
  systemd:
    daemon_reload: true

- name: Start and enable borgmatic timer
  systemd:
    name: borgmatic.timer
    state: started
    enabled: true

- name: Start and enable borgmatic service
  systemd:
    name: borgmatic.service
    state: started
    enabled: true

- include_role:
    name: update_motd
  vars:
    key: 10-borgmatic
    message: Borgmatic (client) est installé dans /etc/borgmatic/config.yaml.
...