---
- name: client | generate ssh key for this machine
  user:
    name: "{{ borgbackup_client_user }}"
    generate_ssh_key: true
    ssh_key_bits: 2048
    ssh_key_file: "{{ borgbackup_ssh_key }}"
    ssh_key_type: rsa

- name: client | fetch ssh-key
  shell: "cat {{ borgbackup_ssh_key }}.pub"
  register: sshkey
  changed_when: false

- name: client | write passphrase
  lineinfile:
    dest: "~{{ borgbackup_client_user }}/.borg.passphrase"
    state: "present"
    line: 'export BORG_PASSPHRASE="{{ borgbackup_passphrase }}"'
    create: true

- name: client | disable strict key checking for backup servers
  blockinfile:
    dest: "~{{ borgbackup_client_user }}/.ssh/config"
    create: true
    marker: "### {mark} ANSIBLE MANAGED BLOCK {{ item.fqdn }} ###"
    content: |
      Host {{ item.fqdn }}
        StrictHostKeyChecking no
        IdentityFile {{ borgbackup_ssh_key }}
        {% if item.port is defined %}
        Port {{ item.port }}
        {% endif %}
  with_items: "{{ borgbackup_servers }}"

- name: client | put non management sshpubkey on the normal backupserver
  authorized_key:
    user: "{{ item.user }}"
    key: "{{ sshkey.stdout }}"
    key_options: 'command="cd {{ item.home }}{{ item.pool }}/{{ inventory_hostname }};borg serve {% if borgbackup_appendonly %}--append-only {% endif %}--restrict-to-path {{ item.home }}/{{ item.pool }}/{{ inventory_hostname }}",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc'
  delegate_to: "{{ item.fqdn }}"
  when: inventory_hostname != borgbackup_management_station
  with_items: "{{ borgbackup_servers }}"

- name: client | put management sshpubkey on backupservers, no appendonly nor path restriction
  authorized_key:
    user: "{{ item.user }}"
    key: "{{ sshkey.stdout }}"
    key_options: 'command="cd {{ item.home }}{{ item.pool }}/{{ inventory_hostname }};borg serve ",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc'
  delegate_to: "{{ item.fqdn }}"
  when: inventory_hostname == borgbackup_management_station
  with_items: "{{ borgbackup_servers }}"

- name: client | put wrapper script
  template:
    src: "borg-backup.sh.j2"
    dest: "/usr/local/bin/borg-backup"
    owner: "{{ borgbackup_owner }}"
    group: "{{ borgbackup_group }}"
    mode: "0744"

- name: client | create backup-directory on backup server
  shell: /usr/local/bin/borg-backup init
  become_user: "{{ borgbackup_client_user }}"
  register: backup_init
  changed_when: "'Remember your passphrase' in backup_init.stderr"

- name: client | create backup cronjob
  cron:
    cron_file: "borg-backup"
    user: "{{ borgbackup_client_user }}"
    name: "borg-backup"
    minute: "{{ borgbackup_cron_minute }}"
    hour: "{{ borgbackup_cron_hour }}"
    day: "{{ borgbackup_cron_day }}"
    job: "/usr/local/bin/borg-backup backup"

- name: client | create log directory
  file:
    path: "/var/log/borgbackup"
    state: "directory"
    owner: "root"
    group: "root"
    mode: "0755"