Auto-register borg repo on the controller per host

backup role now logs into borgcontroller and creates (or looks up) a
repository with alias=inventory_hostname, registering root's pubkey and
the requested storageSize. The resulting SSH URI is injected into the
borgmatic config so each host gets a remote-managed repo without manual
config.

backup_hosts entries gain a `storage_size_gb` field (stripped before
templating) and lose the manual `repositories` entry — the role fills it.
borgcontroller_{username,password} are expected from Semaphore secrets.

Also gitignores .claude/ local state.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

group_vars/all/backup.yml

@@ -1,15 +1,18 @@
 ---
-# Per-host borgmatic config. Keys must match inventory_hostname.
-# Hosts not listed here are skipped by the `backup` role.
-# The value under each host is rendered verbatim as the borgmatic
-# config file (see https://torsion.org/borgmatic/docs/reference/configuration/).
+# Borg Controller — auto-creates a repo per host on a BorgWarehouse-backed server.
+# borgcontroller_username / borgcontroller_password come from Semaphore secrets.
+borgcontroller_url: https://borgcontroller.internet-master.cz
+
+# Per-host borgmatic config. Hosts not listed here are skipped by the `backup` role.
+# `storage_size_gb` is stripped before rendering and used to size the controller-side
+# repo. `repositories` is auto-filled from the controller — don't set it manually.
+# Other keys are passed through verbatim to borgmatic, see
+# https://torsion.org/borgmatic/docs/reference/configuration/
 backup_hosts:
   testipaclient:
+    storage_size_gb: 10
     source_directories:
       - /home/jakub
-    repositories:
-      - path: /var/backups/borg/jakub-home
-        label: jakub-home
     keep_daily: 7
     keep_weekly: 4
     keep_monthly: 6