---
- name: Skip hosts without backup config
  ansible.builtin.debug:
    msg: "No entry in backup_hosts for {{ inventory_hostname }}; skipping backup role."
  when: inventory_hostname not in (backup_hosts | default({}))

- name: Configure borgmatic
  when: inventory_hostname in (backup_hosts | default({}))
  block:

    - name: Install borgmatic
      ansible.builtin.package:
        name: borgmatic
        state: present

    - name: Ensure /etc/borgmatic exists
      ansible.builtin.file:
        path: /etc/borgmatic
        state: directory
        owner: root
        group: root
        mode: '0750'

    - name: Deploy borgmatic config
      ansible.builtin.template:
        src: borgmatic.yaml.j2
        dest: /etc/borgmatic/config.yaml
        owner: root
        group: root
        mode: '0640'

    - name: Ensure root has an SSH key for the borg server
      ansible.builtin.user:
        name: root
        generate_ssh_key: true
        ssh_key_type: ed25519
        ssh_key_file: .ssh/id_ed25519
        ssh_key_comment: "borgmatic@{{ inventory_hostname }}"
      register: root_ssh

    - name: Show root's SSH public key (add this to the borg server's authorized_keys)
      ansible.builtin.debug:
        msg: "{{ root_ssh.ssh_public_key }}"

    - name: Enable and start borgmatic timer
      ansible.builtin.systemd:
        name: borgmatic.timer
        enabled: true
        state: started