Add borgmatic

roles/borgmatic/tasks/main.yaml

@@ -0,0 +1,55 @@
+---
+- name: Ensure host distribution is supported
+  ansible.builtin.import_role:
+    name: compatcheck
+  vars:
+    compatcheck_supported_distributions:
+      - name: debian
+        version_min: 11
+      - name: ubuntu
+        version_min: 22
+
+- name: Install borgmatic
+  ansible.builtin.apt:
+    name: borgmatic
+
+- name: Disable borgmatic global timer
+  ansible.builtin.systemd_service:
+    name: borgmatic.timer
+    state: stopped
+    enabled: false
+
+- name: Add systemd drop-in service for borgmatic
+  ansible.builtin.template:
+    src: borgmatic@.service.j2
+    dest: /etc/systemd/system/borgmatic@.service
+    mode: "0644"
+
+- name: Create borgmatic configurations directory
+  ansible.builtin.file:
+    path: /etc/borgmatic.d
+    state: directory
+    mode: "0755"
+
+- name: Generate ssh key for borg
+  community.crypto.openssh_keypair:
+    type: ed25519
+    path: "{{ ansible_user_dir }}/.ssh/id_ed25519_borg"
+    comment: "{{ ansible_user_id }}@{{ ansible_fqdn }} borg"
+  register: _borgmatic_key
+
+- name: Setup backup targets
+  ansible.builtin.include_tasks:
+    file: target.yaml
+    apply:
+      delegate_to: "{{ target.host }}"
+      become: false
+  loop: "{{ borgmatic_targets }}"
+  loop_control:
+    loop_var: target
+
+- name: Add borg target ssh host keys to known hosts
+  ansible.builtin.known_hosts:
+    name: "{{ item }}"
+    key: "{{ item }} ssh-ed25519 {{ hostvars[item].ansible_ssh_host_key_ed25519_public }}"
+  loop: "{{ borgmatic_targets | map(attribute='host') }}"