Add borgmatic

roles/borgmatic/tasks/target.yaml

@@ -0,0 +1,26 @@
+---
+- name: Gather facts
+  ansible.builtin.setup:
+  delegate_facts: true
+
+- name: Add ssh key to authorized_keys
+  ansible.posix.authorized_key:
+    user: "{{ hostvars[target.host].ansible_user_id }}"
+    key: >-
+      {{
+        _borgmatic_key.public_key + ' ' + _borgmatic_key.comment
+        if not (ansible_check_mode and _borgmatic_key.changed)
+        else 'ssh-ed25519 AAAA'
+      }}
+    key_options: >-
+      command="borg
+      serve{% for directory in target.directories %}
+      --restrict-to-path
+      {{ hostvars[target.host].ansible_user_dir }}/{{ directory }}/{{ ansible_fqdn }}{%- endfor -%}",restrict
+
+- name: Create backup directories
+  ansible.builtin.file:
+    path: "{{ hostvars[target.host].ansible_user_dir }}/{{ item }}/{{ ansible_fqdn }}"
+    state: directory
+    mode: "0700"
+  loop: "{{ target.directories }}"