---
- name: Gather facts
  ansible.builtin.setup:
  delegate_facts: true
  ignore_unreachable: true
  retries: 3

- name: Add ssh key to authorized_keys
  ansible.posix.authorized_key:
    user: "{{ hostvars[target.host].ansible_user_id }}"
    key: >-
      {{
        _borgmatic_key.public_key + ' ' + _borgmatic_key.comment
        if not (ansible_check_mode and _borgmatic_key.changed)
        else 'ssh-ed25519 AAAA'
      }}
    key_options: >-
      command="borg
      serve{% for directory in target.directories %}
      --restrict-to-path
      {{ hostvars[target.host].ansible_user_dir }}/{{ directory }}/{{ ansible_fqdn }}{%- endfor -%}",restrict

- name: Create backup directories
  ansible.builtin.file:
    path: "{{ hostvars[target.host].ansible_user_dir }}/{{ item }}/{{ ansible_fqdn }}"
    state: directory
    mode: "0700"
  loop: "{{ target.directories }}"