infrastructure/roles/borg_server/tasks/main.yml

- name: Install borg
  pacman: name=borg state=present

- name: Create borg user
  ansible.builtin.user:
    name: borg
    home: "{{ backup_dir }}"

- name: Create borg user home
  file:
    path: "{{ backup_dir }}"
    state: directory
    owner: borg
    group: borg
    mode: '0700'

- name: Create the root backup directory at {{ backup_dir }}
  file:
    path: "{{ backup_dir }}/{{ item }}"
    state: directory
    owner: borg
    group: borg
    mode: '0700'
  loop: "{{ backup_clients }}"

- name: Fetch ssh keys from each borg client machine
  command: cat /root/.ssh/id_rsa.pub
  register: ssh_keys
  delegate_to: "{{ item }}"
  loop: "{{ backup_clients }}"
  changed_when: ssh_keys.stdout | length > 0

- name: Allow certain clients to connect
  authorized_key:
    user: borg
    key: "{{ item.stdout }}"
    manage_dir: true
    key_options: "command=\"borg serve --restrict-to-path {{ backup_dir }}/{{ item['item'] }}\",restrict"
  loop: "{{ ssh_keys.results }}"