infrastructure/playbooks/fetch-borg-keys.yml

---

- name: prepare local storage directory
  hosts: 127.0.0.1
  tasks:
      - file: path="{{playbook_dir}}/../borg-keys/" state=directory

- name: fetch borg keys
  hosts: borg-clients
  tasks:
      - name: fetch borg key
        command: "/usr/local/bin/borg key export :: /dev/stdout"
        register: borg_key

      - name: save borg key
        shell: gpg --batch --armor --encrypt --output - >"{{playbook_dir}}/../borg-keys/{{inventory_hostname}}.gpg" {% for userid in root_gpgkeys %}--recipient {{userid}} {% endfor %}
        args:
            stdin: "{{borg_key.stdout}}"
            chdir: "{{playbook_dir}}/.."
        delegate_to: localhost