- set_fact:
    ssh: ssh -o SendEnv=BORG_PASSPHRASE {{ ansible_user }}@{{ inventory_hostname }}

- name: get the authorized_keys from rsync.net
  local_action: command {{ ssh }} cat .ssh/authorized_keys
  register: authorized_keys
  changed_when: false

# - debug: var=authorized_keys.stdout

- include_tasks: borg-init.yml
  loop: "{{ borg_rsyncnet__clients | dict2items }}"
  loop_control:
    label: "{{ client.key }}"
    loop_var: client
  when: client.value.state | default("present") != "absent"

- name: Remove all "borg:" lines from authorized keys
  set_fact:
    other_lines: |
      {% for line in authorized_keys.stdout_lines %}
      {% if line | regex_search('borg: ') is none %}
      {{ line }}
      {% endif %}
      {% endfor %}

# - debug: var=other_lines.stdout

- name: Generate a new authorized_keys with other lines + generated list
  set_fact:
    authorized_keys: |
      {% for line in other_lines | split("\n") -%}
      {{ line.strip() }}
      {% endfor %}
      {% for client, config in borg_rsyncnet__clients.items() %}
      {% set state=config.state | default('present') %}
      {% if state == 'present' %}
      {% set key=lookup('file', 'borg/' + client + '/ssh-key.pub') %}
      {{ key }} # borg: {{ client }}, state={{state}}
      {% else %}
      # borg: {{ client }}, state={{state}}
      {% endif %}
      {% endfor %}
# "
#      restrict,command="{{ borg_rsyncnet___borg_remote_path }} serve --append-only{% for r in config.repos %} --restrict-to-repository {{ borg_rsyncnet__home }}/repos{{ client }}/{{ r }}{% endfor %}" {{ key }} # borg: {{ client }}, state={{state}}

# - debug: var=other_lines
# - debug: 
#     msg: "{{ authorized_keys }}"

- name: Deploy authorized_keys
  local_action:
    module: shell
    cmd: "{{ ssh }} dd of=.ssh/authorized_keys"
    stdin: "{{ authorized_keys }}"