- debug: var=groups[borg_server__clients_ansible_group]

- become: yes
  become_user: borg
  vars:
    clients: "{{ groups[borg_server__clients_ansible_group] }}"
  block:
    - name: mkdir repos
      file:
        path: "{{ borg_server__home }}/repos"
        state: directory
        mode: u=rwx,go=

    - name: mkdir repos/{{ item.key }}
      with_items: "{{ clients }}"
      command: borg init "{{ item }}" -e none
      args:
        creates: "{{ borg_server__home }}/repos/{{ item }}"
        chdir: "{{ borg_server__home }}/repos"

    - name: authorized_keys
      with_items: "{{ clients }}"
      vars:
        client: "{{hostvars[ansible_hostname]['borg_' + item]}}"
      authorized_key:
        user: borg
        state: "{{ client.state }}"
        key: "{{ lookup('file', item + '/etc/borg/id_ed25519.pub') }}"
        path: "{{ borg_server__home }}/.ssh/authorized_keys"
        key_options: "command=\"cd {{ borg_server__home }}/repos; borg serve --append-only --restrict-to-path {{ borg_server__home }}/repos/{{ item }}\",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc"