---
- hosts: all 
  become: true
  tasks:

  - name: create user backup
    user: 
      name: backup-user
      state: present
      create_home: yes
      shell: /bin/bash
      append: yes

  - name: update 
    apt:
      update_cache: yes 

  - name: install borgbackup
    apt:
      name: borgbackup
      state: present

- hosts: client
  become: true
  tasks:

  - name: сreate ssh dir
    file:
      path: "/home/backup-user/.ssh"
      state: directory
      owner: backup-user
      group: backup-user
      mode: '0700'

  - name: generate ssh key
    user:
      name: backup-user
      generate_ssh_key: yes
      ssh_key_bits: 4096
      ssh_key_type: ed25519
      ssh_key_file: ~/.ssh/id_rsa
      force: no

  - name: save public key
    fetch:
      src: ~/.ssh/id_rsa.pub
      dest: "{{ lookup('env', 'PWD') }}/"
      flat: yes

  - name: save ssh fingerprint
    shell: ssh-keyscan -t rsa 192.168.80.30 >> ~/.ssh/known_hosts 2>/dev/null



- hosts: backup-server
  become: true
  tasks:

  - name: сreate dir mount for backup
    file:
      path: /var/hdd-backup
      state: directory

  - name: format hdd
    filesystem:
      fstype: ext4 
      dev: /dev/sdc
      force: no

  - name: mount hdd backup-server
    mount:
      path: /var/hdd-backup
      src: /dev/sdc
      fstype: ext4
      state: mounted 
      opts: defaults

  - name: сreate dir backup
    file:
      path: /var/hdd-backup/backup
      state: directory

  - name: chown backup dir
    file:
      path: /var/hdd-backup/backup
      owner: backup-user
      group: backup-user
      mode: '0755'
      state: directory
      recurse: yes

  - name: сreate ssh dir
    file:
      path: "/home/backup-user/.ssh"
      state: directory
      owner: backup-user
      mode: '0700'

  - name: add public key to backup-server
    authorized_key:
      user: backup-user
      state: present
      key: "{{ lookup('file', 'id_rsa.pub') }}"

- hosts: client
  become: true
  tasks:

  - name: generate pass
    set_fact:
      user_password: "{{ lookup('ansible.builtin.password', '/dev/null length=12') }}"

  - name: save pass
    copy:
      content: "{{ user_password }}"
      dest: "./pass"
    become: no 
    delegate_to: localhost

  - name: show pass
    debug:
      msg: "ВНИМАНИЕ!!! Сохраните сгенерированный пароль: {{ user_password }}"

  - name: borg initialization
    shell: borg init --encryption=repokey backup-user@192.168.80.30:/var/hdd-backup/backup
    environment:
      BORG_PASSPHRASE: "{{ user_password }}"

  - name: create backup script
    vars:
      borg_pass: "{{ user_password }}"
    template:
      src: template_backup.sh
      dest: /opt/backup.sh
      mode: '0755'

  - name: create cron
    cron:
      name: "Create backup /etc"
      minute: "*/5"
      job: "/opt/backup.sh"