Derive public SSH key instead of hardcoding it

roles/docker/defaults/main.yml

@@ -53,7 +53,6 @@ services:
     domain: "rynkeby.skovgaard.tel"
     volume_folder: "{{ volume_root_folder }}/restic"
     repository: "/mnt/SpinningRust/data.coop-backup/restic"
-    ssh_pubkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1lNLshXytq+mx2LPzm8Neh/nrVqCR3iDXPONzBag9s restic@fedder
     version: "1.6.0"
     disabled_in_vagrant: true
 

roles/docker/tasks/services/restic_backup.yml

@@ -2,7 +2,7 @@
 ---
 - name: Create SSH directory
   file:
-    name: "{{ services.restic.volume_folder }}/ssh"
+    path: "{{ services.restic.volume_folder }}/ssh"
     owner: root
     group: root
     mode: '0700'
@@ -16,13 +16,20 @@
     mode: '0600'
     content: "{{ restic_secrets.ssh_privkey }}"
 
-- name: Copy public SSH key
-  copy:
-    dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
+- name: Derive public SSH key
+  shell: >
+    ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
+      > {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
+  args:
+    creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
+
+- name: Set file permissions on public SSH key
+  file:
+    path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
     owner: root
     group: root
     mode: '0644'
-    content: "{{ services.restic.ssh_pubkey }}"
+    state: touch
 
 - name: Setup restic backup
   docker_compose: