# vim: ft=yaml.ansible
---
- name: Create SSH directory
  file:
    path: "{{ services.restic.volume_folder }}/ssh"
    owner: root
    group: root
    mode: '0755'
    state: directory

- name: Upload private SSH key
  copy:
    dest: "{{ services.restic.volume_folder }}/ssh/id_ed25519"
    owner: root
    group: root
    mode: '0600'
    content: "{{ restic_secrets.ssh_privkey }}"

- name: Derive public SSH key
  shell: >-
    ssh-keygen -f {{ services.restic.volume_folder }}/ssh/id_ed25519 -y
      > {{ services.restic.volume_folder }}/ssh/id_ed25519.pub
  args:
    creates: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"

- name: Set file permissions on public SSH key
  file:
    path: "{{ services.restic.volume_folder }}/ssh/id_ed25519.pub"
    owner: root
    group: root
    mode: '0644'
    state: touch

- name: Upload SSH config
  template:
    src: restic/ssh.config.j2
    dest: "{{ services.restic.volume_folder }}/ssh/config"
    owner: root
    group: root
    mode: '0600'

- name: Upload SSH known_hosts file
  template:
    src: restic/ssh.known_hosts.j2
    dest: "{{ services.restic.volume_folder }}/ssh/known_hosts"
    owner: root
    group: root
    mode: '0600'