# This ensures fact population so the borg-backup role, run on the
# backup-clients, can add the public key for each backup server in
# "borg-backup-server" to it's known_hosts.
- hosts: "borg-backup-server:!disabled"
  name: "Populate backup server host keys"
  tasks:
    - name: 'Gather minimal host facts'
      setup:
        gather_subset: '!all'

# These two steps needs to happen in order.  Backup hosts export their
# username/key combos in this step, then the following role uses that
# info to authorizes these users on the backup servers.
- hosts: "borg-backup:!disabled"
  name: "Generate borg backup users and keys"
  roles:
    - iptables
    - borg-backup

- hosts: "borg-backup-server:!disabled"
  name: "Generate borg configuration"
  roles:
    - iptables
    - borg-backup-server