# note borg_user is the parent loop variable name; this works on each
# element from the borg_users global.
- name: Set variables
  set_fact:
    user_name: '{{ borg_user[0] }}'
    user_key: '{{ borg_user[1] }}'

- name: Create borg user
  user:
    name: '{{ user_name }}'
    comment: 'Backup user'
    shell: /bin/bash
    home: '/opt/backups/{{ user_name }}'
    create_home: yes
  register: homedir

- name: Create borg user authorized key
  authorized_key:
    user: '{{ user_name }}'
    state: present
    key: '{{ user_key }}'
    key_options: 'command="/opt/borg/bin/borg serve --append-only --restrict-to-path /opt/backups/{{ user_name }}/backup",restrict'

# ansible-lint wants this in a handler, it should be done here and
# now; this isn't like a service restart where multiple things might
# call it.
- name: Initalise borg
  command:  /opt/borg/bin/borg init --encryption=none /opt/backups/{{ user_name }}/backup
  become: yes
  become_user: '{{ user_name }}'
  when: homedir.changed