---
- name: Create Group
  ansible.builtin.group:
    name: "{{ group }}"
    state: present

- name: Create user
  ansible.builtin.user:
    name: "{{ user }}"
    shell: /bin/bash
    home: "{{ home }}"
    createhome: true
    group: "{{ group }}"
    state: present

- name: Ensure home dir is present
  ansible.builtin.file:
    path: "{{ home }}"
    owner: "{{ user }}"
    group: "{{ group }}"
    mode: 0770
    state: directory

- name: Ensure ssh dir is present
  ansible.builtin.file:
    path: "{{ home }}/.ssh"
    owner: "{{ user }}"
    group: "{{ group }}"
    mode: 0700
    state: directory

- name: Ensure pool dir is present
  ansible.builtin.file:
    path: "{{ pool }}"
    owner: "{{ user }}"
    group: "{{ group }}"
    mode: 0770
    state: directory

- name: Create autorized key entry
  ansible.posix.authorized_key:
    user: "{{ user }}"
    key: "{{ item.key }}"
    key_options: 'command="cd {{ pool }}/{{ item.host }};borg serve --umask=007 --restrict-to-path {{ pool }}/{{ item.host }}",restrict'
  with_items: "{{ auth_users }}"

- name: Ensure permission on authorized_keys file
  ansible.builtin.file:
    path: "{{ home }}/.ssh/authorized_keys"
    owner: "{{ user }}"
    group: "{{ group }}"
    mode: 0600
    state: file

- name: Ensure host pool dir is present
  ansible.builtin.file:
    path: "{{ pool }}/{{ item.host }}"
    owner: "{{ user }}"
    group: "{{ group }}"
    mode: 0770
    state: directory
  with_items: "{{ auth_users }}"