Add SSH configuration

defaults/main.yml

@@ -45,3 +45,5 @@ borgmatic_store_atime: true
 borgmatic_store_ctime: true
 borgmatic_relocated_repo_access_is_ok: false
 borgmatic_version: false
+
+ssh_config_path: /root/.ssh/config

tasks/main.yml

@@ -3,10 +3,9 @@
   ansible.builtin.import_tasks: packages.yml
   tags: packages
 
-- name: Generate an OpenSSH keypair
+- name: Create SSH key
-  community.crypto.openssh_keypair:
+  ansible.builtin.import_tasks: ssh.yml
-    path: "{{ borg_ssh_key_file_path }}"
+  tags: ssh
-    type: "{{ borg_ssh_key_type }}"
 
 - name: Setup borgbase backup
   ansible.builtin.import_tasks: borgbase.yml
@@ -33,3 +32,4 @@
     command: "borgmatic init -e {{ borg_repo_key }}"
     responses:
       ^.*want to continue connecting.*$: "yes"
+

tasks/ssh.yml

@@ -0,0 +1,19 @@
+---
+- name: "SSH | Generate an OpenSSH keypair"
+  community.crypto.openssh_keypair:
+    path: "{{ borg_ssh_key_file_path }}"
+    type: "{{ borg_ssh_key_type }}"
+
+- name: "SSH | Ensure configuration file is present"
+  ansible.builtin.file:
+    path: "{{ ssh_config_name }}"
+    state: touch
+    mode: "644"
+
+- name: "SSH | Insert borgbase configuration"
+  ansible.builtin.blockinfile:
+    path: "{{ ssh_config_name }}"
+    marker: "### {mark} ANSIBLE MANAGED BLOCK"
+    block: |
+      Host *.repo.borgbase.com
+      IdentityFile {{ borg_ssh_key_file_path }}