---
- name: "Install required software on clients"
  become: true
  ansible.builtin.package:
    name: "{{ item }}"
    state: "present"
  with_items:
    - "acl"

- name: "Create backup user on clients"
  become: true
  ansible.builtin.user:
    name: "{{ duplicity_client_user }}"

- name: "Deploy server ssh keys to clients"
  become: true
  ansible.posix.authorized_key:
    user: "{{ duplicity_client_user }}"
    state: "present"
    key: "{{ item.duplicity_server_user_key }}"
  with_items: "{{ groups['duplicityclient'] | flatten(levels=1) }}"

- name: "Set default ACLs on backup data"
  become: true
  ansible.posix.acl:
    path: "{{ item }}"
    entity: "{{ duplicity_client_user }}"
    etype: "user"
    permissions: r-X
    default: true
    state: present
    recursive: true
  with_items: "{{ duplicity_client_backup_paths }}"

- name: "Set read ACLs on existing backup data"
  become: true
  ansible.posix.acl:
    path: "{{ item }}"
    entity: "{{ duplicity_client_user }}"
    etype: "user"
    permissions: r-X
    state: present
    recursive: true
  with_items: "{{ duplicity_client_backup_paths }}"