---
- name: Create ssh key
  when:
    - borg_install_method != "docker"
  block:
  - name: Create SSH key (if needed) for {{ borg_user }}
    block:
      - name: Ensure directory exist
        ansible.builtin.file:
          path: "{{ backup_user_info.home }}/.ssh/"
          state: directory
          mode: "0700"
          owner: "{{ borg_user }}"
          group: "{{ borg_group }}"

      - name: Generate an OpenSSH keypair
        when: borg_ssh_private_key is undefined
        community.crypto.openssh_keypair:
          path: "{{ borg_ssh_key_file_path }}"
          mode: "0600"
          type: "{{ borg_ssh_key_type }}"
          owner: "{{ borg_user }}"
          group: "{{ borg_group }}"

      - name: Copy provided OpenSSH private key
        when: borg_ssh_private_key is defined
        ansible.builtin.copy:
          content: "{{ borg_ssh_private_key }}"
          dest: "{{ borg_ssh_key_file_path }}"
          mode: "0600"
          owner: "{{ borg_user }}"
          group: "{{ borg_group }}"

      - name: Generate public key from private key
        when: borg_ssh_private_key is defined
        changed_when: false
        failed_when: not public_key.stdout.startswith("ssh")
        register: public_key
        ansible.builtin.command: "ssh-keygen -yf {{ borg_ssh_key_file_path }}"

      - name: Copy provided OpenSSH public key
        when: borg_ssh_private_key is defined
        ansible.builtin.copy:
          content: "{{ public_key.stdout }}"
          dest: "{{ borg_ssh_key_file_path }}.pub"
          mode: "0666"
          owner: "{{ borg_user }}"
          group: "{{ borg_group }}"

      - name: Read SSH key
        ansible.builtin.slurp:
          src: "{{ borg_ssh_key_file_path }}.pub"
        register: backup_local_ssh_key

      - name: Print key
        ansible.builtin.debug:
          msg: "The generated key is: {{ backup_local_ssh_key['content'] | b64decode }}"
...