---
# In this Play an ssh key pair is created for login to the backup server and secure data transfer.
# We do not want the possibly existing key to be used/distributed, 
# so a backup-specific (backup/backup.pub) one is created.
- name: Create ssh-key (if neeeded) for {{ borgbackup_user }} 
  tags:
    - install_backup
  block:
    - name: Ensire directory exist
      ansible.builtin.file:
        path: "{{ backup_user_info.home }}/.ssh/"
        state: directory
        mode: "0700"
        owner: "{{ borgbackup_user }}"
        group: "{{ borgbackup_group }}"

    - name: Generate an OpenSSH keypair
      community.crypto.openssh_keypair:
        path: "{{ backup_user_info.home }}/.ssh/backup"
        mode: "0600"
        type: "{{ borg_ssh_key_type }}"
        owner: "{{ borgbackup_user }}"
        group: "{{ borgbackup_group }}"
    
    - name: Set key permission
      ansible.builtin.file:
        path: "{{ backup_user_info.home }}/.ssh/backup.pub"
        mode: "0644"
        owner: "{{ borgbackup_user }}"
        group: "{{ borgbackup_group }}"

    - name: Read ssh key
      ansible.builtin.slurp:
        src: "{{ backup_user_info.home }}/.ssh/backup.pub"
      register: backup_local_ssh_key

    - name: Print key
      ansible.builtin.debug:
        msg: "The generated key is: {{ backup_local_ssh_key['content'] | b64decode }}"
...