include:
  - profile.borgbackup.packages

# client-side user (non-privileged or root)
{% set client_user = 'cboltz' %}  # TODO (use pillar - from pillar/id or pillar/role?)
{% set client_home = salt['user.info'](client_user).home %}
{% set backup_pass = 'topsecret' %}  # TODO: create encrypted pillar  borgbackup/{{ server_user }}.sls  with backup_pass and ssh private key
{% set backup_server = pillar.get('profile:borgbackup:backupserver') %}

# server-side
{% set server_user = 'cboltz' %}  # TODO (use pillar)
{% set backupdir = '/backup/' + server_user + '/borgbackup' %}


# setup user and ssh stuff
borgbackup_user:
  user.present:
    - name: {{ client_user }}

{{ salt['user.info'](client_user).home }}/.ssh:
  file.directory:
    - user: {{ client_user }}
    - mode: 700

{{ salt['user.info'](client_user).home }}/.ssh/borgbackup_key:
  file.managed:
    - user: {{ client_user }}
    - mode: 600
    - contents_pillar: profile.borgbackup.{{ server_user }}.privatekey

{{ salt['user.info'](client_user).home }}/.ssh/known_hosts:
  file.append:
    - user: {{ client_user }}
    - mode: 600
    - contents_pillar: profile.borgbackup.ssh_known_hosts

# backup config file
{{ salt['user.info'](client_user).home }}/borg-env:
  file.managed:
    - user: {{ client_user }}
    - mode: 600
    - contents:
      - export BORG_RSH="ssh -i {{ salt['user.info'](client_user).home }}/.ssh/borgbackup_key"
      - export BORG_PASSPHRASE='{{ backup_pass }}'
      - "export BORG_REPO='ssh://{{ client_user }}@{{ backup_server }}{{ backupdir }}'"
      - export LOG='/var/log/borg/backup.log'
      # TODO: make the directory to backup configurable
      # TODO: make excludes configurable

# initialize the backup
borgbackup_init:
  cmd.run:
    - env: {{ backup_pass }}
    - name: borg init --encryption=repokey 'ssh://{{ client_user }}@{{backup_server}}{{ backupdir }}'
    - runas: {{ client_user }}
    - creates: {{ salt['user.info'](client_user).home }}/.cache/borg/CACHEDIR.TAG

{{ salt['user.info'](client_user).home }}/borg-backup-script:
  file.managed:
    - source: salt://profile/borgbackup/files/borg-backup-script
    - user: {{ client_user }}
    - mode: 600

/var/log/borg:
  file.directory
    - user: {{ client_user }}

# create cronjob
# TODO