---
# Configure a Hetzner Storage Box for restic backups.
# Run once before the first restic deployment (enable_restic: true).
#
# Prerequisites:
#   - restic_storagebox_id set in config.yml
#   - hetzner_robot_user / hetzner_robot_password set in vault.yml
#
# What it does:
#   1. Generates an SSH key pair in LINDERHOF_DIR (skips if already present)
#   2. Fetches storage box details from Robot API (derives restic_user / restic_host)
#   3. Enables SSH access on the storage box
#   4. Uploads the public key (replaces any existing key with the same label)
#   5. Writes LINDERHOF_DIR/group_vars/all/storagebox.yml — loaded automatically
#      by Ansible on subsequent runs, no manual config edits required

- name: Configure Hetzner Storage Box for restic backups
  hosts: localhost
  connection: local
  gather_facts: false
  become: false

  roles:
    - role: storage_box
      tags: storage_box