In order to do backups via rsync/ssh into Gohma, the source server needs to have a ssh key for the root user, and Gohma needs to have a user account for that source server containing that key in authorized_keys.
Currently that's done by running a one-time script in gohma's ~/bin. It should be handled in the Ansible playbook to configure backups.