- name: "Adding group postgresql"
  group:
    name: postgres
    gid: 2001

- name: "Adding user postgresql"
  user:
    name: postgres
    uid: 2000
    group: postgres
    home: '{{ postgres_homedir }}'
    system: true
    shell: /bin/bash

- name: "Ensure postgres_homedir exists"
  file:
    path: "{{ postgres_homedir }}"
    state: directory
    owner: postgres
    group: postgres
    mode: "0755"

- name: "Ensuring repository meta is installed"
  apt:
    name: ["debian-keyring", "debian-archive-keyring", "apt-transport-https"]
    update_cache: yes
    cache_valid_time: 900
    state: present

- name: "Adding an apt signing key, uses whichever key is at the url"
  ansible.builtin.apt_key:
    url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
    state: present
    validate_certs: false

- name: "Adding postgresql repository into sources list"
  ansible.builtin.apt_repository:
    repo: deb http://apt.postgresql.org/pub/repos/apt {{ default_postgres_target_distribution }} main
    state: present

- name: "Ensuring several packages being installed"
  apt:
    name: "{{ item }}"
    update_cache: yes
    cache_valid_time: 900
    state: present
  loop:
    - 'postgresql-{{ default_postgres_version }}'
    - python3-psycopg2

- name: "Set vars"
  set_fact:
    cert_private_key: '{{ postgres_homedir }}/{{ inventory_hostname }}.{{ domain }}-key.pem'
    cert_public_key: '{{ postgres_homedir }}/{{ inventory_hostname }}.{{ domain }}-crt.pem'
    ca_cert: '{{ postgres_homedir }}/ca-certificate.pem'

- name: "Include role for self-signed CA"
  include_role:
    name: selfsigned_ca

- name: "Create certs with selfsigned CA"
  include_role:
    name: selfsigned_ca
    tasks_from: _create_cert
  vars:
    selfsigned_ca_cert_private_key: '{{ cert_private_key }}'
    selfsigned_ca_cert_private_key_group: postgres
    selfsigned_ca_cert_public_key: '{{ cert_public_key }}'
    selfsigned_ca_cacert: '{{ ca_cert }}'
    selfsigned_ca_cert_subject:
      CN: '{{ inventory_hostname }}.{{ domain }}'
    selfsigned_ca_cert_altnames:
      - 'DNS:{{ inventory_hostname }}.{{ domain }}'
      - 'DNS:{{ inventory_hostname }}'
#    selfsigned_ca_trigger_handler: restart postgres

- name: "ASSERT: stage_private_server_ip"
  ansible.builtin.assert:
    that:
      - stage_private_server_ip != ''
    msg: "stage_private_server_ip is EMPTY. plz check tasks/autodiscover_pre_tasks.yml "

- name: "Ensure postgresql.conf via evil lineinfile..."
  lineinfile:
    state: present
    regex: "{{ item.regex }}"
    line: "{{ item.line }}"
    path: /etc/postgresql/{{ default_postgres_version }}/main/postgresql.conf
  loop: '{{ postgres_config }}'
  notify: restart postgres

- name: "Creating archive directory if necessary"
  file:
    state: directory
    path: /postgresql/replication
    owner: postgres
    group: postgres
    mode: "g+s"

- name: "Install postgres exporter via include_task"
  include_tasks: install_postgres_exporter.yml
  args:  
    apply:
      tags:
        - postgres-exporter
  tags:
    - postgres-exporter