---

### tags:

- name: "Add apt-key for "
  ansible.builtin.apt_key:
    url: https://mariadb.org/mariadb_release_signing_key.asc
    state: present

- name: "Add source repository for mariadb-server"
  ansible.builtin.apt_repository:
    repo: "deb [arch=amd64] https://ftp.agdsn.de/pub/mirrors/mariadb/repo/{{ mariadb_server_version }}/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main"
    state: present

- name: "Install MariaDB "# noqa package-latest
  package:
    name: "{{ item }}"
    state: latest
  with_items:
    - mariadb-server
    - mariadb-backup
    - python3-pymysql

- name: "Set vars"
  set_fact:
    cert_private_key: '{{ mariadb_server_config_dir }}/{{ inventory_hostname }}.{{ domain }}-key.pem'
    cert_public_key: '{{ mariadb_server_config_dir }}/{{ inventory_hostname }}.{{ domain }}-crt.pem'
    ca_cert: '{{ mariadb_server_config_dir }}/ca-certificate.pem'

- name: "Include role for self-signed CA"
  include_role:
    name: selfsigned_ca

- name: "Create certs with selfsigned CA"
  include_role:
    name: selfsigned_ca
    tasks_from: _create_cert
  vars:
    selfsigned_ca_cert_private_key: '{{ cert_private_key }}'
    selfsigned_ca_cert_private_key_group: mysql
    selfsigned_ca_cert_public_key: '{{ cert_public_key }}'
    selfsigned_ca_cacert: '{{ ca_cert }}'
    selfsigned_ca_cert_subject:
      CN: '{{ inventory_hostname }}.{{ domain }}'
    selfsigned_ca_cert_altnames:
      - 'DNS:{{ inventory_hostname }}.{{ domain }}'
      - 'DNS:{{ inventory_hostname }}'
    selfsigned_ca_trigger_handler: restart mysql

- name: "Create global my.cnf for mariadb"
  copy:
    dest: '{{ mariadb_server_global_my_cnf }}'
    owner: root
    group: root
    mode: '0644'
    content: |
      {{ ansible_managed | comment }}
      !includedir /etc/mysql/mariadb.conf.d/
  notify: restart mysql

- name: "ASSERT: stage_private_server_ip"
  ansible.builtin.assert:
    that:
      - stage_private_server_ip != ''
    msg: "stage_private_server_ip is EMPTY. plz check tasks/autodiscover_pre_tasks.yml "

- name: "Create mariadb cnf file: bind_address={{ stage_private_server_ip }}"
  vars:
    mariadb_server_bind_address: '{{ stage_private_server_ip }}'
  template:
    src: 50-server.cnf
    dest: '{{ mariadb_server_config_dir }}/'
    mode: '0644'
    owner: root
    group: root
  notify: restart mysql

- name: Ensure service is started
  service:
    name: mariadb
    state: started
    enabled: yes

- name: Check if root password is set
  shell: >
    mysqladmin -u root status
  changed_when: false
  failed_when: false
  register: root_pwd_check

- name: Set MariaDB root password for the first time
  community.mysql.mysql_user:
    name: root
    password: "{{ mysql_root_password }}"
    host_all: yes
    login_unix_socket: /var/run/mysqld/mysqld.sock
    state: present
  when: root_pwd_check.rc == 0

- name: Ensure MySQL databases are present.
  community.mysql.mysql_db:
    name: "{{ item.name }}"
    collation: "{{ item.collation | default('utf8_general_ci') }}"
    encoding: "{{ item.encoding | default('utf8') }}"
    state: "{{ item.state | default('present') }}"
    login_unix_socket: /run/mysqld/mysqld.sock
    login_password: "{{ mysql_root_password }}"
  with_items: "{{ mysql_databases }}"
  when: mysql_databases is defined

- name: Ensure MySQL users are present.
  community.mysql.mysql_user:
    name: "{{ item.name }}"
    password: "{{ item.password }}"
    priv: "{{ item.priv | default('*.*:USAGE') }}"
    state: "{{ item.state | default('present') }}"
    append_privs: "{{ item.append_privs | default('no') }}"
    encrypted: "{{ item.encrypted | default('no') }}"
    login_unix_socket: /run/mysqld/mysqld.sock
    login_password: "{{ mysql_root_password }}"
    host: "{{ item.host }}"
  with_items: "{{ mysql_users }}"
  when: mysql_users is defined

- name: "Install promethues mysqld-exporter"
  include_tasks: install_mysqld_exporter.yml
  when: mariadb_server_with_mysqld_exporter | default(True)

- name: 'Ensures <{{ backup_directory }}> directory exists'
  file:
    state: directory
    path: '{{ backup_directory }}'
    mode: 0755

- name: "Copy testdb.sql to ensure test DB"
  copy:
    src: '{{ item }}'
    dest: '/tmp/{{ item }}'
    mode: '0444'
    owner: root
    group: root
  loop:
    - testdb.sql

- name: "Ensure test DB"
  community.mysql.mysql_db:
    login_unix_socket: /run/mysqld/mysqld.sock
    login_password: "{{ mysql_root_password }}"
    name: dummytestdb
    state: import
    target: /tmp/testdb.sql