---
- name: install server packages
  become: true
  ansible.builtin.apt:
    update_cache: true
    cache_valid_time: 3600
    force_apt_get: true
    pkg:
      - postgresql
      - python3-pexpect

- name: gather information
  become: true
  block:
    - name: pg_hba.conf path
      ansible.builtin.shell: >
        su {{ postgresql_default_user }} -c 'psql -t --csv -c "SHOW hba_file"'
      register: hba_file_query
      changed_when: false
      failed_when: hba_file_query.rc != 0 or hba_file_query.stdout is falsy
    - name: postgresql.conf path
      ansible.builtin.shell: >
        su {{ postgresql_default_user }} -c 'psql -t --csv -c "SHOW config_file"'
      register: psql_conf_query
      changed_when: false
      failed_when: psql_conf_query.rc != 0 or psql_conf_query.stdout is falsy
    - name: register facts
      ansible.builtin.set_fact:
        postgresql_hba_file: '{{ hba_file_query.stdout }}'
        postgresql_conf_file: '{{ psql_conf_query.stdout }}'

- name: update postgresql.conf values
  become: true
  block:
    - name: update listen addresses
      ansible.builtin.lineinfile:
        path: '{{ postgresql_conf_file }}'
        regexp: '^#?listen_addresses\b.+'
        line: "listen_addresses = '{{ postgresql_server_bind_addresses|join(',') }}'"
        state: present
      when: postgresql_server_bind_addresses is truthy
      notify:
        - 'postgresql : restart postgresql service'
    - name: update listen port
      ansible.builtin.lineinfile:
        path: '{{ postgresql_conf_file }}'
        regexp: '^#?port\b.+'
        line: 'port = {{ postgresql_server_port }}'
        state: present
      notify:
        - 'postgresql : restart postgresql service'
    - name: update default encryption
      ansible.builtin.lineinfile:
        path: '{{ postgresql_conf_file }}'
        regexp: '^#?password_encryption\b.+'
        line: "password_encryption = '{{ postgresql_server_encryption_scheme }}'"
        state: present
      notify:
        - 'postgresql : restart postgresql service'

- name: flush handlers
  ansible.builtin.meta: flush_handlers

- name: create databases
  become: true
  ansible.builtin.command: >
    su {{ postgresql_default_user }} -c 'createdb{% if 'tablespace' in item %} -D "{{ item.tablespace }}"{% endif %}{% if 'encoding' in item %} -E "{{ item.encoding }}"{% endif %}{% if 'locale' in item %} -l "{{ item.locale }}"{% endif %}{% if 'owner' in item %} -O "{{ item.owner }}"{% endif %} "{{ item.name }}"'
  loop: '{{ postgresql_server_databases_list }}'
  loop_control:
    label: '{{ item.name }}'
  register: create_db_exec
  failed_when: create_db_exec.rc != 0 and not " already exists" in create_db_exec.stderr
  changed_when: not " already exists" in create_db_exec.stderr

- name: create accesses
  become: true
  block:
    - name: create roles
      ansible.builtin.expect:
        command: >
          su {{ postgresql_default_user }} -c 'createuser --{{ 'no-' if item.get('nologin', False) is truthy }}login "{{ item.name }}" --pwprompt'
        responses:
          'Enter password for new role: ':
            - '{{ item.password }}'
          'Enter it again: ':
            - '{{ item.password }}'
      loop: '{{ postgresql_server_accounts_list }}'
      loop_control:
        label: '{{ item.name }}'
      register: create_user_exec
      failed_when: create_user_exec.rc != 0 and not " already exists" in create_user_exec.stdout
      changed_when: not " already exists" in create_user_exec.stdout
      no_log: true
    - name: add HBA accesses
      ansible.builtin.lineinfile:
        path: '{{ postgresql_hba_file }}'
        regexp: '^#?(?P<contype>{{ item.contype }}+)\s+(?P<databases>{{ item.databases }})\s+(?P<users>{{ item.users }})\s+(?P<addr>{{ item.address }})\s+(?P<method>{{ item.method }})$'
        line: "{{ item.contype }}\t{{ item.databases | join(',') }}\t{{ item.users | join(',') }}\t{{ item.address }}\t{{ item.method }}"
        group: '{{ postgresql_default_user }}'
        owner: '{{ postgresql_default_user }}'
        mode: '0600'
        state: present
      loop: '{{ postgresql_server_hba_conf_list }}'
      loop_control:
        label: '{{ item.contype }}:{{ item.method }}:: {{ item.users }}-{{ item.address }} @ {{ item.databases }}'
      notify:
        - 'postgresql : reload postgresql service'

- name: run custom initialization queries
  become: true
  block:
    - name: create temporary file
      ansible.builtin.tempfile:
        state: file
      register: tmp_file
      changed_when: false
    - name: export initialization SQL file
      ansible.builtin.template:
        src: ../templates/postgresql_init.sql.j2
        dest: '{{ tmp_file.path }}'
        mode: '0600'
        force: true
        owner: '{{ postgresql_default_user }}'
        group: '{{ postgresql_default_user }}'
      changed_when: false
    - name: run initialization file
      ansible.builtin.shell: "su {{ postgresql_default_user }} -c 'psql < {{ tmp_file.path }}'"
      register: run_custom_sql_exec
      failed_when: run_custom_sql_exec.rc != 0 or "ERROR" in run_custom_sql_exec.get("stderr", "")
    - name: cleanup
      ansible.builtin.file:
        path: '{{ tmp_file.path }}'
        state: absent
  when: postgresql_server_run_init_sql is truthy or postgresql_server_run_custom_sql is truthy