---
- name: Install required packages for PostgreSQL installation
  apt:
    name:
      - ca-certificates
      - curl
      - gnupg
      - lsb-release
    state: present
    update_cache: yes
  tags: postgresql

- name: Create PostgreSQL repository keyring directory
  file:
    path: /etc/apt/keyrings
    state: directory
    mode: '0755'
  tags: postgresql

- name: Download and install PostgreSQL GPG key
  shell: |
    curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/keyrings/postgresql.gpg
    chmod 644 /etc/apt/keyrings/postgresql.gpg
  args:
    creates: /etc/apt/keyrings/postgresql.gpg
  tags: postgresql

- name: Add PostgreSQL repository
  apt_repository:
    repo: "deb [signed-by=/etc/apt/keyrings/postgresql.gpg] http://apt.postgresql.org/pub/repos/apt {{ ansible_distribution_release }}-pgdg main"
    state: present
    update_cache: yes
  tags: postgresql

- name: Install PostgreSQL
  apt:
    name:
      - postgresql-{{ postgresql_version }}
      - postgresql-contrib-{{ postgresql_version }}
      - postgresql-client-{{ postgresql_version }}
    state: present
    update_cache: yes
  tags: postgresql

- name: Ensure PostgreSQL service is started and enabled
  service:
    name: postgresql@17-main
    state: started
    enabled: yes
  tags: postgresql

- name: Configure PostgreSQL listen addresses
  lineinfile:
    path: "/etc/postgresql/{{ postgresql_version }}/main/postgresql.conf"
    regexp: "^listen_addresses[[:space:]]*="
    line: "listen_addresses = '{{ postgresql_listen_addresses }}'"
    backup: yes
  tags: postgresql

- name: Configure PostgreSQL authentication
  lineinfile:
    path: "/etc/postgresql/{{ postgresql_version }}/main/pg_hba.conf"
    line: "host    all             all             192.168.0.0/24          md5"
    insertafter: "^# IPv4 local connections:"
    backup: yes
  tags: postgresql

- name: Reload PostgreSQL configuration
  service:
    name: postgresql@17-main
    state: reloaded
    name: postgresql@17-main
  tags: postgresql

- name: Create PostgreSQL users and databases
  become: yes
  become_user: postgres
  community.postgresql.postgresql_user:
    name: "{{ item.name }}"
    password: "{{ item.password }}"
    state: present
  loop: "{{ postgresql_users }}"
  tags: postgresql

- name: Create PostgreSQL databases
  become: yes
  become_user: postgres
  community.postgresql.postgresql_db:
    name: "{{ item.name }}"
    owner: "{{ item.owner }}"
    state: present
  loop: "{{ postgresql_databases }}"
  tags: postgresql

- name: Create postgres_exporter user for monitoring
  become: yes
  become_user: postgres
  community.postgresql.postgresql_user:
    name: "{{ postgres_exporter_user }}"
    password: "{{ postgres_exporter_password }}"
    state: present
  tags: postgresql

- name: Grant permissions to postgres_exporter user
  become: yes
  become_user: postgres
  community.postgresql.postgresql_privs:
    database: postgres
    state: present
    privs: CONNECT
    type: database
    roles: "{{ postgres_exporter_user }}"
  tags: postgresql

- name: Configure UFW for PostgreSQL
  ufw:
    rule: allow
    port: "{{ postgresql_port }}"
    proto: tcp
    comment: "PostgreSQL"
  tags: postgresql