minilab/collections/ansible_collections/adhdgirl/minilab/roles/postgresql/tasks/main.yaml

---
- name: Load distro-specific variables
  ansible.builtin.include_vars: "{{ item }}"
  tags: always
  with_first_found:
    - files:
        - "{{ ansible_distribution }}.yaml"
      skip: true

- name: Configure Postgress
  block:
    - name: Ensure dependencies are installed
      tags: alpine,postgres,software
      community.general.apk:
        name: "{{ item }}"
        state: present
      loop:
        - postgresql16
        - postgresql16-contrib
        - postgresqu16-openrc
      when: ansible_distribution == 'Alpine'
    - name: Ensure Postgres is started and scheduled to autostart at boot
      tags: alpine,postgres,software
      ansible.builtin.service:
        name: postgresql
        state: started
        enabled: true
      when: ansible_distribution == 'Alpine'
    - name: Ensure an administrative user is available
      tags: postgres,software
      community.general.postgresql_user:
        name: "{{ postgresql_root_user }}"
        password: "{{ postgresql_root_password }}"
    - name: Ensure administrative user has proper permissions
      community.general.postgresql_membership:
        group: pg_read_all_data
        target_role: { { postgresql_root_user } }
        state: present
    - name: Allow hosts on internal network to access the database
      community.general.postgresql_set:
        name: listen_address
        value: "10.69.0.0/16"
      notify: Restart Postgres
    - name: Allow hosts on internal network to access the database
      community.general.postgresql_pg_hba:
        dest: /etc/postgresql16/pg_hba.conf
        contype: host
        databases: all
        users: all
        source: 10.69.0.0/16
        method: md5
        comment: Allow local network devices to access the database
      notify: Restart Postgres
    - name: Ensure databases exist
      community.general.postgresql_db:
        name: "{{ item.dbname }}"
      loop: "{{ postgresql_databases }}"
    - name: Ensure users exist
      community.general.postgresql_user:
        name: "{{ item.owner }}"
        password: "{{ item.pass }}"
        state: present
      loop: "{{ postgresql_databases }}"
    - name: Ensure users have permissions on their databases
      community.general.postgresql_privs:
        login_db: "{{ item.dbname }}"
        state: present
        privs: ALL
        type: database
        obj: "{{ item.dbname }}"
        role: "{{ item.owner }}"

  rescue:
    - name: Set that this task failed # noqa: var-naming[no-role-prefix]
      ansible.builtin.set_fact:
        task_failed: true