- name: ensure postgresql-server is installed
  package:
    name: postgresql-server
    state: present
  tags:
  - install

- name: restore postgresql data directory from backup
  command: >-
    {{ postgresql_restore_command }}
  args:
    creates: '{{ pgdata_dir }}/PG_VERSION'
  when: postgresql_restore_command|d(none)
  notify:
  - create postgresql server recovery signal file
  tags:
  - restore

- name: ensure postgresql data directory exists
  file:
    path: '{{ pgdata_dir }}'
    owner: postgres
    group: postgres
    mode: u=rwx,go=
    state: directory
  tags:
  - initdb
- name: ensure postgresql database cluster is initialized
  command:
    runuser -u postgres -- initdb {{ pgdata_dir }}
  args:
    creates: '{{ pgdata_dir }}/PG_VERSION'
  tags:
  - initdb

- name: ensure default configuration files are removed from data directory
  file:
    path: '{{ pgdata_dir }}/{{ item }}'
    state: absent
  when: pgdata_dir != postgresql_config_dir
  loop:
  - postgresql.conf
  - pg_hba.conf
  - pg_ident.conf
  tags:
  - config

- name: ensure postgresql configuration directory exists
  file:
    path: '{{ postgresql_config_dir }}'
    owner: root
    group: postgres
    mode: u=rwx,g=rx,o=
    state: directory
  when: postgresql_config_dir != pgdata_dir
  tags:
  - config
- name: ensure postgresql server is configured
  template:
    src: postgresql.conf.j2
    dest: '{{ postgresql_config_dir }}/postgresql.conf'
    owner: root
    group: postgres
    mode: u=rw,g=r,o=
  notify: restart postgresql server
  tags:
  - config
- name: ensure postgresql identity mapping is configured
  template:
    src: pg_ident.conf.j2
    dest: '{{ postgresql_config_dir }}/pg_ident.conf'
    owner: root
    group: postgres
    mode: u=rw,g=r,o=
    setype: postgresql_db_t
  tags:
  - config
- name: ensure postgresql host-based authentication is configured
  template:
    src: pg_hba.conf.j2
    dest: '{{ postgresql_config_dir }}/pg_hba.conf'
    owner: root
    group: postgres
    mode: u=rw,g=r,o=
    setype: postgresql_db_t
  notify: reload postgresql server
  tags:
  - config
  - pg_hba

- name: ensure postgresql server standby signal file exists
  file:
    path: '{{ pgdata_dir }}/standby.signal'
    state: >-
      {{ 'touch' if postgresql_standby|d(false) else 'absent' }}
    owner: root
    group: root
    mode: u=rw,go=r
  tags:
  - config

- name: ensure postgresql server certificate is installed
  copy:
    src: '{{ item }}'
    dest: '{{ postgresql_config_dir }}/{{ item|basename }}'
    owner: postgres
    group: postgres
    mode: u=rw,go=
  with_fileglob: 'certs/postgresql/{{ inventory_hostname }}/*'
  tags:
  - cert

- name: ensure postgresql systemd unit drop-in directory exists
  file:
    path: /etc/systemd/system/postgresql.service.d
    owner: root
    group: root
    state: directory
  tags:
  - systemd
- name: ensure postgresql systemd unit extension is configured
  template:
    src: pgdata.systemd.conf.j2
    dest: /etc/systemd/system/postgresql.service.d/pgdata.conf
    owner: root
    group: root
  notify:
  - reload systemd
  - restart postgresql server
  tags:
  - systemd

- name: ensure postgresql starts at boot
  service:
    name: postgresql
    enabled: true
- name: flush handlers
  meta: flush_handlers
- name: ensure postgresql server is running
  service:
    name: postgresql
    state: started

- name: ensure firewall is configured for postgresql
  firewalld:
    service: postgresql
    state: >-
      {{ 'enabled' if postgresql_allow_remote else 'disabled' }}
    permanent: true
    immediate: true
  when: host_uses_firewalld|d(true)
  tags:
  - firewalld