---
- name: This playbook installs and setups postgresql
  hosts: aws
  become: true
  vars_files:
    - ../vars/secrets.yml
  vars:
    postgresql_user: gitea
    postgresql_db: giteadb
  tasks:
    - name: install postgresql
      apt:
        name: "{{item}}"
      loop:
        - postgresql
        - postgresql-contrib
        - libpq-dev
        - python3-dev
        - python3-pip
        - acl

    - name: install pyscopg python module
      ansible.builtin.pip:
        name: psycopg2

    - name: enable the postgresql service
      service:
        name: postgresql
        enabled: true

    - name: start the postgresql service
      service:
        name: postgresql
        state: started

    - name: create giteadb database
      become_user: postgres
      community.postgresql.postgresql_db:
        name: "{{postgresql_db}}"
        encoding: UTF-8
        lc_collate: en_US.UTF-8
        lc_ctype: en_US.UTF-8
        template: template0

    - name: create user gitea
      become_user: postgres
      community.postgresql.postgresql_user:
        name: "{{postgresql_user}}"
        password: "{{postgresql_password}}"
      environment:
        PGOPTIONS: "-c password_encryption=scram-sha-256"

    - name: grant priviledges to giteadb to user gitea
      become_user: postgres
      community.postgresql.postgresql_privs:
        db: giteadb
        privs: ALL
        type: database
        role: gitea

    - name: let gitea authenticate as a peer
      ansible.builtin.lineinfile:
        path: /etc/postgresql/14/main/pg_hba.conf
        regexp: "^local.*all.*all.*peer"
        line: "local    all     all     scram-sha-256"