- name: PostgreSQL listen on private subnet
  replace:
        path: /etc/postgresql/12/main/postgresql.conf
        regexp: "(#?)listen_addresses = '.*'"
        replace: "listen_addresses = '{{ ansible_ens10.ipv4.address }},localhost'"
  notify: Run service actions
  tags:
        - postgres
- name: Set root user password
  become: yes
  become_user: postgres
  postgresql_user:
        port: '{{ services.postgres.port }}'
        db: postgres
        name: "{{ postgres.user }}"
        password: "{{ postgres.password }}"
  tags:
        - postgres
        - vault
- name: Create users
  become: yes
  become_user: postgres
  postgresql_user:
        port: '{{ services.postgres.port }}'
        db: postgres
        name: '{{ item }}'
        role_attr_flags: "LOGIN,NOSUPERUSER,NOCREATEROLE,NOCREATEDB,NOREPLICATION,NOINHERIT"
        password: "{{ postgres.dbpass[item] }}"
  loop: "{{ services.postgres.databases }}"
  tags:
        - postgres
        - vault
- name: Create databases
  become: yes
  become_user: postgres
  postgresql_db:
        name: '{{ item }}'
        owner: '{{ item }}'
  loop: "{{ services.postgres.databases }}"
  tags:
        - postgres
        - vault
- name: Allow users on the private IP subnet to connect to PGSQL
  postgresql_pg_hba:
        contype: host
        dest: '/etc/postgresql/12/main/pg_hba.conf'
        source: "{{(ansible_ens10.ipv4.address + '/' + '8')}}" # NOTE: Using ansible_ens10.ipv4.netmask and converting it will result in a /32 mask because the interface doesn't offer information about the mask
  notify: Run service actions
  tags:
        - postgres