- name: PostgreSQL set defaults
  template:
        src: "config.conf"
        dest: "/etc/postgresql/{{ postgres.version }}/main/postgresql.conf"
        follow: yes
  notify: Run service actions
  tags:
        - postgres
        - configs
- name: Set root user password
  become: yes
  become_user: postgres
  postgresql_user:
        port: '{{ postgres.port }}'
        db: postgres
        name: "{{ vault_postgres.user }}"
        password: "{{ vault_postgres.password }}"
  tags:
        - postgres
        - vault
- name: Create users
  become: yes
  become_user: postgres
  postgresql_user:
        port: '{{ postgres.port }}'
        db: postgres
        name: '{{ item }}'
        role_attr_flags: "LOGIN,NOSUPERUSER,NOCREATEROLE,NOCREATEDB,NOREPLICATION,NOINHERIT"
        password: "{{ vault_postgres.dbpass[item] }}"
  loop: "{{ postgres.databases }}"
  tags:
        - postgres
        - vault
- name: Create databases
  become: yes
  become_user: postgres
  postgresql_db:
        name: '{{ item }}'
        owner: '{{ item }}'
  loop: "{{ postgres.databases }}"
  tags:
        - postgres
        - vault
- name: Allow users on the private IP subnet to connect to PGSQL
  postgresql_pg_hba:
        contype: host
        dest: '/etc/postgresql/12/main/pg_hba.conf'
        source: "{{(ansible_ens10.ipv4.address + '/' + '8')}}" # NOTE: Using ansible_ens10.ipv4.netmask and converting it will result in a /32 mask because the interface doesn't offer information about the mask
  notify: Run service actions
  tags:
        - postgres