---
- name: Check if required variables are defined
  ansible.builtin.fail:
    msg: "{{ item }} is not defined or empty"
  when: |
    (vars[item] is undefined)
    or (vars[item] is none)
    or (vars[item] | trim | length == 0)    
  with_items:
    - gitea_db_name
    - gitea_db_user
    - gitea_db_password
    - gitea_server_ip
    - gitea_db_server_password_encryption

- name: Install dependencies
  dnf:
    name:
      - glibc-langpack-en
      - python3-psycopg2
    state: present

- name: Create Gitea database
  community.postgresql.postgresql_db:
    name: "{{ gitea_db_name }}"
    template: template0
    encoding: UTF8
    lc_collate: en_US.UTF-8
    lc_ctype: en_US.UTF-8
  become: true
  become_user: postgres

- name: Create Gitea database user
  community.postgresql.postgresql_user:
    db: "{{ gitea_db_name }}"
    name: "{{ gitea_db_user }}"
    password: "{{ gitea_db_password }}"
  environment:
    PGOPTIONS: "-c password_encryption=scram-sha-256"
  become: true
  become_user: postgres

- name: Get PostgreSQL server version
  community.postgresql.postgresql_info:
    filter: ver*
  become: true
  become_user: postgres
  register: postgres_version

- name: GRANT USAGE, CREATE PRIVILEGES ON SCHEMA public TO gitea_db_user
  community.postgresql.postgresql_privs:
    db: "{{ gitea_db_name }}"
    privs: USAGE,CREATE
    type: schema
    objs: public
    role: "{{ gitea_db_user }}"
  become: true
  become_user: postgres
  when: postgres_version.version.major >= 15

- name: Allow requests from Gitea server
  community.postgresql.postgresql_pg_hba:
    dest: /var/lib/pgsql/data/pg_hba.conf
    contype: host
    databases: "{{ gitea_db_name }}"
    users: "{{ gitea_db_user }}"
    address: "{{ gitea_server_ip }}/32"
    method: "{{ gitea_db_server_password_encryption }}"
  register: pg_hba_status

- name: Restart PostgreSQL
  ansible.builtin.service:
    name: postgresql
    state: restarted
  when: pg_hba_status.changed