---
# PostgreSQL setup tasks

- name: Install PostgreSQL
  ansible.builtin.apt:
    name:
      - "postgresql-{{ postgres_version }}"
      - "postgresql-contrib-{{ postgres_version }}"
      - python3-psycopg2
    state: present
    update_cache: yes
  become: yes

- name: Ensure PostgreSQL is started and enabled
  ansible.builtin.systemd:
    name: postgresql
    state: started
    enabled: yes
  become: yes

- name: Create PostgreSQL data directory
  ansible.builtin.file:
    path: "{{ postgres_data_dir }}"
    state: directory
    owner: postgres
    group: postgres
    mode: '0700'
  become: yes
  when: forgejo_use_external_volume | bool

- name: Check if PostgreSQL database exists
  ansible.builtin.command:
    cmd: psql -U postgres -lqt
  register: postgres_db_list
  changed_when: false
  become: yes
  become_user: postgres

- name: Create Forgejo PostgreSQL database
  community.postgresql.postgresql_db:
    name: "{{ forgejo_db_name }}"
    encoding: UTF8
    lc_collate: en_US.UTF-8
    lc_ctype: en_US.UTF-8
    template: template0
    state: present
  become: yes
  become_user: postgres
  when: forgejo_db_name not in postgres_db_list.stdout

- name: Create Forgejo PostgreSQL user
  community.postgresql.postgresql_user:
    name: "{{ forgejo_db_user }}"
    password: "{{ forgejo_db_password }}"
    state: present
  become: yes
  become_user: postgres
  no_log: yes

- name: Grant database privileges to Forgejo user
  community.postgresql.postgresql_privs:
    database: "{{ forgejo_db_name }}"
    roles: "{{ forgejo_db_user }}"
    type: database
    privs: ALL
  become: yes
  become_user: postgres

- name: Grant schema privileges to Forgejo user
  community.postgresql.postgresql_privs:
    database: "{{ forgejo_db_name }}"
    roles: "{{ forgejo_db_user }}"
    type: schema
    objs: public
    privs: ALL
  become: yes
  become_user: postgres

- name: Set Forgejo user as owner of public schema
  community.postgresql.postgresql_owner:
    db: "{{ forgejo_db_name }}"
    new_owner: "{{ forgejo_db_user }}"
    obj_name: public
    obj_type: schema
  become: yes
  become_user: postgres

- name: Configure PostgreSQL for optimal performance
  ansible.builtin.lineinfile:
    path: "/etc/postgresql/{{ postgres_version }}/main/postgresql.conf"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: present
  become: yes
  loop:
    - { regexp: '^max_connections', line: "max_connections = {{ postgres_max_connections }}" }
    - { regexp: '^shared_buffers', line: "shared_buffers = {{ postgres_shared_buffers }}" }
    - { regexp: '^effective_cache_size', line: "effective_cache_size = {{ postgres_effective_cache_size }}" }
    - { regexp: '^maintenance_work_mem', line: "maintenance_work_mem = 128MB" }
    - { regexp: '^checkpoint_completion_target', line: "checkpoint_completion_target = 0.9" }
    - { regexp: '^wal_buffers', line: "wal_buffers = 16MB" }
    - { regexp: '^default_statistics_target', line: "default_statistics_target = 100" }
    - { regexp: '^random_page_cost', line: "random_page_cost = 1.1" }
    - { regexp: '^effective_io_concurrency', line: "effective_io_concurrency = 200" }
    - { regexp: '^work_mem', line: "work_mem = 8MB" }
    - { regexp: '^min_wal_size', line: "min_wal_size = 1GB" }
    - { regexp: '^max_wal_size', line: "max_wal_size = 4GB" }
  notify: Restart PostgreSQL

- name: Configure PostgreSQL to listen on all interfaces
  ansible.builtin.lineinfile:
    path: "/etc/postgresql/{{ postgres_version }}/main/postgresql.conf"
    regexp: "^#?listen_addresses"
    line: "listen_addresses = '*'"
    state: present
  become: yes
  notify: Restart PostgreSQL

- name: Configure PostgreSQL authentication
  ansible.builtin.lineinfile:
    path: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
    state: present
  become: yes
  loop:
    - regexp: '^local\s+all\s+postgres'
      line: 'local   all             postgres                                peer'
    - regexp: '^local\s+all\s+all'
      line: 'local   all             all                                     peer'
    - regexp: '^host\s+all\s+all\s+127\.0\.0\.1'
      line: 'host    all             all             127.0.0.1/32            scram-sha-256'
    - regexp: '^host\s+all\s+all\s+::1'
      line: 'host    all             all             ::1/128                 scram-sha-256'
  notify: Restart PostgreSQL

- name: Allow Docker network to connect to PostgreSQL
  ansible.builtin.lineinfile:
    path: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
    line: 'host    all             all             172.16.0.0/12           scram-sha-256'
    insertafter: '^host\s+all\s+all\s+127'
    state: present
  become: yes
  notify: Restart PostgreSQL

- name: Enable PostgreSQL extensions
  community.postgresql.postgresql_ext:
    name: "{{ item }}"
    db: "{{ forgejo_db_name }}"
    state: present
  become: yes
  become_user: postgres
  loop:
    - pg_trgm
    - btree_gin

- name: Create PostgreSQL backup script
  ansible.builtin.template:
    src: postgres_backup.sh.j2
    dest: /usr/local/bin/postgres_backup.sh
    mode: '0755'
  become: yes
  when: forgejo_enable_backups | bool