---

- name: PgAdmin 4 | add GPG signing key
  become: true
  ansible.builtin.apt_key:
    url: "https://www.pgadmin.org/static/packages_pgadmin_org.pub"
    state: present
    validate_certs: true
  tags: install

- name: PgAdmin 4 | add official repository
  become: true
  ansible.builtin.apt_repository:
    repo: "deb https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt/bookworm pgadmin4 main"
    state: present
    filename: pgadmin4
    update_cache: true
  tags: install

- name: PgAdmin 4 | establish dependencies
  become: true
  ansible.builtin.apt:
    name: "{{ item }}"
    state: present
  tags: install
  loop: ["pgadmin4-server", "uwsgi-core", "uwsgi-plugin-python3", "python3-pexpect"]

- name: PgAdmin 4 | Configure PostgreSQL database
  community.general.postgresql_db:
    name: "{{ pgadmin4_db_database }}"
    template: template0
    encoding: utf8
  become: true
  become_user: postgres
  register: pgadmin4_db

- name: PgAdmin 4 | Configure PostgreSQL user
  community.general.postgresql_user:
    db: "{{ pgadmin4_db_database }}"
    name: "{{ pgadmin4_db_user }}"
    password: "{{ pgadmin4_db_password }}"
  become: true
  become_user: postgres

- name: PgAdmin 4 | Configure PostgreSQL user privileges
  community.postgresql.postgresql_privs:
    database: "{{ pgadmin4_db_database }}"
    state: present
    privs: ALL
    type: database
    role: "{{ pgadmin4_db_user }}"
  become: true
  become_user: postgres

- name: PgAdmin 4 | GRANT ALL PRIVILEGES ON SCHEMA public TO {{ pgadmin4_db_user }}
  community.postgresql.postgresql_privs:
    db: "{{ pgadmin4_db_database }}"
    privs: ALL
    type: schema
    objs: public
    role: "{{ pgadmin4_db_user }}"
  become: true
  become_user: postgres

- name: Create user
  ansible.builtin.user:
    name: "{{ pgadmin4_user }}"
    comment: "pgAdmin 4"
    createhome: false
    system: true
    shell: "/sbin/nologin"

- name: PgAdmin 4 | create config directory
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    mode: "02775"
    owner: "root"
    group: "root"
  with_items:
    - "{{ pgadmin4_conf_dir }}"

- name: PgAdmin 4 | install config file
  ansible.builtin.template:
    src: config_system.py.j2
    dest: "{{ pgadmin4_conf_dir }}/config_system.py"
    owner: root
    group: root
    mode: "0644"
  notify: Restart pgadmin4

- name: PgAdmin 4 | install systemd unit file
  ansible.builtin.template:
    src: pgadmin4.service.j2
    dest: "/etc/systemd/system/pgadmin4.service"
    owner: root
    group: root
    mode: "0644"
  notify: Restart pgadmin4

- name: PgAdmin 4 | enable service
  ansible.builtin.service:
    name: pgadmin4
    enabled: true

- name: PgAdmin 4 | setup pgadmin # noqa: no-handler
  ansible.builtin.expect:
    command: /bin/bash -c "/usr/pgadmin4/venv/bin/python3 /usr/pgadmin4/web/setup.py setup-db"
    chdir: /usr/pgadmin4/web/
    echo: true
    timeout: 300
    responses:
      'Email\ address:': "{{ pgadmin4_initial_user_email | trim }}"
      'Password:': "{{ pgadmin4_initial_user_password | trim }}"
      'Retype\ password:': "{{ pgadmin4_initial_user_password | trim }}"
      'Do\ you\ wish\ to\ continue\ \(y/n\)\?': "y"
      'Would\ you\ like\ to\ continue\ \(y/n\)\?': "y"
  when: pgadmin4_db.changed
  notify: Restart pgadmin4