---

- name: Grafana | add GPG signing key
  become: true
  ansible.builtin.apt_key:
    url: "https://apt.grafana.com/gpg.key"
    state: present
    validate_certs: true

- name: Grafana | add official repository
  become: true
  ansible.builtin.apt_repository:
    repo: "deb https://apt.grafana.com stable main"
    state: present
    filename: grafana
    update_cache: true
  tags: install

- name: Grafana | establish dependencies
  become: true
  ansible.builtin.apt:
    name: "{{ item }}"
    state: present
  loop: ["grafana"]
  tags: install

- name: Grafana | Configure PostgreSQL database
  community.general.postgresql_db:
    name: "{{ ha_pg_grafana_db_name }}"
    template: template0
    encoding: utf8
  become: true
  become_user: postgres

- name: Grafana | Configure PostgreSQL user
  community.general.postgresql_user:
    db: "{{ ha_pg_grafana_db_name }}"
    name: "{{ ha_pg_grafana_db_user }}"
    password: "{{ ha_pg_grafana_db_pass }}"
  become: true
  become_user: postgres

- name: Grafana | GRANT ALL PRIVILEGES ON SCHEMA public TO {{ pgadmin4_db_user }}
  community.postgresql.postgresql_privs:
    db: "{{ ha_pg_grafana_db_name }}"
    privs: ALL
    type: schema
    objs: public
    role: "{{ ha_pg_grafana_db_user }}"
  become: true
  become_user: postgres

- name: GRANT SELECT PRIVILEGES ON DATABASE {{ ha_pg_db_name }} TO {{ ha_pg_grafana_db_user }}
  community.general.postgresql_privs:
    db: "{{ ha_pg_db_name }}"
    privs: SELECT
    type: table
    objs: statistics,statistics_meta
    role: "{{ ha_pg_grafana_db_user }}"
  become: true
  become_user: postgres
  ignore_errors: true

- name: Grafana | install config file
  ansible.builtin.template:
    src: grafana.ini.j2
    dest: "/etc/grafana/grafana.ini"
    owner: root
    group: root
    mode: "0644"
  notify: Restart grafana

- name: Grafana | Start service
  ansible.builtin.service:
    name: grafana-server
    state: started
    enabled: true