---
- block:
    - name: Setup SSL in the postgresql configuration
      become: True
      become_user: postgres
      action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
      with_items: '{{ psql_conf_ssl_parameters }}'
      notify: Restart postgresql

    - name: Create the pki directory to store the postgresql key
      file: dest=/etc/pki/postgresql state=directory owner=postgres group=postgres mode=0750

    - name: Create a postgres accessible ssl key file if it does not exist
      copy: src={{ psql_ssl_privkey_global_file }} dest={{ psql_ssl_privkey_file }} owner=postgres group=postgres mode=0400 remote_src=True

  when: psql_enable_ssl
  tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]


- block:
    - name: Disable SSL in the postgresql configuration
      become: True
      become_user: postgres
      action: configfile path=/etc/postgresql/{{ psql_version }}/main/postgresql.conf key={{ item.name }} value="'{{ item.value }}'"
      with_items: '{{ psql_conf_disable_ssl_parameters }}'
      notify: Restart postgresql

  when: not psql_enable_ssl
  tags: [ 'postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf' ]