---
- name: Give access to the remote postgresql client
  lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
  with_subelements: 
    - '{{ psql_db_data | default([]) }}'
    - allowed_hosts
  when:
    - psql_listen_on_ext_int
    - psql_db_data is defined
    - item.1 is defined
    - not psql_force_ssl_client_connection
  notify: Reload postgresql
  tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]

- name: Give access to the remote postgresql client, force ssl
  lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^host.* {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="hostssl {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5"
  with_subelements: 
    - '{{ psql_db_data | default([]) }}'
    - allowed_hosts
  when:
    - psql_listen_on_ext_int
    - psql_db_data is defined
    - item.1 is defined
    - psql_force_ssl_client_connection
  notify: Reload postgresql
  tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]

# No conditionals, it is needed to perform base backups when the WAL archive is active
- name: Give local access with replication privileges to the postgres user
  lineinfile: name={{ psql_conf_dir }}/pg_hba.conf regexp="^local replication postgres peer" line="local replication postgres peer"
  notify: Reload postgresql
  tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_db' ]

- name: Set the postgresql listen port
  action: configfile path={{ psql_conf_dir }}/postgresql.conf key=port value="{{ psql_db_port }}"
  register: restart_postgresql
  tags: [ 'postgresql', 'postgres', 'pg_conf' ]

- name: We want postgres listen on the public IP
  action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'*'"
  register: restart_postgresql
  when:
    - psql_listen_on_ext_int
    - psql_db_data is defined
  tags: [ 'postgresql', 'postgres', 'pg_conf' ]

- name: If postgresql is only accessed from localhost make it listen only on the localhost interface
  action: configfile path={{ psql_conf_dir }}/postgresql.conf key=listen_addresses value="'localhost'"
  register: restart_postgresql
  when:
    - not psql_listen_on_ext_int
    - psql_db_data is defined
  tags: [ 'postgresql', 'postgres', 'pg_conf' ]

- name: Log the connections
  action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_connections value="on"
  register: restart_postgresql
  when: psql_db_data is defined
  tags: [ 'postgresql', 'postgres', 'pg_conf' ]

- name: Log the disconnections
  action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_disconnections value="on"
  register: restart_postgresql
  when: psql_db_data is defined
  tags: [ 'postgresql', 'postgres', 'pg_conf' ]

- name: Log the hostnames
  action: configfile path={{ psql_conf_dir }}/postgresql.conf key=log_hostname value="on"
  register: restart_postgresql
  when:
    - psql_listen_on_ext_int
    - psql_db_data is defined
  tags: [ 'postgresql', 'postgres', 'pg_conf' ]

- name: Set the correct permissions to the postgresql files
  file: dest={{ psql_conf_dir }}/{{ item }} owner=root group=postgres mode=0640
  with_items:
    - pg_hba.conf
    - postgresql.conf
  tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]

- name: Restart the postgresql server after changing parameters that need a restart
  service: name=postgresql state=restarted
  when:
    - postgresql_enabled
    - ( restart_postgresql is defined ) and ( restart_postgresql | changed )
  tags: [ 'postgresql', 'postgres', 'pg_hba', 'pg_conf' ]