---

- name: Check params
  ansible.builtin.assert:
    that:
      - postgres_username is defined
      - postgres_database is defined
      - not(postgres_access_host is defined and postgres_password is defined)

- name: Set up PostgreSQL
  ansible.builtin.include_role:
    name: postgresql-server

- name: Create user
  community.postgresql.postgresql_user:
    name: "{{ postgres_username }}"
    password: "{{ postgres_password | default(omit) }}"
  become: true
  become_user: postgres

- name: Create postgres_database
  community.postgresql.postgresql_db:
    name: "{{ postgres_database }}"
    owner: "{{ postgres_username }}"
  become: true
  become_user: postgres
    

- name: Update pg_hba scram
  community.postgresql.postgresql_pg_hba:
    contype: host
    users: "{{ postgres_username }}"
    source: "{{ postgres_access_host }}"
    databases: "{{ postgres_database }}"
    method: "scram-sha-256"
  when: postgres_access_host is defined
  notify: Restart PostgreSQL