# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create database user '{{ db_vars.username }}'
  community.postgresql.postgresql_user:
    name: "{{ db_vars.username }}"
    password: "{{ db_vars.password }}"
    state: present
  environment:
    PGOPTIONS: '-c password_encryption=scram-sha-256'

- name: Create database '{{ db_name }}'
  community.postgresql.postgresql_db:
    name: "{{ db_name }}"
    owner: "{{ db_vars.username }}"
    template: template0
    encoding: UTF-8
    state: present

- name: Grant all priviliges to owner on database '{{ db_name }}'
  community.postgresql.postgresql_privs:
    database: "{{ db_name }}"
    roles: "{{ db_vars.username }}"
    privs: ALL
    state: present

- name: Allow connections to database '{{ db_name }}'
  community.postgresql.postgresql_pg_hba:
    dest: "{{ postgresql_pgdata }}/pg_hba.conf"
    contype: host
    users: "{{ db_vars.username }}"
    databases: "{{ db_name }}"
    source: "{{ internal_subnet }}"
    method: scram-sha-256
    state: present
  notify: Reload PostgreSQL