- name: create db in postgres
  community.postgresql.postgresql_db:
    name: pdns
  notify:
    - create db schema

- meta: flush_handlers # schema must be created before permission grants happen

- name: create postgres pdns user
  community.postgresql.postgresql_user:
    name: pdns
    db: pdns
    password: "{{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname + '/pg-pdns-password.txt', length=15) }}"

- name: grant postgres pdns user permissions
  community.postgresql.postgresql_privs:
    database: pdns
    roles: pdns
    type: "{{ item }}"
    privs: all
    objs: ALL_IN_SCHEMA
  with_items: ["table", "sequence"]

- name: create postgres replication user
  community.postgresql.postgresql_user:
    name: replication
    password: "{{ lookup('ansible.builtin.password', 'secrets/pg-replication-password.txt', length=15) }}"
    role_attr_flags: replication

- name: grant postgres replication user permissions
  community.postgresql.postgresql_privs:
    database: pdns
    roles: replication
    type: "{{ item }}"
    privs: all
    objs: ALL_IN_SCHEMA
  with_items: ["table", "sequence"]

- name: create postgresql publication
  community.postgresql.postgresql_publication:
    db: pdns
    name: pdns