- name: create db in postgres
  community.postgresql.postgresql_db:
    name: pdns
  notify:
    - create db schema

- meta: flush_handlers # schema must be created before permission grants happen

- name: create postgres pdns user
  community.postgresql.postgresql_user:
    name: pdns
    db: pdns
    password: "{{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname + '/pg-pdns-password.txt', length=15) }}"

- name: grant postgres pdns user permissions
  community.postgresql.postgresql_privs:
    database: pdns
    roles: pdns
    type: "{{ item }}"
    privs: all
    objs: ALL_IN_SCHEMA
  with_items: ["table", "sequence"]

- name: create subscription
  community.postgresql.postgresql_subscription:
    db: pdns
    name: pdns_{{ ansible_hostname }}
    publications: pdns
    connparams:
      host: 10.6.0.1
      port: 5432
      user: "replication"
      password: "{{ lookup('ansible.builtin.password', 'secrets/pg-replication-password.txt', length=15) }}"
      dbname: pdns
    subsparams:
      copy_data: true