---
- name: "Wait until Postgres is listening on port {{ database_port }}"
  wait_for:
    host: 127.0.0.1
    port: "{{ database_port }}"
    delay: 5
    timeout: 300
    state: started

# 1) Create the database
- name: "Create database: {{ database_name }}"
  postgresql_db:
    name: "{{ database_name }}"
    state: present
    login_user: postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host: 127.0.0.1
    login_port: "{{ database_port }}"

# 2) Create the database user (with password)
- name: "Create database user: {{ database_username }}"
  postgresql_user:
    name:           "{{ database_username }}"
    password:       "{{ database_password }}"
    db:             "{{ database_name }}"
    state:          present
    login_user:     postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host:     127.0.0.1
    login_port:     "{{ database_port }}"

# 3) Enable LOGIN for the role (removes NOLOGIN)
- name: "Enable login for role {{ database_username }}"
  postgresql_query:
    db: postgres
    login_user: postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host: 127.0.0.1
    login_port: "{{ database_port }}"
    query: |
      ALTER ROLE "{{ database_username }}"
        WITH LOGIN;

# 4) Grant ALL privileges on all tables in the public schema
- name: "Grant ALL privileges on tables in public schema to {{ database_username }}"
  postgresql_privs:
    db:     "{{ database_name }}"
    role:   "{{ database_username }}"
    objs:   ALL_IN_SCHEMA
    privs:  ALL
    type:   table
    schema: public
    state:  present
    login_user:     postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host:     127.0.0.1
    login_port:     "{{ database_port }}"

# 5) Grant ALL privileges at the database level
- name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
  postgresql_privs:
    db:    "{{ database_name }}"
    role:  "{{ database_username }}"
    type:  database
    privs: ALL
    state: present
    login_user:     postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host:     127.0.0.1
    login_port:     "{{ database_port }}"

# 6) Grant USAGE/CREATE on schema and set default privileges
- name: "Set comprehensive schema privileges for {{ database_username }}"
  postgresql_query:
    db: "{{ database_name }}"
    login_user: postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host: 127.0.0.1
    login_port: "{{ database_port }}"
    query: |
      GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
      GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
      ALTER DEFAULT PRIVILEGES IN SCHEMA public
        GRANT ALL PRIVILEGES ON TABLES TO "{{ database_username }}";

# 7) Ensure PostGIS and related extensions are installed (if enabled)
- name: "Ensure PostGIS-related extensions are installed"
  community.postgresql.postgresql_ext:
    db:         "{{ database_name }}"
    ext:        "{{ item }}"
    state:      present
    login_user:     postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host:     127.0.0.1
    login_port:     "{{ database_port }}"
  loop:
    - postgis
    - pg_trgm
    - unaccent
  when: database_gis_enabled is defined and database_gis_enabled