---
- name: postgresql-ssl-config | TLS configuration
  when: psql_enable_ssl
  tags: ['postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf']
  block:
    - name: postgresql-ssl-config | Setup SSL in the postgresql configuration
      become: true
      become_user: postgres
      community.postgresql.postgresql_set:
        name: '{{ item.name }}'
        value: "{{ item.value }}"
      loop: '{{ psql_conf_ssl_parameters }}'
      notify: Restart postgresql

    - name: postgresql-ssl-config | Create the pki directory to store the private key
      ansible.builtin.file:
        dest: /etc/pki/postgresql
        state: directory
        owner: postgres
        group: postgres
        mode: '0750'

    - name: postgresql-ssl-config | Create a postgres accessible ssl key file if it does not exist
      ansible.builtin.copy:
        src: "{{ psql_ssl_privkey_global_file }}"
        dest: "{{ psql_ssl_privkey_file }}"
        owner: postgres
        group: postgres
        mode: '0400'
        remote_src: true

- name: postgresql-ssl-config | Disable the TLS configuration
  when: not psql_enable_ssl
  tags: ['postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf']
  block:
    - name: postgresql-ssl-config | Disable SSL in the postgresql configuration
      become: true
      become_user: postgres
      community.postgresql.postgresql_set:
        name: '{{ item.name }}'
        value: "{{ item.value }}"
      loop: '{{ psql_conf_disable_ssl_parameters }}'
      notify: Restart postgresql