---
- name: Deploy PgAdmin
  hosts: ubuntu
  tasks:
  - name: Check if host has pgadmin service
    ansible.builtin.set_fact:
      has_pgadmin_service: "{{'pgadmin' in services}}"

  - name: Skip hosts without pgadmin service
    ansible.builtin.meta: end_host
    when: not has_pgadmin_service

  - name: Add PgAdmin repository
    become: true
    ansible.builtin.deb822_repository:
      name: pgadmin4
      types: [deb]
      uris: https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt/{{ansible_distribution_release}}
      suites: [pgadmin4]
      components: [main]
      signed_by: https://www.pgadmin.org/static/packages_pgadmin_org.pub
      state: present

  - name: Install PgAdmin
    become: true
    ansible.builtin.apt:
      name: pgadmin4-web
      state: present
      update_cache: true

  # -------------------------------------------------------------------------
  # SSL Certificate Distribution for External PostgreSQL Connections
  # -------------------------------------------------------------------------

  - name: Create PGadmin certs directory
    become: true
    ansible.builtin.file:
      path: /var/lib/pgadmin/certs
      state: directory
      owner: www-data
      group: www-data
      mode: '0750'

  - name: Fetch Titania PostgreSQL SSL cert
    become: true
    ansible.builtin.fetch:
      src: /etc/postgresql/17/main/ssl/server.crt
      dest: /tmp/titania-postgres-ca.crt
      flat: yes
    delegate_to: titania.incus
    when: "'titania.incus' in groups['ubuntu']"

  - name: Copy Titania PostgreSQL SSL cert to PGadmin
    become: true
    ansible.builtin.copy:
      src: /tmp/titania-postgres-ca.crt
      dest: /var/lib/pgadmin/certs/titania-postgres-ca.crt
      owner: www-data
      group: www-data
      mode: '0644'
    when: "'titania.incus' in groups['ubuntu']"