---
- name: Open firewall for PGDG repository
  replace:
    name: /etc/default/minifirewall
    regexp: "^(HTTPSITES='((?!apt\\.postgresql\\.org|0\\.0\\.0\\.0).)*)'$"
    replace: "\\1 apt.postgresql.org'"
  notify: Restart minifirewall

- meta: flush_handlers

- name: Add PGDG GPG key
  copy:
    src: postgresql.asc
    dest: "{{ apt_keyring_dir }}/postgresql.asc"
    force: yes
    mode: "0644"
    owner: root
    group: root

- name: Add PGDG repository (Debian <12)
  apt_repository:
    repo: "deb [signed-by={{ apt_keyring_dir }}/postgresql.asc] http://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"
    filename: postgresql
    update_cache: yes
  when: ansible_distribution_major_version is version('12', '<')

- name: Add PGDG repository (Debian >=12)
  ansible.builtin.template:
    src: postgresql.sources.j2
    dest: /etc/apt/sources.list.d/postgresql.sources
    state: present
  register: postgresql_sources
  when: ansible_distribution_major_version is version('12', '>=')

- name: Update APT cache
  ansible.builtin.apt:
    update_cache: yes
  when: elastic_sources is changed

- name: Add APT preference file
  template:
    src: postgresql.pref.j2
    dest: /etc/apt/preferences.d/postgresql.pref
    mode: "0644"