---
- name: Open firewall for PGDG repository
  replace:
    name: /etc/default/minifirewall
    regexp: "^(HTTPSITES='((?!apt\\.postgresql\\.org|0\\.0\\.0\\.0).)*)'$"
    replace: "\\1 apt.postgresql.org'"
  notify: Restart minifirewall

- meta: flush_handlers

- name: Look for legacy apt keyring
  stat:
    path: /etc/apt/trusted.gpg
  register: _trusted_gpg_keyring

- name: PGDG embedded GPG key is absent
  apt_key:
    id: "ACCC4CF8"
    keyring: /etc/apt/trusted.gpg
    state: absent
  when: _trusted_gpg_keyring.stat.exists

- name: Add PGDG GPG key
  copy:
    src: postgresql.asc
    dest: /etc/apt/trusted.gpg.d/postgresql.asc
    force: yes
    mode: "0644"
    owner: root
    group: root

- name: Add PGDG repository
  apt_repository:
    repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
    update_cache: yes

- name: Add APT preference file
  template:
    src: postgresql.pref.j2
    dest: /etc/apt/preferences.d/postgresql.pref
    mode: "0644"