- name: adminapi - system user
  user:
    name: adminapi
    groups: root,admin,envoy,kong,pgbouncer,postgres,postgrest,systemd-journal,vector,wal-g
    append: yes

- name: Move shell scripts to /root dir
  copy:
    src: "files/admin_api_scripts/{{ item.file }}"
    dest: "/root/{{ item.file }}"
    mode: "0700"
    owner: root
  loop:
    - { file: "grow_fs.sh" }
    - { file: "manage_readonly_mode.sh" }
    - { file: "pg_egress_collect.pl" }

- name: give adminapi user permissions
  copy:
    src: files/adminapi.sudoers.conf
    dest: /etc/sudoers.d/adminapi
    mode: "0644"

- name: perms for adminapi
  shell: |
    chmod g+w /etc

- name: Setting arch (x86)
  set_fact:
    arch: "x86"
  when: platform == "amd64"

- name: Setting arch (arm)
  set_fact:
    arch: "arm64"
  when: platform == "arm64"

- name: Download adminapi archive
  get_url:
    url: "https://supabase-public-artifacts-bucket.s3.amazonaws.com/supabase-admin-api/v{{ adminapi_release }}/supabase-admin-api_{{ adminapi_release }}_linux_{{ arch }}.tar.gz"
    dest: "/tmp/adminapi.tar.gz"
    timeout: 90

- name: adminapi - unpack archive in /opt
  unarchive:
    remote_src: yes
    src: /tmp/adminapi.tar.gz
    dest: /opt
    owner: adminapi

- name: adminapi - config dir
  file:
    path: /etc/adminapi
    owner: adminapi
    state: directory

- name: adminapi - pg_upgrade scripts dir
  file:
    path: /etc/adminapi/pg_upgrade_scripts
    owner: adminapi
    state: directory

- name: Move shell scripts to /etc/adminapi/pg_upgrade_scripts/
  copy:
    src: "files/admin_api_scripts/pg_upgrade_scripts/{{ item.file }}"
    dest: "/etc/adminapi/pg_upgrade_scripts/{{ item.file }}"
    mode: "0755"
    owner: adminapi
  loop:
    - { file: "check.sh" }
    - { file: "complete.sh" }
    - { file: "initiate.sh" }
    - { file: "prepare.sh" }
    - { file: "pgsodium_getkey.sh" }
    - { file: "common.sh" }

- name: adminapi - create service file
  template:
    src: files/adminapi.service.j2
    dest: /etc/systemd/system/adminapi.service

- name: adminapi - create service file for commence backup process
  template:
     src: files/commence-backup.service.j2
     dest: /etc/systemd/system/commence-backup.service

- name: UFW - Allow connections to adminapi ports
  ufw:
    rule: allow
    port: "8085"

- name: adminapi - reload systemd
  systemd:
    daemon_reload: yes

- name: adminapi - grant extra priviliges to user
  shell: chmod 775 /etc && chmod 775 /etc/kong