---
- name: Install packages
  ansible.builtin.package:
    name: "{{ item }}"
    state: installed
  with_items:
    - mariadb-server
    - python3-PyMySQL

- name: Fix SELinux contexts from data directory
  community.general.sefcontext:
    path: "/export/mariadb(/.*)?"
    setype: mysqld_db_t

- name: Create data directory
  ansible.builtin.file:
    path: /export/mariadb
    state: directory
    mode: "0750"
    owner: mysql
    group: mysql
    setype: _default

- name: Link data diretory
  ansible.builtin.file:
    dest: /srv/mariadb
    src: /export/mariadb
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false

- name: Configure data directory
  ansible.builtin.lineinfile:
    path: /etc/my.cnf.d/mariadb-server.cnf
    regexp: "^datadir=.*"
    line: datadir=/srv/mariadb
  notify: Restart mariadb

- name: Create additional config directory
  ansible.builtin.file:
    path: /etc/mysql
    state: directory
    mode: "0750"
    owner: root
    group: mysql

- name: Allow mysql user to read private key
  ansible.builtin.user:
    name: mysql
    groups: hostkey
    append: true
  notify: Restart mariadb

- name: Create TLS configuration
  ansible.builtin.template:
    dest: /etc/my.cnf.d/tls.cnf
    src: tls.cnf.j2
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart mariadb

- name: Create local configuration
  ansible.builtin.copy:
    dest: /etc/my.cnf.d/local.cnf
    src: local.cnf
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart mariadb

- name: Enable service
  ansible.builtin.service:
    name: mariadb
    state: started
    enabled: true

- name: Set root password
  community.mysql.mysql_user:
    name: root
    password: "{{ mariadb_root_password }}"
    login_user: root
    login_password: "{{ mariadb_root_password }}"
    check_implicit_admin: true
    login_unix_socket: /var/lib/mysql/mysql.sock
  no_log: true
  when: mariadb_root_password is defined

- name: Create root .my.cnf
  ansible.builtin.template:
    dest: /root/.my.cnf
    src: my.cnf.j2
    mode: "0600"
    owner: root
    group: "{{ ansible_wheel }}"
  when: mariadb_root_password is defined

- name: Import sftpuser role
  ansible.builtin.import_role:
    name: sftpuser

- name: Create backup directory
  ansible.builtin.file:
    path: /export/backup
    state: directory
    mode: "02750"
    owner: root
    group: backup

- name: Link backup directory
  ansible.builtin.file:
    path: /srv/backup
    src: /export/backup
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false

- name: Copy backup script
  ansible.builtin.copy:
    dest: /usr/local/sbin/mariadb-backup
    src: mariadb-backup.sh
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"

- name: Create backup cron job
  ansible.builtin.cron:
    name: mariadb-backup
    job: /usr/local/sbin/mariadb-backup
    hour: "0"
    minute: "30"

- name: Add logrotate job for query log
  ansible.builtin.copy:
    dest: /etc/logrotate.d/mariadb-querylog
    src: mariadb-querylog.logrotate
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"

- name: Copy script to check timezone data
  ansible.builtin.copy:
    dest: /usr/local/sbin/mysql_tzinfo_check
    src: mysql_tzinfo_check.sh
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"

- name: Create cron job for checking timezone data
  ansible.builtin.cron:
    name: mysql_tzinfo_check
    job: /usr/local/sbin/mysql_tzinfo_check
    hour: "3"
    minute: "15"