---
- name: install packages
  package:
    name: "{{ item }}"
    state: installed
  with_items:
    - mariadb-server
    - python3-PyMySQL

- name: fix selinux contexts from data directory
  sefcontext:
    path: "/export/mariadb(/.*)?"
    setype: mysqld_db_t

- name: create data directory
  file:
    path: /export/mariadb
    state: directory
    mode: 0750
    owner: mysql
    group: mysql
    setype: _default

- name: link data diretory
  file:
    dest: /srv/mariadb
    src: /export/mariadb
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false

- name: configure data directory
  lineinfile:
    path: /etc/my.cnf.d/mariadb-server.cnf
    regexp: "^datadir=.*"
    line: datadir=/srv/mariadb
  notify: restart mariadb

- name: create additional config directory
  file:
    path: /etc/mysql
    state: directory
    mode: 0750
    owner: root
    group: mysql

- name: allow mysql user to read private key
  user:
    name: mysql
    groups: hostkey
    append: true
  notify: restart mariadb

- name: create tls configuration
  template:
    dest: /etc/my.cnf.d/tls.cnf
    src: tls.cnf.j2
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart mariadb

- name: create local configuration
  copy:
    dest: /etc/my.cnf.d/local.cnf
    content: "[mariadb]\ninnodb_file_per_table=ON\n"
    mode: 0644
    owner: root
    group: "{{ ansible_wheel }}"
  notify: restart mariadb

- name: enable service
  service:
    name: mariadb
    state: started
    enabled: true

- name: set root password
  mysql_user:
    name: root
    password: "{{ mariadb_root_password }}"
    login_user: root
    login_password: "{{ mariadb_root_password }}"
    check_implicit_admin: true
    login_unix_socket: /var/lib/mysql/mysql.sock
  no_log: true
  when: mariadb_root_password is defined

- name: create root .my.cnf
  template:
    dest: /root/.my.cnf
    src: my.cnf.j2
    mode: 0600
    owner: root
    group: "{{ ansible_wheel }}"
  when: mariadb_root_password is defined

- name: import sftpuser role
  import_role:
    name: sftpuser
  vars:
    chroot: /srv/backup
    user: backup
    publickeys: "{{ backup_publickeys }}"

- name: create backup directory
  file:
    path: /export/backup
    state: directory
    mode: 02750
    owner: root
    group: backup

- name: link backup directory
  file:
    path: /srv/backup
    src: /export/backup
    state: link
    owner: root
    group: "{{ ansible_wheel }}"
    follow: false

- name: copy backup script
  copy:
    dest: /usr/local/sbin/mariadb-backup
    src: mariadb-backup.sh
    mode: 0755
    owner: root
    group: "{{ ansible_wheel }}"

- name: create backup cron job
  cron:
    name: mariadb-backup
    job: /usr/local/sbin/mariadb-backup
    hour: "0"
    minute: "30"