---

- name: Install mariadb and mysqltuner
  ansible.builtin.package:
    name:
      - mariadb-server
      - mysqltuner
    state: present

- name: Create mysql directory
  ansible.builtin.file:
    path: /srv/mysql
    owner: mysql
    group: mysql
    state: directory
    mode: "0o755"

- name: Populate mysql directory
  ansible.builtin.command:
    cmd: /usr/bin/mysql_install_db --datadir=/srv/mysql
    creates: /srv/mysql/ibdata1
  become_user: mysql
  become: true
  notify: Restart mariadb

- name: Put mariadb configuration file
  ansible.builtin.template:
    src: 50-server.cnf.j2
    dest: /etc/mysql/mariadb.conf.d/50-server.cnf
    mode: "0o644"
  notify: Restart mariadb

- name: Upgrade debian configuration file
  ansible.builtin.template:
    src: debian.cnf.j2
    dest: /etc/mysql/debian.cnf
    owner: root
    group: root
    mode: "0o600"
  notify: Restart mariadb

- name: Force handlers
  ansible.builtin.meta: flush_handlers

- name: Install python-mysql
  ansible.builtin.package:
    name: python3-pymysql
    state: present

- name: Check if .my.cnf file exists
  ansible.builtin.stat:
    path: /root/.my.cnf
  register: dot_my_cnf

- name: Set root password
  community.mysql.mysql_user:
    login_unix_socket: "/var/run/mysqld/mysqld.sock"
    host: localhost
    name: root
    password: "{{ mariadb_root_pass }}"
  when: not dot_my_cnf.stat.exists

- name: Put .my.cnf file
  ansible.builtin.template:
    src: dot.my.cnf.j2
    dest: ~/.my.cnf
    mode: "0o600"

- name: Set root password (follow-up)
  community.mysql.mysql_user:
    login_user: root
    host: "{{ item }}"
    name: root
    password: "{{ mariadb_root_pass }}"
  loop:
    - "localhost"
    - "127.0.0.1"
    - "::1"

- name: Exec scripted version of mysql_secure_installation
  ansible.builtin.command:
    cmd: "{{ item }}"
    creates: ~/mysql_secure_installation
  loop:
    - "mysql -e \"DELETE FROM mysql.user WHERE User='';\""
    - "mysql -e \"DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');\""
    - "mysql -e \"DROP DATABASE IF EXISTS test;\""
    - "mysql -e \"DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';\""
    - "mysql -e \"FLUSH PRIVILEGES;\""
    - touch ~/mysql_secure_installation

- name: Create MariaDB service dir
  ansible.builtin.file:
    path: /etc/systemd/system/mariadb.service.d/
    state: directory
    mode: "0o755"

- name: Create MariaDB service override
  ansible.builtin.copy:
    src: files/override.conf
    dest: /etc/systemd/system/mariadb.service.d/override.conf
    mode: "0o644"
  notify:
    - Restart mariadb
    - Daemon-reload

- name: Install backup script
  ansible.builtin.copy:
    src: files/backup_mysql.sh
    dest: /usr/local/bin/backup_mysql.sh
    mode: "0o755"

- name: Cron backup script
  ansible.builtin.cron:
    name: "MariaDB backup"
    hour: "{{ mariadb_backup_hour }}"
    minute: "{{ mariadb_backup_minute }}"
    job: "/usr/local/bin/backup_mysql.sh"
    state: present