class role::cryptoportfolio::postgresql inherits role::cryptoportfolio {
  $password_seed = lookup("base_installation::puppet_pass_seed")

  $pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio")

  profile::postgresql::master { "postgresql master for cryptoportfolio":
    letsencrypt_host => $web_host,
    backup_hosts     => ["backup-1"],
  }

  postgresql::server::db { $pg_db:
    user     =>  $pg_user,
    password =>  postgresql_password($pg_user, $pg_password),
  }

  postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user':
    type        => 'local',
    database    => $pg_db,
    user        => $pg_user,
    auth_method => 'ident',
    order       => "05-01",
  }

  # cleanup
  postgresql_psql { "DROP PUBLICATION ${pg_db}_publication":
    db     => $pg_db,
    onlyif => "SELECT 1 FROM pg_catalog.pg_publication WHERE pubname = '${pg_db}_publication'",
  } ->
  postgresql_replication_slot { $pg_user_replication:
    ensure => absent
  } ->
  postgresql_psql { "DROP OWNED BY $pg_user_replication":
    db     => $pg_db,
    onlyif => "SELECT 1 FROM pg_user WHERE usename='$pg_user_replication'"
  } ->
  postgresql::server::role { $pg_user_replication:
    ensure        => absent,
  }
  # /cleanup

}