pipeline {
    agent any
    options {
        ansiColor('xterm')  
    } 
    tools {
        ansible 'Ansible'
    }
    environment {
        PSQL_PASSWORD = "${params.DB_PASSWORD}" 
        VAULT_PASSWORD = credentials('ansible_vault_password')
    }
    parameters {
        string(name: 'DB_USER', defaultValue: 'postgres', description: 'Имя пользователя базы данных')
        password(name: 'DB_PASSWORD', defaultValue: '', description: 'Пароль для базы данных') 
        string(name: 'DB_NAME', defaultValue: 'mydb', description: 'Имя базы данных')
        string(name: 'BACKUP_DIR', defaultValue: '/var/backups/postgresql', description: 'Директория для бэкапа')
        
        booleanParam(name: 'TASK_SETUP', defaultValue: false, description: 'Setup')
        booleanParam(name: 'TASK_INIT', defaultValue: false, description: 'Init')
        booleanParam(name: 'TASK_CONFIGURE', defaultValue: false, description: 'Configure')
        booleanParam(name: 'TASK_USERS', defaultValue: false, description: 'Users')
        booleanParam(name: 'TASK_DATABASE', defaultValue: false, description: 'Database')
        booleanParam(name: 'TASK_INSERT', defaultValue: false, description: 'Insert')
        booleanParam(name: 'TASK_FIREWALL', defaultValue: false, description: 'Firewall')
        booleanParam(name: 'TASK_BACKUP', defaultValue: false, description: 'Backup')
    }
    stages {
        stage('Clone Repository') {
            steps {
                git branch: 'dev', url: 'http://192.168.0.70:3000/coursework/courseworkrep.git'
            }
        }
        stage('Decrypt SSH Key') {
            steps {
                script {
                    def tempDir = '/tmp/' + UUID.randomUUID().toString()
                    env.TEMP_DIR = tempDir
                    sh "mkdir -p ${tempDir}"

                    def decryptedKeyFile = "${tempDir}/id_ed25519"
                    def vaultPassFile = "${tempDir}/vault_pass"

                    writeFile file: vaultPassFile, text: VAULT_PASSWORD
                    
                    sh """
                        ansible-vault decrypt ./id_ed25519_vault --vault-password-file=${vaultPassFile} --output=${decryptedKeyFile}
                    """
                    env.DECRYPTED_KEY_FILE = decryptedKeyFile
                }
            }
        }
        stage('Run Ansible Playbook') {
            steps {
                script {
                    def selectedTags = []
                    
                    if (params.TASK_SETUP) selectedTags << 'setup'
                    if (params.TASK_INIT) selectedTags << 'init'
                    if (params.TASK_CONFIGURE) selectedTags << 'configure'
                    if (params.TASK_USERS) selectedTags << 'users'
                    if (params.TASK_DATABASE) selectedTags << 'database'
                    if (params.TASK_INSERT) selectedTags << 'insert'
                    if (params.TASK_FIREWALL) selectedTags << 'firewall'
                    if (params.TASK_BACKUP) selectedTags << 'backup'
                    
                    def tagsString = selectedTags.join(',')
                    
                    ansiblePlaybook(
                        playbook: 'playbooks/install_postgresql.yml',
                        inventory: "inventory.yml",
                        extraVars: [
                            postgres_user: params.DB_USER,
                            postgres_password: env.PSQL_PASSWORD,
                            postgres_db: params.DB_NAME,
                            backup_dir: params.BACKUP_DIR,
                            ansible_ssh_private_key_file: env.DECRYPTED_KEY_FILE
                        ],
                        tags: tagsString
                    )
                }
            }
        }
    }
    post {
        always {
            script {
                if (env.TEMP_DIR) {
                    sh "rm -rf ${env.TEMP_DIR}"
                }
            }
        }
    }
}