aboutsummaryrefslogtreecommitdiff
path: root/roles/postgres/tasks/main.yml
diff options
context:
space:
mode:
authorGravatar Jonas Gunz <himself@jonasgunz.de> 2022-01-03 22:38:44 +0100
committerGravatar Jonas Gunz <himself@jonasgunz.de> 2022-01-03 22:38:44 +0100
commit6d9a0c91574fb88cab4fc137d0711eeb4cc38122 (patch)
tree4ce718df8e5ec7e88037635ff58ed2839ef921b2 /roles/postgres/tasks/main.yml
parentb3e94b8303aa3269fa09970c9b9fe4e30decf64b (diff)
parenta0ef8bb61b78f695128f7574228b2b23acc2f1b1 (diff)
downloadansible_collection-6d9a0c91574fb88cab4fc137d0711eeb4cc38122.tar.gz
Merge branch 'dev' of git.jonasgunz.de:repos/ansible_collection into dev
Diffstat (limited to 'roles/postgres/tasks/main.yml')
-rw-r--r--roles/postgres/tasks/main.yml78
1 files changed, 78 insertions, 0 deletions
diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml
new file mode 100644
index 0000000..433a1cf
--- /dev/null
+++ b/roles/postgres/tasks/main.yml
@@ -0,0 +1,78 @@
+---
+- name: Install packages
+ apt:
+ name:
+ - postgresql
+ - postgresql-contrib
+ - postgresql-client
+ - python3-psycopg2
+ update_cache: yes
+ become: yes
+
+- name: Server configuration
+ template:
+ src: pgsql.conf.j2
+ dest: '/etc/postgresql/{{ pg_ver }}/{{ pg_ins }}/conf.d/deployment.conf'
+ become: yes
+ notify:
+ - restart pgsql
+
+- name: Server configuration
+ template:
+ src: pg_hba.conf.j2
+ dest: '/etc/postgresql/{{ pg_ver }}/{{ pg_ins }}/pg_hba.conf'
+ become: yes
+ notify:
+ - restart pgsql
+
+- name: Generate SSL Certificates
+ include_role:
+ name: signed_certificate
+ vars:
+ owner: postgres
+
+- name: Check for changed cert
+ command: /bin/true
+ when:
+ - cert_changed
+ notify:
+ - restart pgsql
+
+- name: Flush handlers
+ meta: flush_handlers
+
+- name: Database configuration
+ community.postgresql.postgresql_db:
+ name: '{{ item }}'
+ state: present
+ encoding: UTF-8
+ template: template0
+ login_unix_socket: '/var/run/postgresql/'
+ loop: '{{ pg_dbs }}'
+ become_user: postgres
+ become: yes
+
+- name: User configuration
+ community.postgresql.postgresql_user:
+ name: '{{ item.key }}'
+ password: '{{ vault_pg_db_users_pw[ ansible_facts.fqdn ][ item.key ] }}'
+ login_unix_socket: '/var/run/postgresql/'
+ args: '{{ item.value }}'
+ environment:
+ PGOPTIONS: "-c password_encryption=scram-sha-256"
+ with_dict: '{{ pg_db_users }}'
+ become_user: postgres
+ become: yes
+
+- name: Privilege configuration
+ community.postgresql.postgresql_privs:
+ db: postgres
+ roles: PUBLIC
+ privs: ALL
+ type: database
+ objs: 'postgres,{{ pg_dbs | join(",") }}'
+ state: absent
+ login_unix_socket: '/var/run/postgresql/'
+ become_user: postgres
+ become: yes
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-22 01:55:21 +0000