Initial commit

2020-05-16 23:37:59 +02:00 · 2020-05-16 23:37:59 +02:00 · 95c334a065
commit 95c334a065
1 changed files with 50 additions and 0 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,50 @@
+- name: PostgreSQL listen on private subnet
+  replace:
+        path: /etc/postgresql/12/main/postgresql.conf
+        regexp: "(#?)listen_addresses = '.*'"
+        replace: "listen_addresses = '{{ ansible_ens10.ipv4.address }},localhost'"
+  notify: Run service actions
+  tags:
+        - postgres
+- name: Set root user password
+  become: yes
+  become_user: postgres
+  postgresql_user:
+        port: '{{ services.postgres.port }}'
+        db: postgres
+        name: "{{ postgres.user }}"
+        password: "{{ postgres.password }}"
+  tags:
+        - postgres
+        - vault
+- name: Create users
+  become: yes
+  become_user: postgres
+  postgresql_user:
+        port: '{{ services.postgres.port }}'
+        db: postgres
+        name: '{{ item }}'
+        role_attr_flags: "LOGIN,NOSUPERUSER,NOCREATEROLE,NOCREATEDB,NOREPLICATION,NOINHERIT"
+        password: "{{ postgres.dbpass[item] }}"
+  loop: "{{ services.postgres.databases }}"
+  tags:
+        - postgres
+        - vault
+- name: Create databases
+  become: yes
+  become_user: postgres
+  postgresql_db:
+        name: '{{ item }}'
+        owner: '{{ item }}'
+  loop: "{{ services.postgres.databases }}"
+  tags:
+        - postgres
+        - vault
+- name: Allow users on the private IP subnet to connect to PGSQL
+  postgresql_pg_hba:
+        contype: host
+        dest: '/etc/postgresql/12/main/pg_hba.conf'
+        source: "{{(ansible_ens10.ipv4.address + '/' + '8')}}" # NOTE: Using ansible_ens10.ipv4.netmask and converting it will result in a /32 mask because the interface doesn't offer information about the mask
+  notify: Run service actions
+  tags:
+        - postgres