ansible-postgresql/tasks/main.yml

- name: PostgreSQL set defaults
  template:
        src: "config.conf"
        dest: "/etc/postgresql/{{ postgres.version }}/main/postgresql.conf"
        follow: yes
  notify: Run service actions
  tags:
        - postgres
        - configs
- name: Set root user password
  become: yes
  become_user: postgres
  postgresql_user:
        port: '{{ postgres.port }}'
        db: postgres
        name: "{{ vault_postgres.user }}"
        password: "{{ vault_postgres.password }}"
  tags:
        - postgres
        - vault
- name: Create users
  become: yes
  become_user: postgres
  postgresql_user:
        port: '{{ postgres.port }}'
        db: postgres
        name: '{{ item }}'
        role_attr_flags: "LOGIN,NOSUPERUSER,NOCREATEROLE,NOCREATEDB,NOREPLICATION,NOINHERIT"
        password: "{{ vault_postgres.dbpass[item] }}"
  loop: "{{ postgres.databases }}"
  tags:
        - postgres
        - vault
- name: Create databases
  become: yes
  become_user: postgres
  postgresql_db:
        name: '{{ item }}'
        owner: '{{ item }}'
  loop: "{{ postgres.databases }}"
  tags:
        - postgres
        - vault
- name: Allow users on the private IP subnet to connect to PGSQL
  postgresql_pg_hba:
        contype: host
        dest: '/etc/postgresql/12/main/pg_hba.conf'
        source: "{{(ansible_ens10.ipv4.address + '/' + '8')}}" # NOTE: Using ansible_ens10.ipv4.netmask and converting it will result in a /32 mask because the interface doesn't offer information about the mask
  notify: Run service actions
  tags:
        - postgres
Set subnet with postgresql_set 2020-05-31 09:58:33 +00:00			`- name: PostgreSQL set defaults`
Use full config instead of overrides 2020-07-12 16:33:21 +00:00			`template:`
			`src: "config.conf"`
			`dest: "/etc/postgresql/{{ postgres.version }}/main/postgresql.conf"`
			`follow: yes`
Initial commit 2020-05-16 21:37:59 +00:00			`notify: Run service actions`
			`tags:`
			`- postgres`
Use full config instead of overrides 2020-07-12 16:33:21 +00:00			`- configs`
Initial commit 2020-05-16 21:37:59 +00:00			`- name: Set root user password`
			`become: yes`
			`become_user: postgres`
			`postgresql_user:`
Change vars around and fix some stuff, use per-service vault inclusion 2020-05-21 18:16:53 +00:00			`port: '{{ postgres.port }}'`
Initial commit 2020-05-16 21:37:59 +00:00			`db: postgres`
Change vars around and fix some stuff, use per-service vault inclusion 2020-05-21 18:16:53 +00:00			`name: "{{ vault_postgres.user }}"`
			`password: "{{ vault_postgres.password }}"`
Initial commit 2020-05-16 21:37:59 +00:00			`tags:`
			`- postgres`
			`- vault`
			`- name: Create users`
			`become: yes`
			`become_user: postgres`
			`postgresql_user:`
Change vars around and fix some stuff, use per-service vault inclusion 2020-05-21 18:16:53 +00:00			`port: '{{ postgres.port }}'`
Initial commit 2020-05-16 21:37:59 +00:00			`db: postgres`
			`name: '{{ item }}'`
			`role_attr_flags: "LOGIN,NOSUPERUSER,NOCREATEROLE,NOCREATEDB,NOREPLICATION,NOINHERIT"`
Change vars around and fix some stuff, use per-service vault inclusion 2020-05-21 18:16:53 +00:00			`password: "{{ vault_postgres.dbpass[item] }}"`
			`loop: "{{ postgres.databases }}"`
Initial commit 2020-05-16 21:37:59 +00:00			`tags:`
			`- postgres`
			`- vault`
			`- name: Create databases`
			`become: yes`
			`become_user: postgres`
			`postgresql_db:`
			`name: '{{ item }}'`
			`owner: '{{ item }}'`
Change vars around and fix some stuff, use per-service vault inclusion 2020-05-21 18:16:53 +00:00			`loop: "{{ postgres.databases }}"`
Initial commit 2020-05-16 21:37:59 +00:00			`tags:`
			`- postgres`
			`- vault`
			`- name: Allow users on the private IP subnet to connect to PGSQL`
			`postgresql_pg_hba:`
			`contype: host`
			`dest: '/etc/postgresql/12/main/pg_hba.conf'`
			`source: "{{(ansible_ens10.ipv4.address + '/' + '8')}}" # NOTE: Using ansible_ens10.ipv4.netmask and converting it will result in a /32 mask because the interface doesn't offer information about the mask`
			`notify: Run service actions`
			`tags:`
			`- postgres`