52 lines
1.5 KiB
YAML
52 lines
1.5 KiB
YAML
- name: PostgreSQL set defaults
|
|
template:
|
|
src: "config.conf"
|
|
dest: "/etc/postgresql/{{ postgres.version }}/main/postgresql.conf"
|
|
follow: yes
|
|
notify: Run service actions
|
|
tags:
|
|
- postgres
|
|
- configs
|
|
- name: Set root user password
|
|
become: yes
|
|
become_user: postgres
|
|
postgresql_user:
|
|
port: '{{ postgres.port }}'
|
|
db: postgres
|
|
name: "{{ vault_postgres.user }}"
|
|
password: "{{ vault_postgres.password }}"
|
|
tags:
|
|
- postgres
|
|
- vault
|
|
- name: Create users
|
|
become: yes
|
|
become_user: postgres
|
|
postgresql_user:
|
|
port: '{{ postgres.port }}'
|
|
db: postgres
|
|
name: '{{ item }}'
|
|
role_attr_flags: "LOGIN,NOSUPERUSER,NOCREATEROLE,NOCREATEDB,NOREPLICATION,NOINHERIT"
|
|
password: "{{ vault_postgres.dbpass[item] }}"
|
|
loop: "{{ postgres.databases }}"
|
|
tags:
|
|
- postgres
|
|
- vault
|
|
- name: Create databases
|
|
become: yes
|
|
become_user: postgres
|
|
postgresql_db:
|
|
name: '{{ item }}'
|
|
owner: '{{ item }}'
|
|
loop: "{{ postgres.databases }}"
|
|
tags:
|
|
- postgres
|
|
- vault
|
|
- name: Allow users on the private IP subnet to connect to PGSQL
|
|
postgresql_pg_hba:
|
|
contype: host
|
|
dest: '/etc/postgresql/12/main/pg_hba.conf'
|
|
source: "{{(ansible_ens10.ipv4.address + '/' + '8')}}" # NOTE: Using ansible_ens10.ipv4.netmask and converting it will result in a /32 mask because the interface doesn't offer information about the mask
|
|
notify: Run service actions
|
|
tags:
|
|
- postgres
|