ansible/roles/postgres/tasks/configuration.yml

70 lines
1.7 KiB
YAML
Raw Normal View History

---
- name: "Create postgres user: {{ db.user }}"
community.postgresql.postgresql_user:
state: present
name: "{{ db.user }}"
password: "{{ db.password }}"
become: true
become_user: "{{ db.default_user.user }}"
vars:
ansible_remote_temp: "/tmp/"
- name: "Create database: {{ db.name }}"
community.postgresql.postgresql_db:
state: present
name: "{{ db.name }}"
encoding: UTF8
lc_collate: "en_US.UTF-8"
lc_ctype: "en_US.UTF-8"
become: true
become_user: postgres
vars:
ansible_remote_temp: "/tmp/"
- name: "Grant privileges to {{ db.user }}"
community.postgresql.postgresql_privs:
db: "{{ db.name }}"
privs: ALL
type: database
roles: "{{ db.user }}"
become: true
become_user: postgres
vars:
ansible_remote_temp: "/tmp/"
- name: "Grant all privileges on schema public to {{ db.user }};"
community.postgresql.postgresql_privs:
db: "{{ db.name }}"
privs: ALL
type: schema
obj: "public"
roles: "{{ db.user }}"
become: true
become_user: postgres
vars:
ansible_remote_temp: "/tmp/"
- name: "Allow md5 connection for the user {{ db.user }}"
community.postgresql.postgresql_pg_hba:
dest: "/etc/postgresql/15/main/pg_hba.conf"
contype: host
databases: all
method: md5
address: "{{ k3s.net }}"
users: "{{ db.user }}"
create: false
become: true
notify:
- Restart postgres
- name: "Set public listen address"
become: true
ansible.builtin.lineinfile:
dest: "/etc/postgresql/15/main/conf.d/listen.conf"
regexp: "^#?listen_addresses="
line: "listen_addresses='{{ db.listen_address | default('localhost') }}'"
state: present
mode: "644"
create: true
notify: "Restart postgres"