Full k3s server installation done

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
2024-09-20 15:01:33 +02:00
parent 51a49d003d
commit 3aa56be025
9 changed files with 95 additions and 29 deletions
--- a/roles/postgres/handlers/main.yml
+++ b/roles/postgres/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Restart postgres
  systemd:
-    name: postgres
+    name: postgresql
    state: restarted
  become: true
--- a/roles/postgres/tasks/configuration.yml
+++ b/roles/postgres/tasks/configuration.yml
@@ -21,13 +21,24 @@
  vars:
    ansible_remote_temp: "/tmp/"

- name: "Grant {{ db.user }} user access to db {{ db.name }}"
-  postgresql_privs:
+- name: "Grant all privileges on database {{ db.name }} to {{ db.user }};"
+  community.postgresql.postgresql_privs:
+    db: "{{ db.name }}"
+    privs: ALL
    type: database
-    database: "{{ db.name }}"
    roles: "{{ db.user }}"
-    grant_option: no
-    privs: all
+  become: yes
+  become_user: postgres
+  vars:
+    ansible_remote_temp: "/tmp/"
+
+- name: "Grant all privileges on schema public to {{ db.user }};"
+  community.postgresql.postgresql_privs:
+    db: "{{ db.name }}"
+    privs: ALL
+    type: schema
+    obj: "public"
+    roles: "{{ db.user }}"
  become: yes
  become_user: postgres
  vars:
@@ -35,15 +46,23 @@

 - name: "Allow md5 connection for the {{ db.user }} user"
  postgresql_pg_hba:
-    dest: "~/15/main/pg_hba.conf"
+    dest: "/etc/postgresql/15/main/pg_hba.conf"
    contype: host
    databases: all
    method: md5
+    address: "{{ k3s.net }}"
    users: "{{ db.user }}"
-    create: true
+    create: false
  become: yes
-  become_user: postgres
  notify:
    - Restart postgres
-  vars:
-    ansible_remote_temp: "/tmp/"
+
+- name: "Set public listen address"
+  become: true
+  lineinfile:
+    dest: "/etc/postgresql/15/main/conf.d/listen.conf"
+    regexp: "^#?listen_addresses="
+    line: "listen_addresses='{{ db.listen_address | default('localhost') }}'"
+    state: present
+    create: yes
+  notify: "Restart postgres"
--- a/roles/postgres/tasks/installation.yml
+++ b/roles/postgres/tasks/installation.yml
@@ -4,11 +4,11 @@
    name: "{{ postgres_packages }}"
    state: present
  become: true
-  register: postgres_install

 - name: Start and enable the service
  systemd:
    name: postgresql
    state: started
+    daemon_reload: true
    enabled: true
  become: true
--- a/roles/postgres/vars/main.yml
+++ b/roles/postgres/vars/main.yml
@@ -1,15 +1,3 @@
-############################################
-############### CHANGE THESE ###############
-############################################
-db:
-  default_user:
-    user: "postgres"
-  name: "database"
-  user: "user"
-  password: "password"
-
-############################################
-# Don't change these (probably)
 ansible_dependencies:
  - python3-pip
  - python3-psycopg