--- - name: "Create postgres user: {{ db.user }}" community.postgresql.postgresql_user: state: present name: "{{ db.user }}" password: "{{ db.password }}" become: true become_user: "{{ db.default_user.user }}" vars: ansible_remote_temp: "/tmp/" - name: "Create database: {{ db.name }}" community.postgresql.postgresql_db: state: present name: "{{ db.name }}" encoding: UTF8 lc_collate: "en_US.UTF-8" lc_ctype: "en_US.UTF-8" become: true become_user: postgres vars: ansible_remote_temp: "/tmp/" - name: "Grant privileges to {{ db.user }}" community.postgresql.postgresql_privs: db: "{{ db.name }}" privs: ALL type: database roles: "{{ db.user }}" become: true become_user: postgres vars: ansible_remote_temp: "/tmp/" - name: "Grant all privileges on schema public to {{ db.user }};" community.postgresql.postgresql_privs: db: "{{ db.name }}" privs: ALL type: schema obj: "public" roles: "{{ db.user }}" become: true become_user: postgres vars: ansible_remote_temp: "/tmp/" - name: "Allow md5 connection for the user {{ db.user }}" community.postgresql.postgresql_pg_hba: dest: "/etc/postgresql/15/main/pg_hba.conf" contype: host databases: all method: md5 address: "{{ k3s.net }}" users: "{{ db.user }}" create: false become: true notify: - Restart postgres - name: "Set public listen address" become: true ansible.builtin.lineinfile: dest: "/etc/postgresql/15/main/conf.d/listen.conf" regexp: "^#?listen_addresses=" line: "listen_addresses='{{ db.listen_address | default('localhost') }}'" state: present mode: "644" create: true notify: "Restart postgres"