70 lines
1.7 KiB
YAML
70 lines
1.7 KiB
YAML
---
|
|
- name: "Create postgres user: {{ db.user }}"
|
|
community.postgresql.postgresql_user:
|
|
state: present
|
|
name: "{{ db.user }}"
|
|
password: "{{ db.password }}"
|
|
become: true
|
|
become_user: "{{ db.default_user.user }}"
|
|
vars:
|
|
ansible_remote_temp: "/tmp/"
|
|
|
|
- name: "Create database: {{ db.name }}"
|
|
community.postgresql.postgresql_db:
|
|
state: present
|
|
name: "{{ db.name }}"
|
|
encoding: UTF8
|
|
lc_collate: "en_US.UTF-8"
|
|
lc_ctype: "en_US.UTF-8"
|
|
become: true
|
|
become_user: postgres
|
|
vars:
|
|
ansible_remote_temp: "/tmp/"
|
|
|
|
- name: "Grant privileges to {{ db.user }}"
|
|
community.postgresql.postgresql_privs:
|
|
db: "{{ db.name }}"
|
|
privs: ALL
|
|
type: database
|
|
roles: "{{ db.user }}"
|
|
become: true
|
|
become_user: postgres
|
|
vars:
|
|
ansible_remote_temp: "/tmp/"
|
|
|
|
- name: "Grant all privileges on schema public to {{ db.user }};"
|
|
community.postgresql.postgresql_privs:
|
|
db: "{{ db.name }}"
|
|
privs: ALL
|
|
type: schema
|
|
obj: "public"
|
|
roles: "{{ db.user }}"
|
|
become: true
|
|
become_user: postgres
|
|
vars:
|
|
ansible_remote_temp: "/tmp/"
|
|
|
|
- name: "Allow md5 connection for the user {{ db.user }}"
|
|
community.postgresql.postgresql_pg_hba:
|
|
dest: "/etc/postgresql/15/main/pg_hba.conf"
|
|
contype: host
|
|
databases: all
|
|
method: md5
|
|
address: "{{ k3s.net }}"
|
|
users: "{{ db.user }}"
|
|
create: false
|
|
become: true
|
|
notify:
|
|
- Restart postgres
|
|
|
|
- name: "Set public listen address"
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
dest: "/etc/postgresql/15/main/conf.d/listen.conf"
|
|
regexp: "^#?listen_addresses="
|
|
line: "listen_addresses='{{ db.listen_address | default('localhost') }}'"
|
|
state: present
|
|
mode: "644"
|
|
create: true
|
|
notify: "Restart postgres"
|