Jan Alexander Steffens (heftig)
2ca059878a
postgres: rebase config to postgresql 16.1-1
2023-12-08 20:22:36 +01:00
Evangelos Foutras
1ad701e2be
postgres: rebase config to postgresql 15.1-1
2023-02-05 22:39:31 +02:00
Kristian Klausen
e9e44d445c
Migrate PostgreSQL to C.UTF-8
...
C.UTF-8 is installed by default, so we can avoid messing with locale-gen
by using that.
All the postgres servers (excluding matrix due to[1]) have been migrated
with the following commands:
# sudo -u postgres pg_dumpall > d
# sed "s/LOCALE = 'C'/LOCALE = 'C.UTF-8'/" -i d
# systemctl stop postgresql.service
# mv /var/lib/postgres/data{,.old}
$ ansible-playbook --diff -t postgres playbooks/<host>.yml
# sudo -u postgres psql < d
[1] 19a57f4a37/docs/postgres.md (fixing-incorrect-collate-or-ctype)
Fix #470
2022-11-03 00:11:36 +01:00
Evangelos Foutras
bdf965475a
postgres: pg_hba.conf: switch to scram-sha-256
...
All database user passwords have been updated to use scram-sha-256, so
there's no need for backward compatibility with md5.
2022-04-21 00:03:27 +03:00
Evangelos Foutras
338f2c29a4
postgres: rebase config to postgresql 14.2-1
2022-04-20 22:52:42 +03:00
Evangelos Foutras
f0a0060c62
postgres: fix letsencrypt renewal hook
...
It was using a nonexistent target path when copying the renewed cert and
was not reloading postgresql.service in order for it to reload the certs.
2022-04-20 19:32:14 +03:00
Kristian Klausen
6a11db2f20
Use wireguard for db connections to archlinux.org
...
Fix #177
2021-08-24 21:08:08 +02:00
Jan Alexander Steffens (heftig)
c158d7989f
roles/postgres: Update config from sample config (13.1-2)
...
Only changes to comments.
2020-12-12 13:34:10 +01:00
Jan Alexander Steffens (heftig)
c7e3446bae
postgres: Set `jit = off` on matrix.archlinux.org
...
This seems to be the cause for our memory leak.
https://www.postgresql.org/message-id/flat/16707-f5df308978a55bf8%40postgresql.org
2020-12-12 12:51:53 +01:00
Jan Alexander Steffens (heftig)
889e0e5ed5
roles/postgres: Update config from sample config (12.5-4)
...
Mostly changes to comments.
2020-12-12 12:51:52 +01:00
Jan Alexander Steffens (heftig)
a44b604f6b
postgres: Integrate soyuz' config and clean up syntax
2019-02-15 11:24:53 +01:00
Florian Pritz
8a60a8ae65
postgres: Merge upstream config locale changes
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-20 11:52:09 +01:00
Florian Pritz
99c02ad907
postgres: Merge upstream config WAL size changes
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-20 11:51:13 +01:00
Florian Pritz
8f5a96e652
postgres: Merge upstream configuration changes to SSL section
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-20 11:50:47 +01:00
Florian Pritz
a96c5689f0
postgres: Move TCP/SSL comments around to match new upstream config
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-20 11:49:54 +01:00
Florian Pritz
638b5af5c1
postgres: Move comments around to match new upstream config
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-20 11:48:24 +01:00
Phillip Smith
d13089e608
break postgres client ips into separate variables
...
we have to use rich rules in firewalld to restict a specific port to a list of
specific ip addresses. when using rich rules, you have to specify the address
family (ipv4 or ipv6) which we can't do in an automated fashion with the ipv4
and ipv6 addresses of the clients dynamically generated into a single variable.
so this commit creates 2 variables; one for ipv4 clients and one for ipv6
clients which can be referred to as required when creating the rich rules.
2018-08-17 10:32:35 +10:00
Jan Alexander Steffens (heftig)
d3b3cac5dc
postgres: Make logging a bit nicer
2018-05-14 20:13:44 +02:00
Florian Pritz
419d6559dd
postgres: Merge config differences from soyuz
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-03-02 13:14:02 +01:00
Giancarlo Razzolini
d4ed924d84
roles/postgres: New letsencrypt hook to install renewed certs and also created tasks to copy them
2016-12-30 19:32:40 -02:00
Giancarlo Razzolini
7105367fa8
roles/postgres: Fix empty line on pg_hba.conf.j2
2016-12-29 22:40:51 -02:00
Giancarlo Razzolini
084ff91db6
roles/postgres: Remove unecessary check
2016-12-27 22:58:38 -02:00
Giancarlo Razzolini
270074b685
roles/postgres: Create a new postgres_ssl_hosts variable that will be used to determine which hosts can login using ssl
2016-12-27 22:51:22 -02:00
Giancarlo Razzolini
e37272185a
roles/postgres: Revert postgresql.conf to use the variables names only, without defaults.
2016-12-27 15:47:05 -02:00
Giancarlo Razzolini
c4ffbab40c
roles/archweb: Change the services to be templates and also split their installation.
...
roles/archweb: Memcached service.
roles/postgresql: Initial work on SSL support.
2016-12-27 14:37:29 -02:00
Giancarlo Razzolini
6dc0c6bc4f
playbooks/soyuz: Reverted the postgres variables, since they now have defaults.
...
roles/postgres: Added default values to the max_connections and shared_buffers variables.
2016-12-21 16:39:46 -02:00
Giancarlo Razzolini
45dc25b0d0
playbooks/apollo: Added the sudo role and the security_tracker role. Also changes the posgres to include the new variables.
...
roles/postgres: Merged the new configuration (from 9.6) and added two new variables for making it easier to test the role on a vm/container.
2016-12-20 16:08:18 -02:00
Jan Alexander Steffens (heftig)
51cc26ac3d
roles/postgres: give superuser permission for all DBs
...
postgres must be able to connect to all databases,
else the postgres_db ansible module is broken.
2016-09-22 01:33:48 +02:00
Sven-Hendrik Haase
8480d6fb53
Add postgres role and use it on apollo
...
Signed-off-by: Sven-Hendrik Haase <svenstaro@gmail.com>
2016-09-12 11:54:33 +02:00