2ca059878a
postgres: rebase config to postgresql 16.1-1
2023-12-08 20:22:36 +01:00
1ad701e2be
postgres: rebase config to postgresql 15.1-1
2023-02-05 22:39:31 +02:00
e9e44d445c
Migrate PostgreSQL to C.UTF-8
...
C.UTF-8 is installed by default, so we can avoid messing with locale-gen
by using that.
All the postgres servers (excluding matrix due to[1]) have been migrated
with the following commands:
# sudo -u postgres pg_dumpall > d
# sed "s/LOCALE = 'C'/LOCALE = 'C.UTF-8'/" -i d
# systemctl stop postgresql.service
# mv /var/lib/postgres/data{,.old}
$ ansible-playbook --diff -t postgres playbooks/<host>.yml
# sudo -u postgres psql < d
[1] 19a57f4a37/docs/postgres.md (fixing-incorrect-collate-or-ctype)#470
2022-11-03 00:11:36 +01:00
bdf965475a
postgres: pg_hba.conf: switch to scram-sha-256
...
All database user passwords have been updated to use scram-sha-256, so
there's no need for backward compatibility with md5.
2022-04-21 00:03:27 +03:00
338f2c29a4
postgres: rebase config to postgresql 14.2-1
2022-04-20 22:52:42 +03:00
f0a0060c62
postgres: fix letsencrypt renewal hook
...
It was using a nonexistent target path when copying the renewed cert and
was not reloading postgresql.service in order for it to reload the certs.
2022-04-20 19:32:14 +03:00
6a11db2f20
Use wireguard for db connections to archlinux.org
...
Fix #177
2021-08-24 21:08:08 +02:00
c158d7989f
roles/postgres: Update config from sample config (13.1-2)
...
Only changes to comments.
2020-12-12 13:34:10 +01:00
c7e3446bae
postgres: Set `jit = off` on matrix.archlinux.org
...
This seems to be the cause for our memory leak.
https://www.postgresql.org/message-id/flat/16707-f5df308978a55bf8%40postgresql.org
2020-12-12 12:51:53 +01:00
889e0e5ed5
roles/postgres: Update config from sample config (12.5-4)
...
Mostly changes to comments.
2020-12-12 12:51:52 +01:00
a44b604f6b
postgres: Integrate soyuz' config and clean up syntax
2019-02-15 11:24:53 +01:00
8a60a8ae65
postgres: Merge upstream config locale changes
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-20 11:52:09 +01:00
99c02ad907
postgres: Merge upstream config WAL size changes
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-20 11:51:13 +01:00
8f5a96e652
postgres: Merge upstream configuration changes to SSL section
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-20 11:50:47 +01:00
a96c5689f0
postgres: Move TCP/SSL comments around to match new upstream config
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-20 11:49:54 +01:00
638b5af5c1
postgres: Move comments around to match new upstream config
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-11-20 11:48:24 +01:00
d13089e608
break postgres client ips into separate variables
...
we have to use rich rules in firewalld to restict a specific port to a list of
specific ip addresses. when using rich rules, you have to specify the address
family (ipv4 or ipv6) which we can't do in an automated fashion with the ipv4
and ipv6 addresses of the clients dynamically generated into a single variable.
so this commit creates 2 variables; one for ipv4 clients and one for ipv6
clients which can be referred to as required when creating the rich rules.
2018-08-17 10:32:35 +10:00
d3b3cac5dc
postgres: Make logging a bit nicer
2018-05-14 20:13:44 +02:00
419d6559dd
postgres: Merge config differences from soyuz
...
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2018-03-02 13:14:02 +01:00
d4ed924d84
roles/postgres: New letsencrypt hook to install renewed certs and also created tasks to copy them
2016-12-30 19:32:40 -02:00
7105367fa8
roles/postgres: Fix empty line on pg_hba.conf.j2
2016-12-29 22:40:51 -02:00
084ff91db6
roles/postgres: Remove unecessary check
2016-12-27 22:58:38 -02:00
270074b685
roles/postgres: Create a new postgres_ssl_hosts variable that will be used to determine which hosts can login using ssl
2016-12-27 22:51:22 -02:00
e37272185a
roles/postgres: Revert postgresql.conf to use the variables names only, without defaults.
2016-12-27 15:47:05 -02:00
c4ffbab40c
roles/archweb: Change the services to be templates and also split their installation.
...
roles/archweb: Memcached service.
roles/postgresql: Initial work on SSL support.
2016-12-27 14:37:29 -02:00
6dc0c6bc4f
playbooks/soyuz: Reverted the postgres variables, since they now have defaults.
...
roles/postgres: Added default values to the max_connections and shared_buffers variables.
2016-12-21 16:39:46 -02:00
45dc25b0d0
playbooks/apollo: Added the sudo role and the security_tracker role. Also changes the posgres to include the new variables.
...
roles/postgres: Merged the new configuration (from 9.6) and added two new variables for making it easier to test the role on a vm/container.
2016-12-20 16:08:18 -02:00
51cc26ac3d
roles/postgres: give superuser permission for all DBs
...
postgres must be able to connect to all databases,
else the postgres_db ansible module is broken.
2016-09-22 01:33:48 +02:00
8480d6fb53
Add postgres role and use it on apollo
...
Signed-off-by: Sven-Hendrik Haase <svenstaro@gmail.com>
2016-09-12 11:54:33 +02:00
Jan Alexander Steffens (heftig)
Evangelos Foutras
Kristian Klausen
Jan Alexander Steffens (heftig)
Florian Pritz
Phillip Smith
Giancarlo Razzolini
Sven-Hendrik Haase