mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-05 15:16:26 +02:00
4112bdf9fd
yaml: truthy value should be one of [false, true] (truthy) yaml: wrong indentation: expected 4 but found 2 (indentation) yaml: too few spaces before comment (comments) yaml: missing starting space in comment (comments) yaml: too many blank lines (1 > 0) (empty-lines) yaml: too many spaces after colon (colons) yaml: comment not indented like content (comments-indentation) yaml: no new line character at the end of file (new-line-at-end-of-file) load-failure: Failed to load or parse file parser-error: couldn't resolve module/action 'hosts'. This often indicates a misspelling, missing collection, or incorrect module path.
87 lines
2.8 KiB
YAML
87 lines
2.8 KiB
YAML
---
|
|
|
|
- name: create postgres subvolume
|
|
command: btrfs subvol create /var/lib/postgres
|
|
args:
|
|
creates: /var/lib/postgres
|
|
when: filesystem == "btrfs"
|
|
|
|
- name: install postgres
|
|
pacman: name=postgresql,python-psycopg2 state=present
|
|
|
|
- name: create nocow database directory
|
|
file:
|
|
state: directory
|
|
owner: postgres
|
|
group: postgres
|
|
attributes: "+C"
|
|
path: /var/lib/postgres/data
|
|
mode: 0700
|
|
when: filesystem == "btrfs"
|
|
|
|
- name: initialize postgres
|
|
become: true
|
|
become_user: postgres
|
|
become_method: su
|
|
command: initdb --locale en_US.UTF-8 -E UTF8 -D '/var/lib/postgres/data'
|
|
args:
|
|
chdir: /var/lib/postgres
|
|
creates: /var/lib/postgres/data/postgresql.conf
|
|
notify:
|
|
- restart postgres
|
|
|
|
- name: configure postgres
|
|
template: src={{ item }}.j2 dest=/var/lib/postgres/data/{{ item }} owner=postgres group=postgres mode=0600
|
|
with_items:
|
|
- postgresql.conf
|
|
- pg_hba.conf
|
|
notify:
|
|
- restart postgres
|
|
|
|
- name: install postgres certificate
|
|
copy: src=/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem dest={{ postgres_ssl_cert_file }}
|
|
remote_src=true owner=postgres group=postgres mode=0400
|
|
when: postgres_ssl == 'on'
|
|
|
|
- name: install postgres private key
|
|
copy: src=/etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem dest={{ postgres_ssl_key_file }}
|
|
remote_src=true owner=postgres group=postgres mode=0400
|
|
when: postgres_ssl == 'on'
|
|
|
|
- name: install postgres ca
|
|
copy: src=/etc/letsencrypt/live/{{ inventory_hostname }}/chain.pem dest={{ postgres_ssl_ca_file }}
|
|
remote_src=true owner=postgres group=postgres mode=0400
|
|
when: postgres_ssl == 'on'
|
|
|
|
- name: start and enable postgres
|
|
service: name=postgresql enabled=yes state=started
|
|
|
|
- name: set postgres user password
|
|
postgresql_user: name=postgres password={{ vault_postgres_users.postgres }} encrypted=yes
|
|
become: true
|
|
become_user: postgres
|
|
become_method: su
|
|
|
|
- name: install postgres cert renewal hook
|
|
template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postgres owner=root group=root mode=0755
|
|
when: postgres_ssl == 'on'
|
|
|
|
- name: open firewall holes to known postgresql ipv4 clients
|
|
ansible.posix.firewalld: permanent=true state=enabled immediate=yes
|
|
rich_rule="rule family=ipv4 source address={{ item }} port protocol=tcp port=5432 accept"
|
|
with_items: "{{ postgres_ssl_hosts4 }}"
|
|
when: configure_firewall
|
|
tags:
|
|
- firewall
|
|
|
|
- name: open firewall holes to known postgresql ipv6 clients
|
|
ansible.posix.firewalld: permanent=true state=enabled immediate=yes
|
|
rich_rule="rule family=ipv6 source address={{ item }} port protocol=tcp port=5432 accept"
|
|
with_items: "{{ postgres_ssl_hosts6 }}"
|
|
when: configure_firewall
|
|
tags:
|
|
- firewall
|
|
|
|
- name: copy postgresql upgrade script
|
|
copy: src=upgrade_pg.sh dest=/usr/local/bin/upgrade_pg.sh mode=0755 owner=root group=root
|