diff --git a/roles/postgresql/defaults/main.yml b/roles/postgresql/defaults/main.yml index eb9f3d7..17f718d 100644 --- a/roles/postgresql/defaults/main.yml +++ b/roles/postgresql/defaults/main.yml @@ -2,4 +2,5 @@ # code: language=ansible --- postgresql_pgdata: "{{ data_fs }}/pgsql/{{ postgresql_version }}/data" +postgresql_wal_archive: "{{ data_fs }}/wal-archive" postgresql_service: postgresql-{{ postgresql_version }} diff --git a/roles/postgresql/tasks/database.yml b/roles/postgresql/tasks/database.yml index 2cda0ba..0127515 100644 --- a/roles/postgresql/tasks/database.yml +++ b/roles/postgresql/tasks/database.yml @@ -23,14 +23,3 @@ roles: "{{ db_vars.username }}" privs: ALL state: present - -- name: Allow connections to database '{{ db_name }}' - community.postgresql.postgresql_pg_hba: - dest: "{{ postgresql_pgdata }}/pg_hba.conf" - contype: host - users: "{{ db_vars.username }}" - databases: "{{ db_name }}" - source: "{{ internal_subnet }}" - method: scram-sha-256 - state: present - notify: Reload PostgreSQL diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index ee1a52a..1190105 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -34,7 +34,7 @@ - name: Copy PostgreSQL service override file ansible.builtin.template: - src: systemd-overrides/{{ postgresql_service }}.service.j2 + src: "{{ postgresql_service }}.service.j2" dest: /etc/systemd/system/{{ postgresql_service }}.service.d/override.conf owner: root mode: u=rw,g=r,o=r @@ -57,6 +57,22 @@ become: true become_user: postgres +- name: Copy postgresql.conf + ansible.builtin.template: + src: postgresql.conf.j2 + dest: "{{ postgresql_pgdata }}/postgresql.conf" + owner: postgres + mode: u=rw,go= + notify: Reload PostgreSQL + +- name: Copy pg_hba.conf + ansible.builtin.template: + src: pg_hba.conf.j2 + dest: "{{ postgresql_pgdata }}/pg_hba.conf" + owner: postgres + mode: u=rw,go= + notify: Reload PostgreSQL + - name: Ensure PostgreSQL is enabled and running ansible.builtin.service: name: "{{ postgresql_service }}" diff --git a/roles/postgresql/templates/pg_hba.conf.j2 b/roles/postgresql/templates/pg_hba.conf.j2 new file mode 100644 index 0000000..0985468 --- /dev/null +++ b/roles/postgresql/templates/pg_hba.conf.j2 @@ -0,0 +1,12 @@ +# THIS FILE IS MANAGED BY ANSIBLE +# code: language=ansible-jinja + +# TYPE DATABASE USER ADDRESS METHOD +local all all scram-sha-256 +local all postgres peer +host all all 127.0.0.1/32 scram-sha-256 +host all all ::1/128 scram-sha-256 + +{% for db in (databases | dict2items(key_name='name', value_name='vars')) %} +host {{ db.name }} {{ db.vars.username }} {{ internal_subnet }} scram-sha-256 +{% endfor %} diff --git a/roles/postgresql/templates/systemd-overrides/postgresql-14.service.j2 b/roles/postgresql/templates/postgresql-14.service.j2 similarity index 70% rename from roles/postgresql/templates/systemd-overrides/postgresql-14.service.j2 rename to roles/postgresql/templates/postgresql-14.service.j2 index 160de22..8e715c8 100644 --- a/roles/postgresql/templates/systemd-overrides/postgresql-14.service.j2 +++ b/roles/postgresql/templates/postgresql-14.service.j2 @@ -1,3 +1,5 @@ +# THIS FILE IS MANAGED BY ANSIBLE # code: language=ansible-jinja + [Service] Environment=PGDATA={{ postgresql_pgdata }} \ No newline at end of file diff --git a/roles/postgresql/templates/postgresql.conf.j2 b/roles/postgresql/templates/postgresql.conf.j2 new file mode 100644 index 0000000..630af83 --- /dev/null +++ b/roles/postgresql/templates/postgresql.conf.j2 @@ -0,0 +1,25 @@ +# THIS FILE IS MANAGED BY ANSIBLE +# code: language=ansible-jinja + +# Common +listen_addresses = '*' +max_connections = 100 +shared_buffers = 128MB +dynamic_shared_memory_type = posix +password_encryption = scram-sha-256 +datestyle = 'iso, mdy' +timezone = '{{ timezone }}' +log_timezone = '{{ timezone }}' +lc_messages = 'en_US.utf8' +lc_monetary = 'en_US.utf8' +lc_numeric = 'en_US.utf8' +lc_time = 'en_US.utf8' + +# WAL settings +wal_level = replica +max_wal_size = 2GB +min_wal_size = 80MB + +# Archiving +archive_mode = on +archive_command = 'test ! -f {{ postgresql_wal_archive }}/%f && cp %p {{ postgresql_wal_archive }}/%f'