Add PostgreSQL configs

2023-12-23 17:41:57 +01:00 · 2023-12-23 17:41:57 +01:00 · f0464f288c
parent cbdc7119fb
commit f0464f288c
6 changed files with 57 additions and 12 deletions
--- a/roles/postgresql/defaults/main.yml
+++ b/roles/postgresql/defaults/main.yml
@ -2,4 +2,5 @@
 # code: language=ansible
 ---
 postgresql_pgdata: "{{ data_fs }}/pgsql/{{ postgresql_version }}/data"
+postgresql_wal_archive: "{{ data_fs }}/wal-archive"
 postgresql_service: postgresql-{{ postgresql_version }}
--- a/roles/postgresql/tasks/database.yml
+++ b/roles/postgresql/tasks/database.yml
@ -23,14 +23,3 @@
    roles: "{{ db_vars.username }}"
    privs: ALL
    state: present
-
- name: Allow connections to database '{{ db_name }}'
-  community.postgresql.postgresql_pg_hba:
-    dest: "{{ postgresql_pgdata }}/pg_hba.conf"
-    contype: host
-    users: "{{ db_vars.username }}"
-    databases: "{{ db_name }}"
-    source: "{{ internal_subnet }}"
-    method: scram-sha-256
-    state: present
-  notify: Reload PostgreSQL
--- a/roles/postgresql/tasks/main.yml
+++ b/roles/postgresql/tasks/main.yml
@ -34,7 +34,7 @@

 - name: Copy PostgreSQL service override file
  ansible.builtin.template:
-    src: systemd-overrides/{{ postgresql_service }}.service.j2
+    src: "{{ postgresql_service }}.service.j2"
    dest: /etc/systemd/system/{{ postgresql_service }}.service.d/override.conf
    owner: root
    mode: u=rw,g=r,o=r
@ -57,6 +57,22 @@
  become: true
  become_user: postgres

+- name: Copy postgresql.conf
+  ansible.builtin.template:
+    src: postgresql.conf.j2
+    dest: "{{ postgresql_pgdata }}/postgresql.conf"
+    owner: postgres
+    mode: u=rw,go=
+  notify: Reload PostgreSQL
+
+- name: Copy pg_hba.conf
+  ansible.builtin.template:
+    src: pg_hba.conf.j2
+    dest: "{{ postgresql_pgdata }}/pg_hba.conf"
+    owner: postgres
+    mode: u=rw,go=
+  notify: Reload PostgreSQL
+
 - name: Ensure PostgreSQL is enabled and running
  ansible.builtin.service:
    name: "{{ postgresql_service }}"
--- a/roles/postgresql/templates/pg_hba.conf.j2
+++ b/roles/postgresql/templates/pg_hba.conf.j2
@ -0,0 +1,12 @@
+# THIS FILE IS MANAGED BY ANSIBLE
+# code: language=ansible-jinja
+
+# TYPE  DATABASE        USER                    ADDRESS                 METHOD
+local   all             all                                             scram-sha-256
+local   all             postgres                                        peer
+host    all             all                     127.0.0.1/32            scram-sha-256
+host    all             all                     ::1/128                 scram-sha-256
+
+{% for db in (databases | dict2items(key_name='name', value_name='vars')) %}
+host    {{ db.name }}   {{ db.vars.username }}  {{ internal_subnet }}   scram-sha-256
+{% endfor %}
--- a/roles/postgresql/templates/systemd-overrides/postgresql-14.service.j2
+++ b/roles/postgresql/templates/systemd-overrides/postgresql-14.service.j2
@ -1,3 +1,5 @@
+# THIS FILE IS MANAGED BY ANSIBLE
 # code: language=ansible-jinja
+
 [Service]
 Environment=PGDATA={{ postgresql_pgdata }}
--- a/roles/postgresql/templates/postgresql.conf.j2
+++ b/roles/postgresql/templates/postgresql.conf.j2
@ -0,0 +1,25 @@
+# THIS FILE IS MANAGED BY ANSIBLE
+# code: language=ansible-jinja
+
+# Common
+listen_addresses = '*'
+max_connections = 100
+shared_buffers = 128MB
+dynamic_shared_memory_type = posix
+password_encryption = scram-sha-256
+datestyle = 'iso, mdy'
+timezone = '{{ timezone }}'
+log_timezone = '{{ timezone }}'
+lc_messages = 'en_US.utf8'
+lc_monetary = 'en_US.utf8'
+lc_numeric = 'en_US.utf8'
+lc_time = 'en_US.utf8'
+
+# WAL settings
+wal_level = replica
+max_wal_size = 2GB
+min_wal_size = 80MB
+
+# Archiving
+archive_mode = on
+archive_command = 'test ! -f {{ postgresql_wal_archive }}/%f && cp %p {{ postgresql_wal_archive }}/%f'