nextcloud: Move database to db0

Moving the Nextcloud database to the central PostgreSQL server will
allow it to take advantage of the monitoring and backups in place there.
For backups specifically, this will make it easier to switch from BURP
to Restic, since now only the contents of the filesystem need backed up.

The PostgreSQL server on _db0_ requires certificate authentication for
all clients.  The certificate for Nextcloud is stored in a Secret in
Kubernetes, so we need to use the _nextcloud-db-cert_ role to install
the script to fetch it.  Nextcloud configuration doesn't expose the
parameters for selecting the certificate and private key files, but
fortunately, they can be encoded in the value provided to the `host`
parameter, though it makes for a rather cumbersome value.

group_vars/nextcloud.yml

@@ -1,11 +1,5 @@
 nextcloud_server_name: nextcloud.pyrocufflink.net
 apache_server_name: '{{ nextcloud_server_name }}'
-pg_hba_extra:
-- type: host
-  database: nextcloud
-  user: nextcloud
-  address: ::1/128
-  method: md5
 nextcloud_trusted_proxies:
 - 127.0.0.1
 - ::1
@@ -20,5 +14,4 @@ nextcloud_smtp:
   port: 25
 dnf_automatic_exclude: nextcloud
 
-postgresql_config_dir: /var/lib/pgsql/data
-postgresql_allow_remote: false
+nextcloud_db_host: postgresql.pyrocufflink.blue;sslcert=/etc/nextcloud/postgresql.cer;sslkey=/etc/nextcloud/postgresql.key;sslrootcert=system;sslmode=verify-full

hosts

@@ -113,6 +113,9 @@ vmhost1.pyrocufflink.blue
 [nextcloud]
 cloud0.pyrocufflink.blue
 
+[nextcloud-db]
+db0.pyrocufflink.blue
+
 [ntpd]
 
 [nut-monitor:children]

nextcloud.yml

@@ -11,4 +11,6 @@
   - vault/nextcloud
   roles:
   - apache
+  - role: nextcloud-db-cert
+    tags: nextcloud-db-cert
   - nextcloud

vault/nextcloud

@@ -1,16 +1,65 @@
 $ANSIBLE_VAULT;1.1;AES256
-33653661376330396337623339373036633836393966663639653965353633643639333861336333
-3631336266646164333837336432626361656133623834360a303534313436343764653133306466
-31313939623336373939633336656337316636323732646535386334343765623363366231306635
-6566333633613066660a333338373164663831396335643537333161343563373264343362333831
-30613533373166396437313565643132663231383233373363366662376132366238613863336561
-32373765643232653035633238643164636666363863313064393739313662356637306565326139
-38636466666136633561313534633531323338363565383036323366306237643463376331386231
-66313932663930366631306533386563636137656464656461356136396130336630306233313638
-33306138326465626561323836386266616438643834643338363232616530616532376431323565
-65383432656466616236386461343435383064643966373363373433346265666139633634323630
-63383130313132333434393636333733653236346265353063656563663462336139663465323931
-34653430393836633763396365393234323937373633313832636535333031316130656137323364
-39393962666131343461313336373061643037363338643332656162633438326539316635393839
-38663761366230393033373762343663386566326566383934316162353734623137393462623835
-316662656538353965626234306438356466
+35373862343534306138396561373666303964623562366139613363306639313437353463353730
+3233363232366137363764316331356336663933343731610a363566663933383162303231346138
+37653864626165666633386265633137316634666664613931663138646334653063363562363566
+6166633336666165380a306132356139396364653632386138346465633733356164376437656361
+64336564386138616465623937666565326232303062373430363966346636356665363936396339
+62623862653433616463316262393837353064613736626637396233306265613832643365393531
+35313337323431653234343361663766383065363865356161623731633239633465656134653165
+62333961393237376166623361636637346330313761303165316431353130656632653464386232
+30343433636334373263353762313738306131626439356363373632316634613835373563346232
+64313034386434653235623935363535623366393365626363393265353365386461383862653835
+37623732343234663635333665653065383561393632326263383364353135373935616630393836
+33323562303862326566356631613634323566626564663161613632303537643935616463633363
+64376530356338316132353361383536666539613531613638343864643966323362373730353061
+66303439376461303732393232323732383665633539306235303863363833346661373230366363
+66346164373330653636633735393938343537356231323366323134356138376336383461383731
+39613762653532303630363566376333376632343733656365386231326161303331383830393733
+61653237373239633566323864616138383832353563613835363135643736636361366238663932
+63623165316433613336363663623636313263356535356666663438376664333739323361636130
+30663036363763663835313933653238633437633830653165643563663933373333303337313732
+39653730353633383735353631333634303530326139336362356539393163386130656261633739
+33393066613665356239373163396263363733643164326339383137333439333866656566333862
+64616163336639313262666634333734633239663233316138646661356163346165306562663631
+33316164396331326463353264383266613062646463633634653163356661343766623031333736
+61333339613563613230663537383062643964366162313562393564656133643462393565623437
+36613165383635653330656130326564616637386334613635643230663264343036313236356265
+31343036613935323739653332346630363433353263306464303339653261373339376233663264
+32346463636535623032613333386238636461643066383533623963383332613936373139393363
+65666564353662363832326337396331663631313333306363636330343835656532653430383264
+36376235363162663964333338613765346638353730633130656432366236396432303730636137
+33306364656637663332343738343135343761663630633132363661316161346336343730393865
+63623335323633626161316537313562363737313036346438373463643865653636653739316337
+61663131366234383833346163356363643137666366333061323634366431653633386332613330
+65316266363866636663643830326138663035393730626332646531366666396566383736626363
+39643633363765353531323336626434396464383332383061336165366164663437386565616262
+32363738343937336430393132656136623838393865626632383061663565346564313939623563
+61356661386363303436376139316437666430353730383935626431396566353634363065633563
+30366465356363396632656661623439326538626233363632303963666231663539646139353865
+37633132643661616661313330653361363630303164333162313062646236366362336639396338
+66663864353763326163326466663237363131383330326135643265363739346361623939363131
+65373034313937663765326336383830356436333465663962393630623133363961653533363335
+34363034613465363238393739656361303833376264626333363464386461306437636430363863
+36306639313236663561663939656336363233306462333033386363363966646237633064623836
+63333562373839633964306362376230626436336134353730333135323862653436353566656436
+38666566383831623664633530663034343433636539613365663230353061633962323931306333
+33363863343664373661623265393938336163376139666465636433396333643336646236373861
+35653733626166396466396565313438366537643234313564303033396433363137626231303136
+36636237346631633237336361666564383131366134386232666538343965633438366661313662
+30336537646330623364643666633938383332323533333032356130343132363134333639646231
+62366631383739313330313566363565666230316636323565653334366665396334383431633730
+35626538306232303833656262346435383863383639383661666536356563396465653335323265
+34396530356437653862376164393133616663616162663038343731373561323636356338336361
+61613934333833353534643566663266356537336163353436383538646338343939336234636562
+63663664346433666639383664306232646136636235643337656161663664616234666437626461
+61343563656362663438613934386538346466373438633838303533343566326561313133303031
+37646262626139336265636230613230353035366363613138376166326261646136333038613265
+61373663653736376535353363323266383663303234316430386436376566636337353233336235
+36306162666630326666383235306562313264363562393464623839653566393531393830316666
+37366462626135353965306462313435373539336664346135643634303339306438613161636335
+32393663663731313865333733656166626265363463373936616635313234353132343036396539
+62643835376439323134303434616434313733633963656433303336396662343262626232313437
+39336364323030633935613534366430623761313762323164356263386132663364663631313535
+66663564623235373836393533376331363664666166313365313233373538316530626231383162
+34373331346136646236346533373137663832323263303439383331613034393433326363383237
+62643833343731313536