roles/postgresql-server: Support SSL configuration

This commit adds a task to generate a PostgreSQL configuration file from
a template.  Previously, the default configuration file generated by
`initdb` was sufficient, but in order to enable SSL connections, some
changes to it are required.

Naturally, SSL connections require a server certificate, so the
*postgresql-server* role will now also copy certificate files to the
managed node, if any.

roles/postgresql-server/tasks/main.yml

@@ -16,7 +16,25 @@
   service:
     name=postgresql-setup
     state=started
+- name: ensure postgresql server certificate is installed
+  copy:
+    src: '{{ item }}'
+    dest: '{{ pgdata_dir }}/{{ item|basename }}'
+    owner: postgres
+    group: postgres
+    mode: 00600
+  with_fileglob: 'certs/postgresql/{{ inventory_hostname }}/*'
 
+- name: ensure postgresql server is configured
+  template:
+    src: '{{ item }}'
+    dest: '{{ pgdata_dir }}/postgresql.conf'
+    mode: '0600'
+  notify: restart postgresql server
+  with_first_found:
+  - ../templates/postgresql-{{ ansible_distribution }}-{{ ansible_distribution_version }}.conf.j2
+  - ../templates/postgresql-{{ ansible_distribution }}.conf.j2
+  - ../templates/postgresql.conf.j2
 - name: ensure postgresql identity mapping is configured
   template:
     src=pg_ident.conf.j2