data_volumes:
- dev: /dev/vdb
  fstype: ext4
  mountpoint: /var/lib/pgsql

postgresql_cert_domain: postgresql.{{ ansible_domain }}
postgresql_cert_acme_email: '{{ ansible_hostname }}@pyrocufflink.net'
postgresql_cert_acme_server: https://ca.pyrocufflink.blue:32599/acme/acme/directory
postgresql_allow_remote: true
postgresql_allow_sameuser_peer: false

postgresql_config:
  listen_addresses: '''*'''
  ssl: 'on'
  ssl_cert_file: '''{{ postgresql_config_dir }}/server.cer'''
  ssl_key_file: '''{{ postgresql_config_dir }}/server.key'''
  ssl_ca_file: '''{{ postgresql_config_dir }}/ca.crt'''

  archive_mode: '''on'''
  archive_timeout: 5min
  archive_command: '''wal-g-pg --config /etc/postgresql/wal-g.yml wal-push %p'''
  restore_command: '''wal-g-pg --config /etc/postgresql/wal-g.yml wal-fetch %f %p'''
  hot_standby: 'on'

pg_hba_extra:
- type: local
  database: all
  user: postgres-exporter
  address: ''
  method: peer
- type: hostssl
  database: sameuser
  user: all
  address: 0.0.0.0/0
  method: cert

postgresql_restore_command: >-
  runuser -u postgres --
  wal-g-pg --config /etc/postgresql/wal-g.yml backup-fetch {{ pgdata_dir }} LATEST

wal_g_aws_access_key_id: fEbtYLSxFlqIcVtJQgnL
wal_g_aws_secret_access_key: !vault |
  $ANSIBLE_VAULT;1.1;AES256
  61623564366563643739393364643030396263623537396136373361383735393037373531353435
  6261613634363566633038383030316262336361653866330a363632356465323637356661303961
  35303538323934383734303137336263346666633139343736353765373032333266373061326561
  3232303964393663390a386463376166343032623139386530303631326165313962623738666265
  38646664306637323336626264626339613363653139333439346231356664393330306235656162
  3530393635306637336163663134626238396538373939383035

wal_g_pg_config:
  AWS_ACCESS_KEY_ID: '{{ wal_g_aws_access_key_id }}'
  AWS_SECRET_ACCESS_KEY: '{{ wal_g_aws_secret_access_key }}'
  WALG_S3_PREFIX: s3://pgbackup/pyrocufflink/main/15
  AWS_ENDPOINT: https://s3.backups.pyrocufflink.blue
  PGHOST: /run/postgresql