dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity
Files
8bd07224226505b3125b9b205a05926d16e13c53
configpolicy/group_vars/postgresql.yml
Dustin C. Hatch 164d86d646 r/postgresql-data: Manage users and databases 
This role can ensure PostgreSQL users and databases are created for
applications that are not themselves managed by Ansible.  Notably, we
need to do this for anything deployed in Kubernetes that uses the
central database server.
2025-02-01 17:36:58 -06:00

75 lines
2.2 KiB
YAML
Raw Blame History

data_volumes:
- dev: /dev/vdb
fstype: ext4
mountpoint: /var/lib/pgsql
postgresql_cert_domain: postgresql.{{ ansible_domain }}
postgresql_cert_acme_email: '{{ ansible_hostname }}@pyrocufflink.net'
postgresql_cert_acme_server: https://ca.pyrocufflink.blue:32599/acme/acme/directory
postgresql_allow_remote: true
postgresql_allow_sameuser_peer: false
postgresql_config:
listen_addresses: '''*'''
ssl: 'on'
ssl_cert_file: '''{{ postgresql_config_dir }}/server.cer'''
ssl_key_file: '''{{ postgresql_config_dir }}/server.key'''
ssl_ca_file: '''{{ postgresql_config_dir }}/ca.crt'''
archive_mode: '''on'''
archive_timeout: 5min
archive_command: '''wal-g-pg --config /etc/postgresql/wal-g.yml wal-push %p'''
restore_command: '''wal-g-pg --config /etc/postgresql/wal-g.yml wal-fetch %f %p'''
hot_standby: 'on'
pg_hba_extra:
- type: local
database: all
user: postgres-exporter
address: ''
method: peer
- type: hostssl
database: sameuser
user: all
address: 0.0.0.0/0
method: cert
- type: hostssl
database: sameuser
user: all
address: '::/0'
method: cert
postgresql_restore_command: >-
runuser -u postgres --
wal-g-pg --config /etc/postgresql/wal-g.yml backup-fetch {{ pgdata_dir }} LATEST
wal_g_aws_access_key_id: fEbtYLSxFlqIcVtJQgnL
wal_g_aws_secret_access_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
61623564366563643739393364643030396263623537396136373361383735393037373531353435
6261613634363566633038383030316262336361653866330a363632356465323637356661303961
35303538323934383734303137336263346666633139343736353765373032333266373061326561
3232303964393663390a386463376166343032623139386530303631326165313962623738666265
38646664306637323336626264626339613363653139333439346231356664393330306235656162
3530393635306637336163663134626238396538373939383035
wal_g_pg_config:
AWS_ACCESS_KEY_ID: '{{ wal_g_aws_access_key_id }}'
AWS_SECRET_ACCESS_KEY: '{{ wal_g_aws_secret_access_key }}'
WALG_S3_PREFIX: s3://pgbackup/pyrocufflink/main/@PGVERSION@
AWS_ENDPOINT: https://s3.backups.pyrocufflink.blue
PGHOST: /run/postgresql
WALG_STATSD_ADDRESS: localhost:9125
postgresql_users:
- name: ara
- name: authelia
- name: firefly
- name: homeassistant
postgresql_dbs:
- name: ara
- name: authelia
- name: firefly
- name: homeassistant
Reference in New Issue View Git Blame Copy Permalink