From dde9b880885ac7fd41a70c579d135ebf027888d5 Mon Sep 17 00:00:00 2001 From: Dan Anglin Date: Fri, 4 Oct 2019 00:48:29 +0100 Subject: [PATCH] feat: set up pg_hba.conf --- defaults/main.yml | 28 ++++++++++++++++++++++--- handlers/main.yml | 4 ++++ tasks/postgres.yml | 28 +++++++++++++++++++++---- templates/etc_postgresql_pg_hba.conf.j2 | 4 ++++ 4 files changed, 57 insertions(+), 7 deletions(-) create mode 100644 handlers/main.yml create mode 100644 templates/etc_postgresql_pg_hba.conf.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 3ce9c29..b8f5665 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,11 +1,33 @@ --- pleroma_config_email: admin@localhost +pleroma_config_notify_email: no_reply@{{ pleroma_config_host }} pleroma_config_host: pleroma.localhost pleroma_config_listeningPort: 4000 -pleroma_config_instanceName: "New Pleroma Instance" +pleroma_config_instanceName: Pleroma +pleroma_config_instanceDescription: "A new Pleroma instance." pleroma_config_characterLimit: 5000 pleroma_config_registrationsOpen: "false" pleroma_config_dynamicConfiguration: "false" +pleroma_config_healthCheck: "true" +pleroma_config_logLevel: info +pleroma_config_federating: "true" -plerom_db_user: pleroma -plerom_db_name: pleroma_db +pleroma_db_user: pleroma +pleroma_db_name: pleroma_db + +pleroma_db_hba: +- type: local + database: postgres + user: postgres + address: "" + method: peer +- type: local + database: "{{ pleroma_db_name }}" + user: postgres + address: "" + method: peer +- type: host + database: "{{ pleroma_db_name }}" + user: "{{ pleroma_db_user }}" + address: 127.0.0.1/32 + method: md5 diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..c16a4e4 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart postgres + service: + name: postgresql + state: restarted diff --git a/tasks/postgres.yml b/tasks/postgres.yml index 8a841c9..15abcda 100644 --- a/tasks/postgres.yml +++ b/tasks/postgres.yml @@ -11,16 +11,27 @@ - setup creates: /var/lib/postgresql/11/data/postgresql.conf -# TODO: Take a look at the postgres configuration file before going into production. -# TODO: Take a look at pg_hba before going into production. +# ----------------------------------- +# TODO: Take a look at the postgres +# configuration file before going +# into production. +# ----------------------------------- +- name: Postgres -- Ensure that pg_hba.conf is configured. + template: + src: etc_postgresql_pg_hba.conf.j2 + dest: /etc/postgresql/pg_hba.conf + owner: postgres + group: postgres + mode: '0400' + notify: restart postgres -- name: Postgres -- Ensure that PostgreSQL is enabled and started +- name: Postgres -- Ensure that PostgreSQL is enabled and started. service: name: postgresql enabled: yes state: started -- name: waiting for Postgres to become available. +- name: Postgres -- Ensuring that Postgres is available before continuing. wait_for: connect_timeout: 10 delay: 5 @@ -29,22 +40,29 @@ state: started - name: Postgres -- Ensuring that the database user {{ pleroma_db_user }} exists. + become_user: postgres postgresql_user: db: postgres encrypted: yes name: "{{ pleroma_db_user }}" password: "{{ pleroma_db_password }}" state: present + vars: + ansible_ssh_pipelining: true - name: Postgres -- Ensuring that the database {{ pleroma_db_name }} exists. + become_user: postgres postgresql_db: conn_limit: "20" encoding: UTF-8 name: "{{ pleroma_db_name }}" owner: "{{ pleroma_db_user }}" state: present + vars: + ansible_ssh_pipelining: true - name: Postgres -- Ensuring the PostgreSQL extensions is added to the database. + become_user: postgres postgresql_ext: name: "{{ item }}" db: "{{ pleroma_db_name }}" @@ -53,3 +71,5 @@ - citext - pg_trgm - uuid-ossp + vars: + ansible_ssh_pipelining: true diff --git a/templates/etc_postgresql_pg_hba.conf.j2 b/templates/etc_postgresql_pg_hba.conf.j2 new file mode 100644 index 0000000..fda667b --- /dev/null +++ b/templates/etc_postgresql_pg_hba.conf.j2 @@ -0,0 +1,4 @@ +# TYPE DATABASE USER ADDRESS METHOD +{% for i in pleroma_db_hba %} +{{ i.type }} {{ i.database }} {{ i.user }} {{ i.address }} {{ i.method }} +{% endfor %}