feat: set up pg_hba.conf

defaults/main.yml

@@ -1,11 +1,33 @@
 ---
 pleroma_config_email: admin@localhost
+pleroma_config_notify_email: no_reply@{{ pleroma_config_host }}
 pleroma_config_host: pleroma.localhost
 pleroma_config_listeningPort: 4000
-pleroma_config_instanceName: "New Pleroma Instance"
+pleroma_config_instanceName: Pleroma
+pleroma_config_instanceDescription: "A new Pleroma instance."
 pleroma_config_characterLimit: 5000
 pleroma_config_registrationsOpen: "false"
 pleroma_config_dynamicConfiguration: "false"
+pleroma_config_healthCheck: "true"
+pleroma_config_logLevel: info
+pleroma_config_federating: "true"
 
-plerom_db_user: pleroma
+pleroma_db_user: pleroma
-plerom_db_name: pleroma_db
+pleroma_db_name: pleroma_db
+
+pleroma_db_hba:
+- type: local
+  database: postgres
+  user: postgres
+  address: ""
+  method: peer
+- type: local
+  database: "{{ pleroma_db_name }}"
+  user: postgres
+  address: ""
+  method: peer
+- type: host
+  database: "{{ pleroma_db_name }}"
+  user: "{{ pleroma_db_user }}"
+  address: 127.0.0.1/32
+  method: md5

handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart postgres
+  service:
+    name: postgresql
+    state: restarted

tasks/postgres.yml

@@ -11,16 +11,27 @@
     - setup
     creates: /var/lib/postgresql/11/data/postgresql.conf
 
-# TODO: Take a look at the postgres configuration file before going into production.
+# -----------------------------------
-# TODO: Take a look at pg_hba before going into production.
+# TODO: Take a look at the postgres
+# configuration file before going
+# into production.
+# -----------------------------------
+- name: Postgres -- Ensure that pg_hba.conf is configured.
+  template:
+    src: etc_postgresql_pg_hba.conf.j2
+    dest: /etc/postgresql/pg_hba.conf
+    owner: postgres
+    group: postgres
+    mode: '0400'
+  notify: restart postgres
 
-- name: Postgres -- Ensure that PostgreSQL is enabled and started
+- name: Postgres -- Ensure that PostgreSQL is enabled and started.
   service:
     name: postgresql
     enabled: yes
     state: started
 
-- name: waiting for Postgres to become available.
+- name: Postgres -- Ensuring that Postgres is available before continuing.
   wait_for:
     connect_timeout: 10
     delay: 5
@@ -29,22 +40,29 @@
     state: started
 
 - name: Postgres -- Ensuring that the database user {{ pleroma_db_user }} exists.
+  become_user: postgres
   postgresql_user:
     db: postgres
     encrypted: yes
     name: "{{ pleroma_db_user }}"
     password: "{{ pleroma_db_password }}"
     state: present
+  vars:
+    ansible_ssh_pipelining: true
 
 - name: Postgres -- Ensuring that the database {{ pleroma_db_name }} exists.
+  become_user: postgres
   postgresql_db:
     conn_limit: "20"
     encoding: UTF-8
     name: "{{ pleroma_db_name }}"
     owner: "{{ pleroma_db_user }}"
     state: present
+  vars:
+    ansible_ssh_pipelining: true
 
 - name: Postgres -- Ensuring the PostgreSQL extensions is added to the database.
+  become_user: postgres
   postgresql_ext:
     name: "{{ item }}"
     db: "{{ pleroma_db_name }}"
@@ -53,3 +71,5 @@
   - citext
   - pg_trgm
   - uuid-ossp
+  vars:
+    ansible_ssh_pipelining: true

templates/etc_postgresql_pg_hba.conf.j2

@@ -0,0 +1,4 @@
+# TYPE   DATABASE   USER      ADDRESS   METHOD
+{% for i in pleroma_db_hba %}
+{{ i.type }}   {{ i.database }}   {{ i.user }}   {{ i.address }}   {{ i.method }}
+{% endfor %}