feat: set up pg_hba.conf
This commit is contained in:
parent
a25aecbd72
commit
dde9b88088
4 changed files with 57 additions and 7 deletions
|
@ -1,11 +1,33 @@
|
|||
---
|
||||
pleroma_config_email: admin@localhost
|
||||
pleroma_config_notify_email: no_reply@{{ pleroma_config_host }}
|
||||
pleroma_config_host: pleroma.localhost
|
||||
pleroma_config_listeningPort: 4000
|
||||
pleroma_config_instanceName: "New Pleroma Instance"
|
||||
pleroma_config_instanceName: Pleroma
|
||||
pleroma_config_instanceDescription: "A new Pleroma instance."
|
||||
pleroma_config_characterLimit: 5000
|
||||
pleroma_config_registrationsOpen: "false"
|
||||
pleroma_config_dynamicConfiguration: "false"
|
||||
pleroma_config_healthCheck: "true"
|
||||
pleroma_config_logLevel: info
|
||||
pleroma_config_federating: "true"
|
||||
|
||||
plerom_db_user: pleroma
|
||||
plerom_db_name: pleroma_db
|
||||
pleroma_db_user: pleroma
|
||||
pleroma_db_name: pleroma_db
|
||||
|
||||
pleroma_db_hba:
|
||||
- type: local
|
||||
database: postgres
|
||||
user: postgres
|
||||
address: ""
|
||||
method: peer
|
||||
- type: local
|
||||
database: "{{ pleroma_db_name }}"
|
||||
user: postgres
|
||||
address: ""
|
||||
method: peer
|
||||
- type: host
|
||||
database: "{{ pleroma_db_name }}"
|
||||
user: "{{ pleroma_db_user }}"
|
||||
address: 127.0.0.1/32
|
||||
method: md5
|
||||
|
|
4
handlers/main.yml
Normal file
4
handlers/main.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
- name: restart postgres
|
||||
service:
|
||||
name: postgresql
|
||||
state: restarted
|
|
@ -11,16 +11,27 @@
|
|||
- setup
|
||||
creates: /var/lib/postgresql/11/data/postgresql.conf
|
||||
|
||||
# TODO: Take a look at the postgres configuration file before going into production.
|
||||
# TODO: Take a look at pg_hba before going into production.
|
||||
# -----------------------------------
|
||||
# TODO: Take a look at the postgres
|
||||
# configuration file before going
|
||||
# into production.
|
||||
# -----------------------------------
|
||||
- name: Postgres -- Ensure that pg_hba.conf is configured.
|
||||
template:
|
||||
src: etc_postgresql_pg_hba.conf.j2
|
||||
dest: /etc/postgresql/pg_hba.conf
|
||||
owner: postgres
|
||||
group: postgres
|
||||
mode: '0400'
|
||||
notify: restart postgres
|
||||
|
||||
- name: Postgres -- Ensure that PostgreSQL is enabled and started
|
||||
- name: Postgres -- Ensure that PostgreSQL is enabled and started.
|
||||
service:
|
||||
name: postgresql
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: waiting for Postgres to become available.
|
||||
- name: Postgres -- Ensuring that Postgres is available before continuing.
|
||||
wait_for:
|
||||
connect_timeout: 10
|
||||
delay: 5
|
||||
|
@ -29,22 +40,29 @@
|
|||
state: started
|
||||
|
||||
- name: Postgres -- Ensuring that the database user {{ pleroma_db_user }} exists.
|
||||
become_user: postgres
|
||||
postgresql_user:
|
||||
db: postgres
|
||||
encrypted: yes
|
||||
name: "{{ pleroma_db_user }}"
|
||||
password: "{{ pleroma_db_password }}"
|
||||
state: present
|
||||
vars:
|
||||
ansible_ssh_pipelining: true
|
||||
|
||||
- name: Postgres -- Ensuring that the database {{ pleroma_db_name }} exists.
|
||||
become_user: postgres
|
||||
postgresql_db:
|
||||
conn_limit: "20"
|
||||
encoding: UTF-8
|
||||
name: "{{ pleroma_db_name }}"
|
||||
owner: "{{ pleroma_db_user }}"
|
||||
state: present
|
||||
vars:
|
||||
ansible_ssh_pipelining: true
|
||||
|
||||
- name: Postgres -- Ensuring the PostgreSQL extensions is added to the database.
|
||||
become_user: postgres
|
||||
postgresql_ext:
|
||||
name: "{{ item }}"
|
||||
db: "{{ pleroma_db_name }}"
|
||||
|
@ -53,3 +71,5 @@
|
|||
- citext
|
||||
- pg_trgm
|
||||
- uuid-ossp
|
||||
vars:
|
||||
ansible_ssh_pipelining: true
|
||||
|
|
4
templates/etc_postgresql_pg_hba.conf.j2
Normal file
4
templates/etc_postgresql_pg_hba.conf.j2
Normal file
|
@ -0,0 +1,4 @@
|
|||
# TYPE DATABASE USER ADDRESS METHOD
|
||||
{% for i in pleroma_db_hba %}
|
||||
{{ i.type }} {{ i.database }} {{ i.user }} {{ i.address }} {{ i.method }}
|
||||
{% endfor %}
|
Reference in a new issue