--- - name: Install apt packages ansible.builtin.apt: name: - python3-psycopg2 update_cache: yes state: present - name: Ensure required packages are installed apt: name: - curl - ca-certificates - postgresql-common state: present update_cache: yes - name: Create directory for PostgreSQL apt key file: path: /usr/share/postgresql-common/pgdg state: directory mode: '0755' - name: Download PostgreSQL signing key get_url: url: https://www.postgresql.org/media/keys/ACCC4CF8.asc dest: /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc mode: '0644' - name: Add PostgreSQL APT repository apt_repository: repo: "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt {{ ansible_distribution_release }}-pgdg main" filename: "pgdg" state: present update_cache: yes - name: Update apt cache apt: update_cache: yes - name: Install PostgreSQL 16 apt: name: postgresql-16 state: present - name: Start postgres ansible.builtin.systemd_service: name: postgresql@16-main state: started enabled: true - name: Create a new database with name "future_porn" community.postgresql.postgresql_db: name: future_porn become: true become_user: postgres - name: Create postgres user and set password community.postgresql.postgresql_user: name: postgres password: "{{ lookup('dotenv', 'DB_PASSWORD', file='../../../.env.production') }}" expires: infinity become: true become_user: postgres - name: Grant privs community.postgresql.postgresql_privs: login_db: "{{ lookup('dotenv', 'DB_NAME', file='../../../.env.production') }}" roles: "{{ lookup('dotenv', 'DB_USER', file='../../../.env.production') }}" type: schema objs: public privs: ALL become: true become_user: postgres - name: Allow access on Vultr VPC subnet community.postgresql.postgresql_pg_hba: dest: /etc/postgresql/16/main/pg_hba.conf contype: host users: all databases: all method: scram-sha-256 source: 10.2.112.0/20 keep_comments_at_rules: true comment: "Vultr VPC" - name: set listen_addresses community.postgresql.postgresql_alter_system: param: listen_addresses value: '*' become: true become_user: postgres - name: set port community.postgresql.postgresql_alter_system: param: port value: '5432' become: true become_user: postgres # - name: Setup volume # community.docker.docker_volume: # name: pg_data # - name: Setup docker container # community.docker.docker_container: # name: postgres # image: postgres:16 # pull: missing # state: started # ports: # - "0.0.0.0:5432:5432" # env: # POSTGRES_USER: "{{ lookup('dotenv', 'DB_USER', file='../../../../.env.production') }}" # POSTGRES_DB: "{{ lookup('dotenv', 'DB_PASSWORD', file='../../../../.env.production') }}" # POSTGRES_PASSWORD: "{{ lookup('dotenv', 'DB_PASSWORD', file='../../../../.env.production') }}" # mounts: # - type: volume # target: "/var/lib/postgresql/data" # source: "pg_data" - name: Set default UFW policy to deny incoming community.general.ufw: state: enabled policy: deny direction: incoming - name: Allow /20 subnet access for VPC community.general.ufw: rule: allow port: '5432' proto: tcp from: 10.2.112.0/20 # sudo ufw default deny incoming # - name: start pgweb # community.docker.docker_container: # name: pgweb # image: sosedoff/pgweb:latest # pull: missing # state: started # ports: # - "8091:8091" # env: # POSTGRES_USER: "postgres" # POSTGRES_DB: "our" # POSTGRES_PASSWORD: "{{ lookup('dotenv', 'DB_PASSWORD', file='../../../../.env.production') }}" # PGWEB_DATABASE_URL: "postgres://{{lookup('dotenv', 'DB_USER', file='../../../../.env.production'):{{lookup('dotenv', 'DB_PASSWORD', file='../../../../.env.production')@postgres:}}}}" # mounts: # - type: volume # target: "/var/lib/postgresql/data" # source: "pg_data" # pgweb: # container_name: out-pgweb # image: sosedoff/pgweb # depends_on: # postgres: # condition: service_healthy # environment: # PGWEB_DATABASE_URL: postgres://${DB_USER}:${DB_PASSWORD}@postgres:5432/${DB_NAME}?sslmode=disable # ports: # - "8091:8081" # healthcheck: # test: ["CMD", "curl", "-f", "http://localhost:8081"] # interval: 10s # retries: 5 # start_period: 10s # timeout: 10s