futureporn/fp
1
0
Fork 0
Code Issues 33 Pull Requests Actions Packages Projects Releases Wiki Activity
fp/ansible/roles/database/tasks/main.yml
CJ_Clippy 4a9a04ee86
Some checks failed
ci / build (push) Failing after 0s
Details
ci / Tests & Checks (push) Failing after 1s
Details
add vcsi to requirements
2025-07-19 11:47:22 -08:00

179 lines
4.5 KiB
YAML
Raw Blame History

---
- name: Install apt packages
ansible.builtin.apt:
name:
- python3-psycopg2
update_cache: yes
state: present
- name: Ensure required packages are installed
apt:
name:
- curl
- ca-certificates
- postgresql-common
state: present
update_cache: yes
- name: Create directory for PostgreSQL apt key
file:
path: /usr/share/postgresql-common/pgdg
state: directory
mode: '0755'
- name: Download PostgreSQL signing key
get_url:
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
dest: /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc
mode: '0644'
- name: Add PostgreSQL APT repository
apt_repository:
repo: "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt {{ ansible_distribution_release }}-pgdg main"
filename: "pgdg"
state: present
update_cache: yes
- name: Update apt cache
apt:
update_cache: yes
- name: Install PostgreSQL 16
apt:
name: postgresql-16
state: present
- name: Start postgres
ansible.builtin.systemd_service:
name: postgresql@16-main
state: started
enabled: true
- name: Create a new database with name "future_porn"
community.postgresql.postgresql_db:
name: future_porn
become: true
become_user: postgres
- name: Create postgres user and set password
community.postgresql.postgresql_user:
name: postgres
password: "{{ lookup('dotenv', 'DB_PASSWORD', file='../../../.env.production') }}"
expires: infinity
become: true
become_user: postgres
- name: Grant privs
community.postgresql.postgresql_privs:
login_db: "{{ lookup('dotenv', 'DB_NAME', file='../../../.env.production') }}"
roles: "{{ lookup('dotenv', 'DB_USER', file='../../../.env.production') }}"
type: schema
objs: public
privs: ALL
become: true
become_user: postgres
- name: Allow access on Vultr VPC subnet
community.postgresql.postgresql_pg_hba:
dest: /etc/postgresql/16/main/pg_hba.conf
contype: host
users: all
databases: all
method: scram-sha-256
source: 10.2.112.0/20
keep_comments_at_rules: true
comment: "Vultr VPC"
- name: set listen_addresses
community.postgresql.postgresql_alter_system:
param: listen_addresses
value: '*'
become: true
become_user: postgres
- name: set port
community.postgresql.postgresql_alter_system:
param: port
value: '5432'
become: true
become_user: postgres
# - name: Setup volume
# community.docker.docker_volume:
# name: pg_data
# - name: Setup docker container
# community.docker.docker_container:
# name: postgres
# image: postgres:16
# pull: missing
# state: started
# ports:
# - "0.0.0.0:5432:5432"
# env:
# POSTGRES_USER: "{{ lookup('dotenv', 'DB_USER', file='../../../../.env.production') }}"
# POSTGRES_DB: "{{ lookup('dotenv', 'DB_PASSWORD', file='../../../../.env.production') }}"
# POSTGRES_PASSWORD: "{{ lookup('dotenv', 'DB_PASSWORD', file='../../../../.env.production') }}"
# mounts:
# - type: volume
# target: "/var/lib/postgresql/data"
# source: "pg_data"
- name: Set default UFW policy to deny incoming
community.general.ufw:
state: enabled
policy: deny
direction: incoming
- name: Allow /20 subnet access for VPC
community.general.ufw:
rule: allow
port: '5432'
proto: tcp
from: 10.2.112.0/20
# sudo ufw default deny incoming
# - name: start pgweb
# community.docker.docker_container:
# name: pgweb
# image: sosedoff/pgweb:latest
# pull: missing
# state: started
# ports:
# - "8091:8091"
# env:
# POSTGRES_USER: "postgres"
# POSTGRES_DB: "our"
# POSTGRES_PASSWORD: "{{ lookup('dotenv', 'DB_PASSWORD', file='../../../../.env.production') }}"
# PGWEB_DATABASE_URL: "postgres://{{lookup('dotenv', 'DB_USER', file='../../../../.env.production'):{{lookup('dotenv', 'DB_PASSWORD', file='../../../../.env.production')@postgres:}}}}"
# mounts:
# - type: volume
# target: "/var/lib/postgresql/data"
# source: "pg_data"
# pgweb:
# container_name: out-pgweb
# image: sosedoff/pgweb
# depends_on:
# postgres:
# condition: service_healthy
# environment:
# PGWEB_DATABASE_URL: postgres://${DB_USER}:${DB_PASSWORD}@postgres:5432/${DB_NAME}?sslmode=disable
# ports:
# - "8091:8081"
# healthcheck:
# test: ["CMD", "curl", "-f", "http://localhost:8081"]
# interval: 10s
# retries: 5
# start_period: 10s
# timeout: 10s
Reference in New Issue View Git Blame Copy Permalink