Solved ooauth2 bugs and restructured postgres roile to implement extensions used by discourse

roles/svc-db-postgres/defaults/main.yml

@@ -0,0 +1 @@
+postgres_gis_enabled: false # Needed by mobilizon

roles/svc-db-postgres/tasks/init.yml

@@ -1,8 +1,8 @@
 ---
-- name: "Wait until Postgres is listening on port {{ database_port }}"
+- name: "Wait until Postgres is listening on port {{ postgres_port }}"
   wait_for:
-    host: 127.0.0.1
-    port: "{{ database_port }}"
+    host: "{{ postgres_local_host }}"
+    port: "{{ postgres_port }}"
     delay: 5
     timeout: 300
     state: started
@@ -14,8 +14,8 @@
     state: present
     login_user: postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host: 127.0.0.1
-    login_port: "{{ database_port }}"
+    login_host: "{{ postgres_local_host }}"
+    login_port: "{{ postgres_port }}"
 
 # 2) Create the database user (with password)
 - name: "Create database user: {{ database_username }}"
@@ -26,8 +26,8 @@
     state:          present
     login_user:     postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host:     127.0.0.1
-    login_port:     "{{ database_port }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
 
 # 3) Enable LOGIN for the role (removes NOLOGIN)
 - name: "Enable login for role {{ database_username }}"
@@ -35,8 +35,8 @@
     db: postgres
     login_user: postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host: 127.0.0.1
-    login_port: "{{ database_port }}"
+    login_host: "{{ postgres_local_host }}"
+    login_port: "{{ postgres_port }}"
     query: |
       ALTER ROLE "{{ database_username }}"
         WITH LOGIN;
@@ -53,8 +53,8 @@
     state:  present
     login_user:     postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host:     127.0.0.1
-    login_port:     "{{ database_port }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
 
 # 5) Grant ALL privileges at the database level
 - name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
@@ -66,8 +66,8 @@
     state: present
     login_user:     postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host:     127.0.0.1
-    login_port:     "{{ database_port }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
 
 # 6) Grant USAGE/CREATE on schema and set default privileges
 - name: "Set comprehensive schema privileges for {{ database_username }}"
@@ -75,8 +75,8 @@
     db: "{{ database_name }}"
     login_user: postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host: 127.0.0.1
-    login_port: "{{ database_port }}"
+    login_host: "{{ postgres_local_host }}"
+    login_port: "{{ postgres_port }}"
     query: |
       GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
       GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
@@ -91,10 +91,21 @@
     state:      present
     login_user:     postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host:     127.0.0.1
-    login_port:     "{{ database_port }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
   loop:
     - postgis
     - pg_trgm
     - unaccent
-  when: database_gis_enabled is defined and database_gis_enabled
+  when: postgres_gis_enabled | bool
+
+# 8) Ensure pgvector (vector) extension is installed (for Discourse‑AI, pgvector, …)
+- name: "Ensure pgvector (vector) extension is installed"
+  community.postgresql.postgresql_ext:
+    db:           "{{ database_name }}"
+    ext:          vector
+    state:        present
+    login_user:   postgres
+    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
+    login_host:   "{{ postgres_local_host }}"
+    login_port:   "{{ postgres_port }}"

roles/svc-db-postgres/tasks/main.yml

@@ -6,28 +6,9 @@
       - subnet: "{{ postgres_subnet }}"
   when: run_once_svc_db_postgres is not defined
 
-- name: Install PostgreSQL
-  docker_container:
-    name: "{{ postgres_name }}"
-    image: "{{ postgres_image }}:{{ postgres_version }}"
-    detach: yes
-    env:
-      POSTGRES_PASSWORD: "{{ postgres_password }}"
-      POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C" # Necessary for web-app-matrix
-    networks:
-      - name: "{{ postgres_network_name }}"
-    published_ports:
-      - "127.0.0.1:{{ postgres_port }}:5432"
-    volumes:
-      - "{{ postgres_volume }}:/var/lib/postgresql/data"
-    restart_policy: "{{ docker_restart_policy }}"
-    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U postgres"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-      start_period: 30s
-  register: setup_postgres_container_result
+- name: "include docker-compose role"
+  include_role: 
+    name: docker-compose
   when: run_once_svc_db_postgres is not defined
 
 - name: Wait for Postgres inside the container
@@ -37,8 +18,6 @@
   retries: 30
   delay: 5
   when:
-    - setup_postgres_container_result is defined
-    - setup_postgres_container_result.changed
     - run_once_svc_db_postgres is not defined
 
 - name: install python-psycopg2

roles/svc-db-postgres/templates/Dockerfile.j2

@@ -0,0 +1,22 @@
+FROM {{ postgres_image }}:{{ postgres_version }}
+
+{% if postgres_pg_vector_enabled %}
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends \
+      build-essential \
+      git \
+      postgresql-server-dev-all \
+ && git clone https://github.com/pgvector/pgvector.git /tmp/pgvector \
+ && cd /tmp/pgvector \
+ && make \
+ && make install \
+ && rm -rf /tmp/pgvector \
+ && apt-get purge -y --auto-remove git build-essential \
+ && rm -rf /var/lib/apt/lists/*
+{% endif %}
+
+HEALTHCHECK --interval=10s \
+            --timeout=5s \
+            --start-period=15m \
+            --retries=5 \
+  CMD pg_isready -U postgres || exit 1

roles/svc-db-postgres/templates/docker-compose.yml.j2

@@ -0,0 +1,22 @@
+{% include 'roles/docker-compose/templates/base.yml.j2' %}
+
+  postgres:
+    container_name:   "{{ postgres_name }}"
+    image:            "{{ postgres_custom_image_name }}"
+    build:
+      context: .
+      dockerfile: Dockerfile
+{% include 'roles/docker-container/templates/base.yml.j2' %}
+{% if postgres_expose_local %}
+    ports: 
+      - "{{ postgres_local_host }}:{{ postgres_port }}:5432"
+{% endif %}
+    volumes:
+      - "data:/var/lib/postgresql/data"
+{% include 'roles/docker-container/templates/networks.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+    name: "{{ postgres_volume }}"
+
+{% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/svc-db-postgres/templates/env.j2

@@ -0,0 +1,3 @@
+POSTGRES_PASSWORD="{{ postgres_password }}"
+# Necessary for web-app-matrix
+POSTGRES_INITDB_ARGS="--encoding=UTF8 --locale=C"

roles/svc-db-postgres/vars/main.yml

@@ -1,10 +1,20 @@
-application_id:         svc-db-postgres
-postgres_volume:        "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
-postgres_name:          "{{ applications | get_app_conf(application_id, 'docker.services.postgres.name', True) }}"
-postgres_image:         "{{ applications | get_app_conf(application_id, 'docker.services.postgres.image', True) }}"
-postgres_subnet:        "{{ networks.local['svc-db-postgres'].subnet }}"
-postgres_network_name:  "{{ applications | get_app_conf(application_id, 'docker.network', True) }}"
-postgres_version:       "{{ applications | get_app_conf(application_id, 'docker.services.postgres.version', True) }}"
-postgres_password:      "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-postgres_port:          "{{ database_port | default(ports.localhost.database[ application_id ]) }}"
-postgres_init:          "{{ database_username is defined and database_password is defined and database_name is defined }}"
+# General
+application_id:                 svc-db-postgres
+
+# Docker
+docker_compose_flush_handlers:  true
+
+## Postgres
+postgres_volume:                "{{ applications | get_app_conf(application_id, 'docker.volumes.data', True) }}"
+postgres_name:                  "{{ applications | get_app_conf(application_id, 'docker.services.postgres.name', True) }}"
+postgres_image:                 "{{ applications | get_app_conf(application_id, 'docker.services.postgres.image', True) }}"
+postgres_subnet:                "{{ networks.local['svc-db-postgres'].subnet }}"
+postgres_network_name:          "{{ applications | get_app_conf(application_id, 'docker.network', True) }}"
+postgres_version:               "{{ applications | get_app_conf(application_id, 'docker.services.postgres.version', True) }}"
+postgres_password:              "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
+postgres_port:                  "{{ database_port | default(ports.localhost.database[ application_id ]) }}"
+postgres_init:                  "{{ database_username is defined and database_password is defined and database_name is defined }}"
+postgres_expose_local:          True # Exposes the db to localhost, almost everytime neccessary
+postgres_custom_image_name:     "postgres_custom"
+postgres_local_host:            "127.0.0.1"
+postgres_pg_vector_enabled:     True # Required by discourse, propably in a later step it makes sense to define this as a configuration option in config/main.yml