mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-31 07:48:04 +02:00
Solved ooauth2 bugs and restructured postgres roile to implement extensions used by discourse
This commit is contained in:
@@ -1,8 +1,8 @@
|
||||
---
|
||||
- name: "Wait until Postgres is listening on port {{ database_port }}"
|
||||
- name: "Wait until Postgres is listening on port {{ postgres_port }}"
|
||||
wait_for:
|
||||
host: 127.0.0.1
|
||||
port: "{{ database_port }}"
|
||||
host: "{{ postgres_local_host }}"
|
||||
port: "{{ postgres_port }}"
|
||||
delay: 5
|
||||
timeout: 300
|
||||
state: started
|
||||
@@ -14,8 +14,8 @@
|
||||
state: present
|
||||
login_user: postgres
|
||||
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
|
||||
login_host: 127.0.0.1
|
||||
login_port: "{{ database_port }}"
|
||||
login_host: "{{ postgres_local_host }}"
|
||||
login_port: "{{ postgres_port }}"
|
||||
|
||||
# 2) Create the database user (with password)
|
||||
- name: "Create database user: {{ database_username }}"
|
||||
@@ -26,8 +26,8 @@
|
||||
state: present
|
||||
login_user: postgres
|
||||
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
|
||||
login_host: 127.0.0.1
|
||||
login_port: "{{ database_port }}"
|
||||
login_host: "{{ postgres_local_host }}"
|
||||
login_port: "{{ postgres_port }}"
|
||||
|
||||
# 3) Enable LOGIN for the role (removes NOLOGIN)
|
||||
- name: "Enable login for role {{ database_username }}"
|
||||
@@ -35,8 +35,8 @@
|
||||
db: postgres
|
||||
login_user: postgres
|
||||
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
|
||||
login_host: 127.0.0.1
|
||||
login_port: "{{ database_port }}"
|
||||
login_host: "{{ postgres_local_host }}"
|
||||
login_port: "{{ postgres_port }}"
|
||||
query: |
|
||||
ALTER ROLE "{{ database_username }}"
|
||||
WITH LOGIN;
|
||||
@@ -53,8 +53,8 @@
|
||||
state: present
|
||||
login_user: postgres
|
||||
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
|
||||
login_host: 127.0.0.1
|
||||
login_port: "{{ database_port }}"
|
||||
login_host: "{{ postgres_local_host }}"
|
||||
login_port: "{{ postgres_port }}"
|
||||
|
||||
# 5) Grant ALL privileges at the database level
|
||||
- name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
|
||||
@@ -66,8 +66,8 @@
|
||||
state: present
|
||||
login_user: postgres
|
||||
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
|
||||
login_host: 127.0.0.1
|
||||
login_port: "{{ database_port }}"
|
||||
login_host: "{{ postgres_local_host }}"
|
||||
login_port: "{{ postgres_port }}"
|
||||
|
||||
# 6) Grant USAGE/CREATE on schema and set default privileges
|
||||
- name: "Set comprehensive schema privileges for {{ database_username }}"
|
||||
@@ -75,8 +75,8 @@
|
||||
db: "{{ database_name }}"
|
||||
login_user: postgres
|
||||
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
|
||||
login_host: 127.0.0.1
|
||||
login_port: "{{ database_port }}"
|
||||
login_host: "{{ postgres_local_host }}"
|
||||
login_port: "{{ postgres_port }}"
|
||||
query: |
|
||||
GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
|
||||
GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
|
||||
@@ -91,10 +91,21 @@
|
||||
state: present
|
||||
login_user: postgres
|
||||
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
|
||||
login_host: 127.0.0.1
|
||||
login_port: "{{ database_port }}"
|
||||
login_host: "{{ postgres_local_host }}"
|
||||
login_port: "{{ postgres_port }}"
|
||||
loop:
|
||||
- postgis
|
||||
- pg_trgm
|
||||
- unaccent
|
||||
when: database_gis_enabled is defined and database_gis_enabled
|
||||
when: postgres_gis_enabled | bool
|
||||
|
||||
# 8) Ensure pgvector (vector) extension is installed (for Discourse‑AI, pgvector, …)
|
||||
- name: "Ensure pgvector (vector) extension is installed"
|
||||
community.postgresql.postgresql_ext:
|
||||
db: "{{ database_name }}"
|
||||
ext: vector
|
||||
state: present
|
||||
login_user: postgres
|
||||
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
|
||||
login_host: "{{ postgres_local_host }}"
|
||||
login_port: "{{ postgres_port }}"
|
||||
|
||||
@@ -6,28 +6,9 @@
|
||||
- subnet: "{{ postgres_subnet }}"
|
||||
when: run_once_svc_db_postgres is not defined
|
||||
|
||||
- name: Install PostgreSQL
|
||||
docker_container:
|
||||
name: "{{ postgres_name }}"
|
||||
image: "{{ postgres_image }}:{{ postgres_version }}"
|
||||
detach: yes
|
||||
env:
|
||||
POSTGRES_PASSWORD: "{{ postgres_password }}"
|
||||
POSTGRES_INITDB_ARGS: "--encoding=UTF8 --locale=C" # Necessary for web-app-matrix
|
||||
networks:
|
||||
- name: "{{ postgres_network_name }}"
|
||||
published_ports:
|
||||
- "127.0.0.1:{{ postgres_port }}:5432"
|
||||
volumes:
|
||||
- "{{ postgres_volume }}:/var/lib/postgresql/data"
|
||||
restart_policy: "{{ docker_restart_policy }}"
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
start_period: 30s
|
||||
register: setup_postgres_container_result
|
||||
- name: "include docker-compose role"
|
||||
include_role:
|
||||
name: docker-compose
|
||||
when: run_once_svc_db_postgres is not defined
|
||||
|
||||
- name: Wait for Postgres inside the container
|
||||
@@ -37,8 +18,6 @@
|
||||
retries: 30
|
||||
delay: 5
|
||||
when:
|
||||
- setup_postgres_container_result is defined
|
||||
- setup_postgres_container_result.changed
|
||||
- run_once_svc_db_postgres is not defined
|
||||
|
||||
- name: install python-psycopg2
|
||||
|
||||
Reference in New Issue
Block a user