Solved ooauth2 bugs and restructured postgres roile to implement extensions used by discourse

roles/svc-db-postgres/tasks/init.yml

@@ -1,8 +1,8 @@
 ---
-- name: "Wait until Postgres is listening on port {{ database_port }}"
+- name: "Wait until Postgres is listening on port {{ postgres_port }}"
   wait_for:
-    host: 127.0.0.1
-    port: "{{ database_port }}"
+    host: "{{ postgres_local_host }}"
+    port: "{{ postgres_port }}"
     delay: 5
     timeout: 300
     state: started
@@ -14,8 +14,8 @@
     state: present
     login_user: postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host: 127.0.0.1
-    login_port: "{{ database_port }}"
+    login_host: "{{ postgres_local_host }}"
+    login_port: "{{ postgres_port }}"
 
 # 2) Create the database user (with password)
 - name: "Create database user: {{ database_username }}"
@@ -26,8 +26,8 @@
     state:          present
     login_user:     postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host:     127.0.0.1
-    login_port:     "{{ database_port }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
 
 # 3) Enable LOGIN for the role (removes NOLOGIN)
 - name: "Enable login for role {{ database_username }}"
@@ -35,8 +35,8 @@
     db: postgres
     login_user: postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host: 127.0.0.1
-    login_port: "{{ database_port }}"
+    login_host: "{{ postgres_local_host }}"
+    login_port: "{{ postgres_port }}"
     query: |
       ALTER ROLE "{{ database_username }}"
         WITH LOGIN;
@@ -53,8 +53,8 @@
     state:  present
     login_user:     postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host:     127.0.0.1
-    login_port:     "{{ database_port }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
 
 # 5) Grant ALL privileges at the database level
 - name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
@@ -66,8 +66,8 @@
     state: present
     login_user:     postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host:     127.0.0.1
-    login_port:     "{{ database_port }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
 
 # 6) Grant USAGE/CREATE on schema and set default privileges
 - name: "Set comprehensive schema privileges for {{ database_username }}"
@@ -75,8 +75,8 @@
     db: "{{ database_name }}"
     login_user: postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host: 127.0.0.1
-    login_port: "{{ database_port }}"
+    login_host: "{{ postgres_local_host }}"
+    login_port: "{{ postgres_port }}"
     query: |
       GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
       GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
@@ -91,10 +91,21 @@
     state:      present
     login_user:     postgres
     login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
-    login_host:     127.0.0.1
-    login_port:     "{{ database_port }}"
+    login_host:     "{{ postgres_local_host }}"
+    login_port:     "{{ postgres_port }}"
   loop:
     - postgis
     - pg_trgm
     - unaccent
-  when: database_gis_enabled is defined and database_gis_enabled
+  when: postgres_gis_enabled | bool
+
+# 8) Ensure pgvector (vector) extension is installed (for Discourse‑AI, pgvector, …)
+- name: "Ensure pgvector (vector) extension is installed"
+  community.postgresql.postgresql_ext:
+    db:           "{{ database_name }}"
+    ext:          vector
+    state:        present
+    login_user:   postgres
+    login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
+    login_host:   "{{ postgres_local_host }}"
+    login_port:   "{{ postgres_port }}"