Solved users recreated by backup restore bug

roles/docker-postgres/tasks/init_database.yml

@@ -1,3 +1,13 @@
+---
+- name: "Wait until Postgres is listening on port {{ database_port }}"
+  wait_for:
+    host: 127.0.0.1
+    port: "{{ database_port }}"
+    delay: 5
+    timeout: 300
+    state: started
+
+# 1) Create the database
 - name: "Create database: {{ database_name }}"
   postgresql_db:
     name: "{{ database_name }}"
@@ -5,8 +15,9 @@
     login_user: postgres
     login_password: "{{ applications[application_id].credentials.postgres_password }}"
     login_host: 127.0.0.1
-    login_port: "{{database_port}}"
+    login_port: "{{ database_port }}"
 
+# 2) Create the database user (with password)
 - name: "Create database user: {{ database_username }}"
   postgresql_user:
     name:           "{{ database_username }}"
@@ -16,68 +27,72 @@
     login_user:     postgres
     login_password: "{{ applications[application_id].credentials.postgres_password }}"
     login_host:     127.0.0.1
-    login_port:     "{{database_port}}"
+    login_port:     "{{ database_port }}"
 
-- name: "Set privileges for database user: {{ database_username }}"
+# 3) Enable LOGIN for the role (removes NOLOGIN)
+- name: "Enable login for role {{ database_username }}"
+  postgresql_query:
+    db: postgres
+    login_user: postgres
+    login_password: "{{ applications[application_id].credentials.postgres_password }}"
+    login_host: 127.0.0.1
+    login_port: "{{ database_port }}"
+    query: |
+      ALTER ROLE "{{ database_username }}"
+        WITH LOGIN;
+
+# 4) Grant ALL privileges on all tables in the public schema
+- name: "Grant ALL privileges on tables in public schema to {{ database_username }}"
   postgresql_privs:
-    db:             "{{ database_name }}"
-    role:           "{{ database_username }}"
-    objs:           ALL_IN_SCHEMA
-    privs:          ALL
-    type:           table
-    state:          present
+    db:     "{{ database_name }}"
+    role:   "{{ database_username }}"
+    objs:   ALL_IN_SCHEMA
+    privs:  ALL
+    type:   table
+    schema: public
+    state:  present
     login_user:     postgres
     login_password: "{{ applications[application_id].credentials.postgres_password }}"
     login_host:     127.0.0.1
-    login_port:     "{{database_port}}"
+    login_port:     "{{ database_port }}"
 
-- name: Grant all privileges at the database level
+# 5) Grant ALL privileges at the database level
+- name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
   postgresql_privs:
-    db: "{{ database_name }}"
-    role: "{{ database_username }}"
+    db:    "{{ database_name }}"
+    role:  "{{ database_username }}"
+    type:  database
     privs: ALL
-    type: database
     state: present
-    login_user: postgres
+    login_user:     postgres
     login_password: "{{ applications[application_id].credentials.postgres_password }}"
-    login_host: 127.0.0.1
-    login_port: "{{database_port}}"
+    login_host:     127.0.0.1
+    login_port:     "{{ database_port }}"
 
-- name: Grant all privileges on all tables in the public schema
-  postgresql_privs:
-    db: "{{ database_name }}"
-    role: "{{ database_username }}"
-    objs: ALL_IN_SCHEMA
-    privs: ALL
-    type: table
-    schema: public
-    state: present
-    login_user: postgres
-    login_password: "{{ applications[application_id].credentials.postgres_password }}"
-    login_host: 127.0.0.1
-    login_port: "{{database_port}}"
-
-- name: Set comprehensive privileges for user on public schema
+# 6) Grant USAGE/CREATE on schema and set default privileges
+- name: "Set comprehensive schema privileges for {{ database_username }}"
   postgresql_query:
     db: "{{ database_name }}"
     login_user: postgres
     login_password: "{{ applications[application_id].credentials.postgres_password }}"
     login_host: 127.0.0.1
-    login_port: "{{database_port}}"
-    query: |
-      GRANT USAGE ON SCHEMA public TO {{ database_username }};
-      GRANT CREATE ON SCHEMA public TO {{ database_username }};
-      ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {{ database_username }};
-
-- name: Ensure PostGIS-related extensions are installed
-  community.postgresql.postgresql_ext:
-    db: "{{ database_name }}"
-    ext: "{{ item }}"
-    state: present
-    login_user: postgres
-    login_password: "{{ applications[application_id].credentials.postgres_password }}"
-    login_host: 127.0.0.1
     login_port: "{{ database_port }}"
+    query: |
+      GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
+      GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
+      ALTER DEFAULT PRIVILEGES IN SCHEMA public
+        GRANT ALL PRIVILEGES ON TABLES TO "{{ database_username }}";
+
+# 7) Ensure PostGIS and related extensions are installed (if enabled)
+- name: "Ensure PostGIS-related extensions are installed"
+  community.postgresql.postgresql_ext:
+    db:         "{{ database_name }}"
+    ext:        "{{ item }}"
+    state:      present
+    login_user:     postgres
+    login_password: "{{ applications[application_id].credentials.postgres_password }}"
+    login_host:     127.0.0.1
+    login_port:     "{{ database_port }}"
   loop:
     - postgis
     - pg_trgm