kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-06 08:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Solved users recreated by backup restore bug

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-07-03 21:04:40 +02:00
parent a3fd74c2e0
commit 3600874223
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
1 changed files with 61 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
roles/docker-postgres/tasks/init_database.yml
View File

@ -1,3 +1,13 @@
---
- name: "Wait until Postgres is listening on port {{ database_port }}"
wait_for:
host: 127.0.0.1
port: "{{ database_port }}"
delay: 5
timeout: 300
state: started
# 1) Create the database
- name: "Create database: {{ database_name }}" - name: "Create database: {{ database_name }}"
postgresql_db: postgresql_db:
name: "{{ database_name }}" name: "{{ database_name }}"
@ -7,6 +17,7 @@
login_host: 127.0.0.1 login_host: 127.0.0.1
login_port: "{{ database_port }}" login_port: "{{ database_port }}"
# 2) Create the database user (with password)
- name: "Create database user: {{ database_username }}" - name: "Create database user: {{ database_username }}"
postgresql_user: postgresql_user:
name: "{{ database_username }}" name: "{{ database_username }}"
@ -18,32 +29,20 @@
login_host: 127.0.0.1 login_host: 127.0.0.1
login_port: "{{ database_port }}" login_port: "{{ database_port }}"
- name: "Set privileges for database user: {{ database_username }}" # 3) Enable LOGIN for the role (removes NOLOGIN)
postgresql_privs: - name: "Enable login for role {{ database_username }}"
db: "{{ database_name }}" postgresql_query:
role: "{{ database_username }}" db: postgres
objs: ALL_IN_SCHEMA
privs: ALL
type: table
state: present
login_user: postgres login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}" login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1 login_host: 127.0.0.1
login_port: "{{ database_port }}" login_port: "{{ database_port }}"
query: |
ALTER ROLE "{{ database_username }}"
WITH LOGIN;
- name: Grant all privileges at the database level # 4) Grant ALL privileges on all tables in the public schema
postgresql_privs: - name: "Grant ALL privileges on tables in public schema to {{ database_username }}"
db: "{{ database_name }}"
role: "{{ database_username }}"
privs: ALL
type: database
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
- name: Grant all privileges on all tables in the public schema
postgresql_privs: postgresql_privs:
db: "{{ database_name }}" db: "{{ database_name }}"
role: "{{ database_username }}" role: "{{ database_username }}"
@ -57,7 +56,21 @@
login_host: 127.0.0.1 login_host: 127.0.0.1
login_port: "{{ database_port }}" login_port: "{{ database_port }}"
- name: Set comprehensive privileges for user on public schema # 5) Grant ALL privileges at the database level
- name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
type: database
privs: ALL
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
# 6) Grant USAGE/CREATE on schema and set default privileges
- name: "Set comprehensive schema privileges for {{ database_username }}"
postgresql_query: postgresql_query:
db: "{{ database_name }}" db: "{{ database_name }}"
login_user: postgres login_user: postgres
@ -65,11 +78,13 @@
login_host: 127.0.0.1 login_host: 127.0.0.1
login_port: "{{ database_port }}" login_port: "{{ database_port }}"
query: | query: |
GRANT USAGE ON SCHEMA public TO {{ database_username }}; GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
GRANT CREATE ON SCHEMA public TO {{ database_username }}; GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {{ database_username }}; ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON TABLES TO "{{ database_username }}";
- name: Ensure PostGIS-related extensions are installed # 7) Ensure PostGIS and related extensions are installed (if enabled)
- name: "Ensure PostGIS-related extensions are installed"
community.postgresql.postgresql_ext: community.postgresql.postgresql_ext:
db: "{{ database_name }}" db: "{{ database_name }}"
ext: "{{ item }}" ext: "{{ item }}"