kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-06 00:33:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

Solved users recreated by backup restore bug

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-07-03 21:04:40 +02:00
parent a3fd74c2e0
commit 3600874223
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
1 changed files with 61 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
roles/docker-postgres/tasks/init_database.yml
View File

@ -1,3 +1,13 @@
---
- name: "Wait until Postgres is listening on port {{ database_port }}"
wait_for:
host: 127.0.0.1
port: "{{ database_port }}"
delay: 5
timeout: 300
state: started
# 1) Create the database
- name: "Create database: {{ database_name }}" - name: "Create database: {{ database_name }}"
postgresql_db: postgresql_db:
name: "{{ database_name }}" name: "{{ database_name }}"
@ -5,8 +15,9 @@
login_user: postgres login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}" login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1 login_host: 127.0.0.1
login_port: "{{database_port}}" login_port: "{{ database_port }}"
# 2) Create the database user (with password)
- name: "Create database user: {{ database_username }}" - name: "Create database user: {{ database_username }}"
postgresql_user: postgresql_user:
name: "{{ database_username }}" name: "{{ database_username }}"
@ -16,68 +27,72 @@
login_user: postgres login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}" login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1 login_host: 127.0.0.1
login_port: "{{database_port}}" login_port: "{{ database_port }}"
- name: "Set privileges for database user: {{ database_username }}" # 3) Enable LOGIN for the role (removes NOLOGIN)
- name: "Enable login for role {{ database_username }}"
postgresql_query:
db: postgres
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
query: |
ALTER ROLE "{{ database_username }}"
WITH LOGIN;
# 4) Grant ALL privileges on all tables in the public schema
- name: "Grant ALL privileges on tables in public schema to {{ database_username }}"
postgresql_privs: postgresql_privs:
db: "{{ database_name }}" db: "{{ database_name }}"
role: "{{ database_username }}" role: "{{ database_username }}"
objs: ALL_IN_SCHEMA objs: ALL_IN_SCHEMA
privs: ALL privs: ALL
type: table type: table
state: present schema: public
state: present
login_user: postgres login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}" login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1 login_host: 127.0.0.1
login_port: "{{database_port}}" login_port: "{{ database_port }}"
- name: Grant all privileges at the database level # 5) Grant ALL privileges at the database level
- name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
postgresql_privs: postgresql_privs:
db: "{{ database_name }}" db: "{{ database_name }}"
role: "{{ database_username }}" role: "{{ database_username }}"
type: database
privs: ALL privs: ALL
type: database
state: present state: present
login_user: postgres login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}" login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1 login_host: 127.0.0.1
login_port: "{{database_port}}" login_port: "{{ database_port }}"
- name: Grant all privileges on all tables in the public schema # 6) Grant USAGE/CREATE on schema and set default privileges
postgresql_privs: - name: "Set comprehensive schema privileges for {{ database_username }}"
db: "{{ database_name }}"
role: "{{ database_username }}"
objs: ALL_IN_SCHEMA
privs: ALL
type: table
schema: public
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{database_port}}"
- name: Set comprehensive privileges for user on public schema
postgresql_query: postgresql_query:
db: "{{ database_name }}" db: "{{ database_name }}"
login_user: postgres login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}" login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1 login_host: 127.0.0.1
login_port: "{{database_port}}"
query: |
GRANT USAGE ON SCHEMA public TO {{ database_username }};
GRANT CREATE ON SCHEMA public TO {{ database_username }};
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {{ database_username }};
- name: Ensure PostGIS-related extensions are installed
community.postgresql.postgresql_ext:
db: "{{ database_name }}"
ext: "{{ item }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}" login_port: "{{ database_port }}"
query: |
GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON TABLES TO "{{ database_username }}";
# 7) Ensure PostGIS and related extensions are installed (if enabled)
- name: "Ensure PostGIS-related extensions are installed"
community.postgresql.postgresql_ext:
db: "{{ database_name }}"
ext: "{{ item }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
loop: loop:
- postgis - postgis
- pg_trgm - pg_trgm