kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-25 09:41:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/svc-db-postgres/tasks/init.yml

112 lines
4.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
- name: "Wait until Postgres is listening on port {{ postgres_port }}"
wait_for:
host: "{{ postgres_local_host }}"
port: "{{ postgres_port }}"
delay: 5
timeout: 300
state: started
# 1) Create the database
- name: "Create database: {{ database_name }}"
postgresql_db:
name: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: "{{ postgres_local_host }}"
login_port: "{{ postgres_port }}"
# 2) Create the database user (with password)
- name: "Create database user: {{ database_username }}"
postgresql_user:
name: "{{ database_username }}"
password: "{{ database_password }}"
db: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: "{{ postgres_local_host }}"
login_port: "{{ postgres_port }}"
# 3) Enable LOGIN for the role (removes NOLOGIN)
- name: "Enable login for role {{ database_username }}"
postgresql_query:
db: postgres
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: "{{ postgres_local_host }}"
login_port: "{{ postgres_port }}"
query: |
ALTER ROLE "{{ database_username }}"
WITH LOGIN;
# 4) Grant ALL privileges on all tables in the public schema
- name: "Grant ALL privileges on tables in public schema to {{ database_username }}"
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
objs: ALL_IN_SCHEMA
privs: ALL
type: table
schema: public
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: "{{ postgres_local_host }}"
login_port: "{{ postgres_port }}"
# 5) Grant ALL privileges at the database level
- name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
type: database
privs: ALL
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: "{{ postgres_local_host }}"
login_port: "{{ postgres_port }}"
# 6) Grant USAGE/CREATE on schema and set default privileges
- name: "Set comprehensive schema privileges for {{ database_username }}"
postgresql_query:
db: "{{ database_name }}"
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: "{{ postgres_local_host }}"
login_port: "{{ postgres_port }}"
query: |
GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON TABLES TO "{{ database_username }}";
# 7) Ensure PostGIS and related extensions are installed (if enabled)
- name: "Ensure PostGIS-related extensions are installed"
community.postgresql.postgresql_ext:
db: "{{ database_name }}"
ext: "{{ item }}"
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: "{{ postgres_local_host }}"
login_port: "{{ postgres_port }}"
loop:
- postgis
- pg_trgm
- unaccent
when: postgres_gis_enabled | bool
# 8) Ensure pgvector (vector) extension is installed (for DiscourseAI, pgvector, …)
- name: "Ensure pgvector (vector) extension is installed"
community.postgresql.postgresql_ext:
db: "{{ database_name }}"
ext: vector
state: present
login_user: postgres
login_password: "{{ applications | get_app_conf(application_id, 'credentials.postgres_password', True) }}"
login_host: "{{ postgres_local_host }}"
login_port: "{{ postgres_port }}"
Reference in New Issue View Git Blame Copy Permalink