kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-05 08:23:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/docker-postgres/tasks/init_database.yml

101 lines
3.5 KiB
YAML
Raw Blame History

---
- name: "Wait until Postgres is listening on port {{ database_port }}"
wait_for:
host: 127.0.0.1
port: "{{ database_port }}"
delay: 5
timeout: 300
state: started
# 1) Create the database
- name: "Create database: {{ database_name }}"
postgresql_db:
name: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
# 2) Create the database user (with password)
- name: "Create database user: {{ database_username }}"
postgresql_user:
name: "{{ database_username }}"
password: "{{ database_password }}"
db: "{{ database_name }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
# 3) Enable LOGIN for the role (removes NOLOGIN)
- name: "Enable login for role {{ database_username }}"
postgresql_query:
db: postgres
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
query: |
ALTER ROLE "{{ database_username }}"
WITH LOGIN;
# 4) Grant ALL privileges on all tables in the public schema
- name: "Grant ALL privileges on tables in public schema to {{ database_username }}"
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
objs: ALL_IN_SCHEMA
privs: ALL
type: table
schema: public
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
# 5) Grant ALL privileges at the database level
- name: "Grant all privileges on database {{ database_name }} to {{ database_username }}"
postgresql_privs:
db: "{{ database_name }}"
role: "{{ database_username }}"
type: database
privs: ALL
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
# 6) Grant USAGE/CREATE on schema and set default privileges
- name: "Set comprehensive schema privileges for {{ database_username }}"
postgresql_query:
db: "{{ database_name }}"
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
query: |
GRANT USAGE ON SCHEMA public TO "{{ database_username }}";
GRANT CREATE ON SCHEMA public TO "{{ database_username }}";
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT ALL PRIVILEGES ON TABLES TO "{{ database_username }}";
# 7) Ensure PostGIS and related extensions are installed (if enabled)
- name: "Ensure PostGIS-related extensions are installed"
community.postgresql.postgresql_ext:
db: "{{ database_name }}"
ext: "{{ item }}"
state: present
login_user: postgres
login_password: "{{ applications[application_id].credentials.postgres_password }}"
login_host: 127.0.0.1
login_port: "{{ database_port }}"
loop:
- postgis
- pg_trgm
- unaccent
when: database_gis_enabled is defined and database_gis_enabled
Reference in New Issue View Git Blame Copy Permalink