computer-playbook/roles/docker-postgres/tasks/init_database.yml

- name: "Create database: {{ database_name }}"
  postgresql_db:
    name: "{{ database_name }}"
    state: present
    login_user: postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host: 127.0.0.1
    login_port: "{{database_port}}"

- name: "Create database user: {{ database_username }}"
  postgresql_user:
    name:           "{{ database_username }}"
    password:       "{{ database_password }}"
    db:             "{{ database_name }}"
    state:          present
    login_user:     postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host:     127.0.0.1
    login_port:     "{{database_port}}"

- name: "Set privileges for database user: {{ database_username }}"
  postgresql_privs:
    db:             "{{ database_name }}"
    role:           "{{ database_username }}"
    objs:           ALL_IN_SCHEMA
    privs:          ALL
    type:           table
    state:          present
    login_user:     postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host:     127.0.0.1
    login_port:     "{{database_port}}"

- name: Grant all privileges at the database level
  postgresql_privs:
    db: "{{ database_name }}"
    role: "{{ database_username }}"
    privs: ALL
    type: database
    state: present
    login_user: postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host: 127.0.0.1
    login_port: "{{database_port}}"

- name: Grant all privileges on all tables in the public schema
  postgresql_privs:
    db: "{{ database_name }}"
    role: "{{ database_username }}"
    objs: ALL_IN_SCHEMA
    privs: ALL
    type: table
    schema: public
    state: present
    login_user: postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host: 127.0.0.1
    login_port: "{{database_port}}"

- name: Set comprehensive privileges for user on public schema
  postgresql_query:
    db: "{{ database_name }}"
    login_user: postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host: 127.0.0.1
    login_port: "{{database_port}}"
    query: |
      GRANT USAGE ON SCHEMA public TO {{ database_username }};
      GRANT CREATE ON SCHEMA public TO {{ database_username }};
      ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO {{ database_username }};

- name: Ensure PostGIS-related extensions are installed
  community.postgresql.postgresql_ext:
    db: "{{ database_name }}"
    ext: "{{ item }}"
    state: present
    login_user: postgres
    login_password: "{{ applications[application_id].credentials.postgres_password }}"
    login_host: 127.0.0.1
    login_port: "{{ database_port }}"
  loop:
    - postgis
    - pg_trgm
    - unaccent
  when: database_gis_enabled is defined and database_gis_enabled