diff --git a/host_vars/re2o-bdd.adm.auro.re.yml b/host_vars/re2o-bdd.adm.auro.re.yml deleted file mode 100644 index 7991f13..0000000 --- a/host_vars/re2o-bdd.adm.auro.re.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -postgresql_databases: true diff --git a/playbooks/postgresql.yml b/playbooks/postgresql.yml index 48b3863..3431b5b 100755 --- a/playbooks/postgresql.yml +++ b/playbooks/postgresql.yml @@ -5,69 +5,69 @@ vars: postgresql: version: 13 - postgresql_hosts: - - database: nextcloud - user: nextcloud - net: 10.128.0.58/32 - method: md5 - - database: gitea - user: gitea - net: 10.128.0.60/32 - method: md5 - - database: wikijs - user: wikijs - net: 10.128.0.66/32 - method: md5 - - database: drone - user: drone - net: 10.128.0.64/32 - method: md5 - - database: netbox - user: netbox - net: 10.128.0.97/32 - method: md5 - - database: grafana - user: grafana - net: 10.128.0.98/32 - method: md5 - postgresql_databases: - - nextcloud - - gitea - - wikijs - - drone - - netbox - - grafana - postgresql_users: - - name: nextcloud - database: nextcloud - password: "{{ vault_postgresql_nextcloud_passwd }}" - privs: - - ALL - - name: gitea - database: gitea - password: "{{ vault_postgresql_gitea_passwd }}" - privs: - - ALL - - name: wikijs - database: wikijs - password: "{{ vault_postgresql_wikijs_passwd }}" - privs: - - ALL - - name: drone - database: drone - password: "{{ vault_postgresql_drone_passwd }}" - privs: - - ALL - - name: netbox - database: netbox - password: "{{ vault_postgresql_netbox_passwd }}" - privs: - - ALL - - name: grafana - database: grafana - password: "{{ vault_postgresql_grafana_passwd }}" - privs: - - ALL + hosts: + - database: nextcloud + user: nextcloud + net: 10.128.0.58/32 + method: md5 + - database: gitea + user: gitea + net: 10.128.0.60/32 + method: md5 + - database: wikijs + user: wikijs + net: 10.128.0.66/32 + method: md5 + - database: drone + user: drone + net: 10.128.0.64/32 + method: md5 + - database: netbox + user: netbox + net: 10.128.0.97/32 + method: md5 + - database: grafana + user: grafana + net: 10.128.0.98/32 + method: md5 + databases: + - nextcloud + - gitea + - wikijs + - drone + - netbox + - grafana + users: + - name: nextcloud + database: nextcloud + password: "{{ vault_postgresql_nextcloud_passwd }}" + privs: + - ALL + - name: gitea + database: gitea + password: "{{ vault_postgresql_gitea_passwd }}" + privs: + - ALL + - name: wikijs + database: wikijs + password: "{{ vault_postgresql_wikijs_passwd }}" + privs: + - ALL + - name: drone + database: drone + password: "{{ vault_postgresql_drone_passwd }}" + privs: + - ALL + - name: netbox + database: netbox + password: "{{ vault_postgresql_netbox_passwd }}" + privs: + - ALL + - name: grafana + database: grafana + password: "{{ vault_postgresql_grafana_passwd }}" + privs: + - ALL update_motd: postgresql: PostgreSQL est déployé. roles: @@ -79,59 +79,59 @@ vars: postgresql: version: 13 - postgresql_hosts: - - database: etherpad - user: etherpad - net: 10.128.0.150/32 - method: md5 - - database: codimd - user: codimd - net: 10.128.0.150/32 - method: md5 - - database: synapse - user: synapse - net: 10.128.0.56/32 - method: md5 - - database: kanboard - user: kanboard - net: 10.128.0.150/32 - method: md5 - - database: cas - user: cas - net: 10.128.0.150/32 - method: md5 - postgresql_databases: - - synapse - - codimd - - etherpad - - kanboard - - cas - postgresql_users: - - name: synapse - database: synapse - password: "{{ vault_postgresql_synapse_passwd }}" - privs: - - ALL - - name: codimd - database: codimd - password: "{{ vault_postgresql_codimd_passwd }}" - privs: - - ALL - - name: etherpad - database: etherpad - password: "{{ vault_postgresql_etherpad_passwd }}" - privs: - - ALL - - name: kanboard - database: kanboard - password: "{{ vault_postgresql_kanboard_passwd }}" - privs: - - ALL - - name: cas - database: cas - password: "{{ vault_postgresql_cas_passwd }}" - privs: - - ALL + hosts: + - database: etherpad + user: etherpad + net: 10.128.0.150/32 + method: md5 + - database: codimd + user: codimd + net: 10.128.0.150/32 + method: md5 + - database: synapse + user: synapse + net: 10.128.0.56/32 + method: md5 + - database: kanboard + user: kanboard + net: 10.128.0.150/32 + method: md5 + - database: cas + user: cas + net: 10.128.0.150/32 + method: md5 + databases: + - synapse + - codimd + - etherpad + - kanboard + - cas + users: + - name: synapse + database: synapse + password: "{{ vault_postgresql_synapse_passwd }}" + privs: + - ALL + - name: codimd + database: codimd + password: "{{ vault_postgresql_codimd_passwd }}" + privs: + - ALL + - name: etherpad + database: etherpad + password: "{{ vault_postgresql_etherpad_passwd }}" + privs: + - ALL + - name: kanboard + database: kanboard + password: "{{ vault_postgresql_kanboard_passwd }}" + privs: + - ALL + - name: cas + database: cas + password: "{{ vault_postgresql_cas_passwd }}" + privs: + - ALL update_motd: postgresql: PostgreSQL est déployé. roles: diff --git a/roles/borgbackup_client/templates/config.yaml.j2 b/roles/borgbackup_client/templates/config.yaml.j2 index a8eb2cb..6c2f455 100644 --- a/roles/borgbackup_client/templates/config.yaml.j2 +++ b/roles/borgbackup_client/templates/config.yaml.j2 @@ -42,7 +42,7 @@ consistency: - repository - archives -{% if postgresql_databases is defined %} +{% if borg_postgresql_databases is defined %} hooks: postgresql_databases: - name: all diff --git a/roles/postgresql/tasks/main.yml b/roles/postgresql/tasks/main.yml index 3472be3..8a1800d 100644 --- a/roles/postgresql/tasks/main.yml +++ b/roles/postgresql/tasks/main.yml @@ -55,7 +55,7 @@ lc_collate: en_US.UTF-8 lc_ctype: en_US.UTF-8 template: template0 - loop: "{{ postgresql_databases }}" + loop: "{{ postgresql.databases }}" - name: Create users become: true @@ -65,7 +65,7 @@ name: "{{ item.name }}" password: "{{ item.password }}" no_log: true - loop: "{{ postgresql_users }}" + loop: "{{ postgresql.users }}" - name: Grant privileges to users become: true @@ -77,5 +77,5 @@ privs: "{{ item.privs | join(',') }}" obj: "{{ item.database }}" no_log: true - loop: "{{ postgresql_users }}" + loop: "{{ postgresql.users }}" ... diff --git a/roles/postgresql/templates/postgresql/pg_hba.conf.j2 b/roles/postgresql/templates/postgresql/pg_hba.conf.j2 index ec527b3..bf8f545 100644 --- a/roles/postgresql/templates/postgresql/pg_hba.conf.j2 +++ b/roles/postgresql/templates/postgresql/pg_hba.conf.j2 @@ -2,6 +2,6 @@ # TYPE DATABASE USER ADDRESS METHOD local all postgres peer map=map_local -{% for host in postgresql_hosts %} +{% for host in postgresql.hosts %} host "{{ host.database }}" "{{ host.user }}" {{ host.net }} {{ host.method }} {% endfor %}