chore!: separated galaxy deps and own collections; modified ansible script generation to use two paths for collections

REQUIRES REGENERATING ansible.cfg!
2025-02-23 00:00:00 +00:00 · 2025-02-23 00:00:00 +00:00 · 888590ed9f
commit 888590ed9f
parent 4af69c31ce
188 changed files with 30 additions and 30 deletions
--- a/ansible_collections/nullified/infrastructure/roles/postgresql/tasks/client.yml
+++ b/ansible_collections/nullified/infrastructure/roles/postgresql/tasks/client.yml
@ -0,0 +1,9 @@
+---
+- name: install client packages
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+    cache_valid_time: 3600
+    force_apt_get: true
+    pkg:
+      - postgresql-client
--- a/ansible_collections/nullified/infrastructure/roles/postgresql/tasks/main.yml
+++ b/ansible_collections/nullified/infrastructure/roles/postgresql/tasks/main.yml
@ -0,0 +1,17 @@
+---
+- name: setup server
+  include_tasks: server.yml
+  when: postgresql_install_server is truthy
+
+- name: setup client
+  include_tasks: client.yml
+  when: postgresql_install_client is truthy
+
+- name: install firewall rules
+  become: true
+  template:
+    src: ../templates/nftables.d/postgresql.nft.j2
+    dest: /etc/nftables.d/postgresql.nft
+    mode: '0600'
+  notify:
+    - 'postgresql : load firewall rules'
--- a/ansible_collections/nullified/infrastructure/roles/postgresql/tasks/server.yml
+++ b/ansible_collections/nullified/infrastructure/roles/postgresql/tasks/server.yml
@ -0,0 +1,134 @@
+---
+- name: install server packages
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+    cache_valid_time: 3600
+    force_apt_get: true
+    pkg:
+      - postgresql
+      - python3-pexpect
+
+- name: gather information
+  become: true
+  block:
+    - name: pg_hba.conf path
+      ansible.builtin.shell: >
+        su {{ postgresql_default_user }} -c 'psql -t --csv -c "SHOW hba_file"'
+      register: hba_file_query
+      changed_when: false
+      failed_when: hba_file_query.rc != 0 or hba_file_query.stdout is falsy
+    - name: postgresql.conf path
+      ansible.builtin.shell: >
+        su {{ postgresql_default_user }} -c 'psql -t --csv -c "SHOW config_file"'
+      register: psql_conf_query
+      changed_when: false
+      failed_when: psql_conf_query.rc != 0 or psql_conf_query.stdout is falsy
+    - name: register facts
+      ansible.builtin.set_fact:
+        postgresql_hba_file: '{{ hba_file_query.stdout }}'
+        postgresql_conf_file: '{{ psql_conf_query.stdout }}'
+
+- name: update postgresql.conf values
+  become: true
+  block:
+    - name: update listen addresses
+      ansible.builtin.lineinfile:
+        path: '{{ postgresql_conf_file }}'
+        regexp: '^#?listen_addresses\b.+'
+        line: "listen_addresses = '{{ postgresql_server_bind_addresses|join(',') }}'"
+        state: present
+      when: postgresql_server_bind_addresses is truthy
+      notify:
+        - 'postgresql : restart postgresql service'
+    - name: update listen port
+      ansible.builtin.lineinfile:
+        path: '{{ postgresql_conf_file }}'
+        regexp: '^#?port\b.+'
+        line: 'port = {{ postgresql_server_port }}'
+        state: present
+      notify:
+        - 'postgresql : restart postgresql service'
+    - name: update default encryption
+      ansible.builtin.lineinfile:
+        path: '{{ postgresql_conf_file }}'
+        regexp: '^#?password_encryption\b.+'
+        line: "password_encryption = '{{ postgresql_server_encryption_scheme }}'"
+        state: present
+      notify:
+        - 'postgresql : restart postgresql service'
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+
+- name: create databases
+  become: true
+  ansible.builtin.command: >
+    su {{ postgresql_default_user }} -c 'createdb{% if 'tablespace' in item %} -D "{{ item.tablespace }}"{% endif %}{% if 'encoding' in item %} -E "{{ item.encoding }}"{% endif %}{% if 'locale' in item %} -l "{{ item.locale }}"{% endif %}{% if 'owner' in item %} -O "{{ item.owner }}"{% endif %} "{{ item.name }}"'
+  loop: '{{ postgresql_server_databases_list }}'
+  loop_control:
+    label: '{{ item.name }}'
+  register: create_db_exec
+  failed_when: create_db_exec.rc != 0 and not " already exists" in create_db_exec.stderr
+  changed_when: not " already exists" in create_db_exec.stderr
+
+- name: create accesses
+  become: true
+  block:
+    - name: create roles
+      ansible.builtin.expect:
+        command: >
+          su {{ postgresql_default_user }} -c 'createuser --{{ 'no-' if item.get('nologin', False) is truthy }}login "{{ item.name }}" --pwprompt'
+        responses:
+          'Enter password for new role: ':
+            - '{{ item.password }}'
+          'Enter it again: ':
+            - '{{ item.password }}'
+      loop: '{{ postgresql_server_accounts_list }}'
+      loop_control:
+        label: '{{ item.name }}'
+      register: create_user_exec
+      failed_when: create_user_exec.rc != 0 and not " already exists" in create_user_exec.stdout
+      changed_when: not " already exists" in create_user_exec.stdout
+      no_log: true
+    - name: add HBA accesses
+      ansible.builtin.lineinfile:
+        path: '{{ postgresql_hba_file }}'
+        regexp: '^#?(?P<contype>{{ item.contype }}+)\s+(?P<databases>{{ item.databases }})\s+(?P<users>{{ item.users }})\s+(?P<addr>{{ item.address }})\s+(?P<method>{{ item.method }})$'
+        line: "{{ item.contype }}\t{{ item.databases | join(',') }}\t{{ item.users | join(',') }}\t{{ item.address }}\t{{ item.method }}"
+        group: '{{ postgresql_default_user }}'
+        owner: '{{ postgresql_default_user }}'
+        mode: '0600'
+        state: present
+      loop: '{{ postgresql_server_hba_conf_list }}'
+      loop_control:
+        label: '{{ item.contype }}:{{ item.method }}:: {{ item.users }}-{{ item.address }} @ {{ item.databases }}'
+      notify:
+        - 'postgresql : reload postgresql service'
+
+- name: run custom initialization queries
+  become: true
+  block:
+    - name: create temporary file
+      ansible.builtin.tempfile:
+        state: file
+      register: tmp_file
+      changed_when: false
+    - name: export initialization SQL file
+      ansible.builtin.template:
+        src: ../templates/postgresql_init.sql.j2
+        dest: '{{ tmp_file.path }}'
+        mode: '0600'
+        force: true
+        owner: '{{ postgresql_default_user }}'
+        group: '{{ postgresql_default_user }}'
+      changed_when: false
+    - name: run initialization file
+      ansible.builtin.shell: "su {{ postgresql_default_user }} -c 'psql < {{ tmp_file.path }}'"
+      register: run_custom_sql_exec
+      failed_when: run_custom_sql_exec.rc != 0 or "ERROR" in run_custom_sql_exec.get("stderr", "")
+    - name: cleanup
+      ansible.builtin.file:
+        path: '{{ tmp_file.path }}'
+        state: absent
+  when: postgresql_server_run_init_sql is truthy or postgresql_server_run_custom_sql is truthy