sets postgresql with a giteadb and gitea user
This commit is contained in:
parent
91824b7002
commit
3986b4fb6e
@ -2,11 +2,26 @@
|
|||||||
- name: This playbook installs and setups postgresql
|
- name: This playbook installs and setups postgresql
|
||||||
hosts: aws
|
hosts: aws
|
||||||
become: true
|
become: true
|
||||||
|
vars_files:
|
||||||
|
- ../vars/secrets.yml
|
||||||
|
vars:
|
||||||
|
postgresql_user: gitea
|
||||||
|
postgresql_db: giteadb
|
||||||
tasks:
|
tasks:
|
||||||
- name: install postgresql
|
- name: install postgresql
|
||||||
apt:
|
apt:
|
||||||
name: postgresql
|
name: "{{item}}"
|
||||||
update_cache: true
|
loop:
|
||||||
|
- postgresql
|
||||||
|
- postgresql-contrib
|
||||||
|
- libpq-dev
|
||||||
|
- python3-dev
|
||||||
|
- python3-pip
|
||||||
|
- acl
|
||||||
|
|
||||||
|
- name: install pyscopg python module
|
||||||
|
ansible.builtin.pip:
|
||||||
|
name: psycopg2
|
||||||
|
|
||||||
- name: enable the postgresql service
|
- name: enable the postgresql service
|
||||||
service:
|
service:
|
||||||
@ -17,3 +32,34 @@
|
|||||||
service:
|
service:
|
||||||
name: postgresql
|
name: postgresql
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
|
- name: create giteadb database
|
||||||
|
become_user: postgres
|
||||||
|
community.postgresql.postgresql_db:
|
||||||
|
name: "{{postgresql_db}}"
|
||||||
|
encoding: UTF-8
|
||||||
|
lc_collate: en_US.UTF-8
|
||||||
|
lc_ctype: en_US.UTF-8
|
||||||
|
template: template0
|
||||||
|
|
||||||
|
- name: create user gitea
|
||||||
|
become_user: postgres
|
||||||
|
community.postgresql.postgresql_user:
|
||||||
|
name: "{{postgresql_user}}"
|
||||||
|
password: "{{postgresql_password}}"
|
||||||
|
environment:
|
||||||
|
PGOPTIONS: "-c password_encryption=scram-sha-256"
|
||||||
|
|
||||||
|
- name: grant priviledges to giteadb to user gitea
|
||||||
|
become_user: postgres
|
||||||
|
community.postgresql.postgresql_privs:
|
||||||
|
db: giteadb
|
||||||
|
privs: ALL
|
||||||
|
type: database
|
||||||
|
role: gitea
|
||||||
|
|
||||||
|
- name: let gitea authenticate as a peer
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/postgresql/14/main/pg_hba.conf
|
||||||
|
regexp: "^local.*all.*all.*peer"
|
||||||
|
line: "local all all scram-sha-256"
|
||||||
|
Loading…
Reference in New Issue
Block a user