v1.0

2026-01-29 12:55:01 +01:00
commit 65edf17dc7
15 changed files with 435 additions and 0 deletions
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@@ -0,0 +1,47 @@
+- name: Install PostgreSQL
+  apt:
+    name:
+      - postgresql-{{ pg_version }}
+      - postgresql-contrib
+    update_cache: yes
+
+- name: Stop postgres before config
+  service:
+    name: postgresql
+    state: stopped
+
+- name: postgresql.conf
+  template:
+    src: postgresql.conf.j2
+    dest: /etc/postgresql/{{ pg_version }}/main/postgresql.conf
+
+- name: pg_hba.conf
+  template:
+    src: pg_hba.conf.j2
+    dest: /etc/postgresql/{{ pg_version }}/main/pg_hba.conf
+
+- name: TLS cert dir
+  file:
+    path: /etc/postgresql/ssl
+    state: directory
+    owner: postgres
+    mode: "700"
+
+- name: Copy TLS cert
+  copy:
+    src: pg.crt
+    dest: /etc/postgresql/ssl/pg.crt
+    owner: postgres
+    mode: "600"
+
+- name: Copy TLS key
+  copy:
+    src: pg.key
+    dest: /etc/postgresql/ssl/pg.key
+    owner: postgres
+    mode: "600"
+
+- name: Start postgres
+  service:
+    name: postgresql
+    state: started
--- a/roles/postgres/tasks/templates/pg_hba.conf.j2
+++ b/roles/postgres/tasks/templates/pg_hba.conf.j2
@@ -0,0 +1,3 @@
+local   all             postgres                                peer
+host    all             all             10.0.0.0/24             md5
+host    replication     replicator      10.0.0.2/32             md5
--- a/roles/postgres/tasks/templates/postgresql.conf.j2
+++ b/roles/postgres/tasks/templates/postgresql.conf.j2
@@ -0,0 +1,13 @@
+listen_addresses = '*'
+
+shared_buffers = 2GB
+effective_cache_size = 6GB
+work_mem = 64MB
+maintenance_work_mem = 1GB
+
+wal_compression = on
+checkpoint_timeout = 15min
+max_wal_size = 64GB
+
+archive_mode = on
+archive_command = 'pgbackrest --stanza=main archive-push %p'