88 lines
2.5 KiB
YAML
88 lines
2.5 KiB
YAML
---
|
|
# Tworzenie bazy danych i użytkownika dla MailArchiver
|
|
# Ta rola uruchamia się TYLKO na primary
|
|
|
|
- name: Wait for PostgreSQL to be ready
|
|
wait_for:
|
|
path: "/var/run/postgresql/.s.PGSQL.5432"
|
|
timeout: 60
|
|
|
|
# --- Utworzenie użytkownika mailuser ---
|
|
- name: Create mailuser database user
|
|
postgresql_user:
|
|
name: mailuser
|
|
password: "{{ mailuser_password }}"
|
|
role_attr_flags: CREATEDB
|
|
login_unix_socket_directory: /var/run/postgresql
|
|
db: postgres
|
|
become: true
|
|
become_user: postgres
|
|
|
|
# --- Utworzenie bazy mailarchiver ---
|
|
- name: Create mailarchiver database
|
|
postgresql_db:
|
|
name: mailarchiver
|
|
owner: mailuser
|
|
encoding: UTF-8
|
|
lc_collate: en_US.UTF-8
|
|
lc_ctype: en_US.UTF-8
|
|
login_unix_socket_directory: /var/run/postgresql
|
|
become: true
|
|
become_user: postgres
|
|
|
|
# --- Przyznanie uprawnień ---
|
|
- name: Grant privileges on schema public
|
|
postgresql_query:
|
|
db: mailarchiver
|
|
query: |
|
|
GRANT USAGE ON SCHEMA public TO mailuser;
|
|
GRANT CREATE ON SCHEMA public TO mailuser;
|
|
login_unix_socket_directory: /var/run/postgresql
|
|
become: true
|
|
become_user: postgres
|
|
|
|
# --- Default privileges dla tabel ---
|
|
- name: Set default privileges for tables
|
|
postgresql_query:
|
|
db: mailarchiver
|
|
query: |
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public
|
|
GRANT ALL ON TABLES TO mailuser;
|
|
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public
|
|
GRANT ALL ON SEQUENCES TO mailuser;
|
|
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public
|
|
GRANT ALL ON FUNCTIONS TO mailuser;
|
|
login_unix_socket_directory: /var/run/postgresql
|
|
become: true
|
|
become_user: postgres
|
|
|
|
# --- Sprawdzenie ---
|
|
- name: Verify mailarchiver database creation
|
|
postgresql_query:
|
|
db: mailarchiver
|
|
query: "SELECT datname, pg_database.datdba::regrole FROM pg_database WHERE datname = 'mailarchiver'"
|
|
login_unix_socket_directory: /var/run/postgresql
|
|
become: true
|
|
become_user: postgres
|
|
register: db_verify
|
|
|
|
- name: Display database info
|
|
debug:
|
|
msg: "Database mailarchiver created: {{ db_verify.query_result }}"
|
|
|
|
- name: Verify mailuser permissions
|
|
postgresql_query:
|
|
db: mailarchiver
|
|
query: "SELECT * FROM information_schema.role_table_grants WHERE grantee='mailuser' LIMIT 5"
|
|
login_unix_socket_directory: /var/run/postgresql
|
|
become: true
|
|
become_user: postgres
|
|
register: user_perms
|
|
ignore_errors: true
|
|
|
|
- name: Display user permissions
|
|
debug:
|
|
msg: "Mailuser permissions: {{ user_perms.query_result | default('No permissions yet') }}"
|