43 lines
1.2 KiB
YAML
43 lines
1.2 KiB
YAML
|
- name: create db in postgres
|
||
|
community.postgresql.postgresql_db:
|
||
|
name: pdns
|
||
|
notify:
|
||
|
- create db schema
|
||
|
|
||
|
- meta: flush_handlers # schema must be created before permission grants happen
|
||
|
|
||
|
- name: create postgres pdns user
|
||
|
community.postgresql.postgresql_user:
|
||
|
name: pdns
|
||
|
db: pdns
|
||
|
password: "{{ lookup('ansible.builtin.password', 'secrets/' + inventory_hostname + '/pg-pdns-password.txt', length=15) }}"
|
||
|
|
||
|
- name: grant postgres pdns user permissions
|
||
|
community.postgresql.postgresql_privs:
|
||
|
database: pdns
|
||
|
roles: pdns
|
||
|
type: "{{ item }}"
|
||
|
privs: all
|
||
|
objs: ALL_IN_SCHEMA
|
||
|
with_items: ["table", "sequence"]
|
||
|
|
||
|
- name: create postgres replication user
|
||
|
community.postgresql.postgresql_user:
|
||
|
name: replication
|
||
|
password: "{{ lookup('ansible.builtin.password', 'secrets/pg-replication-password.txt', length=15) }}"
|
||
|
role_attr_flags: replication
|
||
|
|
||
|
- name: grant postgres replication user permissions
|
||
|
community.postgresql.postgresql_privs:
|
||
|
database: pdns
|
||
|
roles: replication
|
||
|
type: "{{ item }}"
|
||
|
privs: all
|
||
|
objs: ALL_IN_SCHEMA
|
||
|
with_items: ["table", "sequence"]
|
||
|
|
||
|
- name: create postgresql publication
|
||
|
community.postgresql.postgresql_publication:
|
||
|
db: pdns
|
||
|
name: pdns
|