shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-10-03 01:00:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
6ce425e7d9823cd48ac8e5555fa21048639c9a57
auricom-home-cluster/infrastructure/ansible/roles/truenas/tasks/jails/postgres-conf.yml
auricom 4ac38f95e9 new talos cluster
2022-11-20 16:37:40 +01:00

61 lines
1.9 KiB
YAML
Raw Blame History

---
- name: jail-postgres | get jail ip
ansible.builtin.shell:
cmd: iocage exec postgres ifconfig epair0b | grep 'inet' | awk -F ' ' '{ print $2 }'
changed_when: false
register: postgres_jail_ip
become: true
- name: jail-postgres | copy letsencrypt certificate
ansible.builtin.copy:
src: /mnt/storage/home/homelab/letsencrypt/{{ secret_domain }}/{{ item.src }}
remote_src: true
dest: /mnt/storage/jail-mounts/postgres/data{{ postgres_version }}/{{ item.dest }}
owner: 770
group: 770
mode: 0600
loop:
- { src: "fullchain.pem", dest: "server.crt" }
- { src: "key.pem", dest: "server.key" }
notify: restart postgresql
become: true
- block:
- name: jail-postgres | disable full page writes because of ZFS
ansible.builtin.lineinfile:
path: /var/db/postgres/data{{ postgres_version }}/postgresql.conf
regexp: '^full_page_writes\s*='
line: "full_page_writes=off"
state: present
notify: restart postgresql
- name: jail-postgres | listen to all addresses
ansible.builtin.lineinfile:
path: /var/db/postgres/data{{ postgres_version }}/postgresql.conf
regexp: '^listen_addresses\s*='
line: "listen_addresses = '*'"
state: present
notify: restart postgresql
- name: jail-postgres | ssl configuration
ansible.builtin.blockinfile:
path: /var/db/postgres/data{{ postgres_version }}/postgresql.conf
block: |
ssl = on
ssl_cert_file = 'server.crt'
ssl_key_file = 'server.key'
ssl_prefer_server_ciphers = on
state: present
notify: restart postgresql
- name: jail-postgres | configure postgres
ansible.builtin.template:
src: postgres/pg_hba.conf
dest: /var/db/postgres/data{{ postgres_version }}/pg_hba.conf
owner: postgres
group: postgres
notify: restart postgresql
delegate_to: "{{ postgres_jail_ip.stdout }}"
remote_user: root
Reference in New Issue View Git Blame Copy Permalink