#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
---
# Home media storage Pi
- hosts: vm-psql-1.home.mgmt.desu.ltd
  roles:
    - role: backup
      vars:
        backup_time: "Mon *-*-* 02:00:00"
      tags: [ backup ]
    - role: geerlingguy.postgresql
      vars:
        postgresql_global_config_options:
          - option: listen_addresses
            value: "*"
          # All of these options are just for debugging stuff
          # This IS a lab environment after all
          - option: log_directory
            value: "pg_log"
          - option: log_filename
            value: "postgresql-%Y-%m-%d_%H%M%S.log"
          - option: log_statement
            value: all
          - option: logging_collector
            value: "on"
        postgresql_hba_entries:
          - { type: local, database: all, user: postgres, auth_method: peer }
          - { type: local, database: all, user: all, auth_method: md5 }
          - { type: host, database: all, user: all, address: '127.0.0.0/8', auth_method: md5 }
          - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
            # Used for internal access from other nodes
          - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 }
            # Allow hosts over zerotier
          - { type: host, database: all, user: all, address: '172.23.0.0/16', auth_method: md5 }
        postgresql_users:
          - name: gulagbot-desultd
            password: "{{ secret_gulagbot_db_pass }}"
          - name: gulagbot-test
            password: "{{ secret_gulagbot_db_pass }}"
          - name: nagios
            password: "{{ secret_postgresql_monitoring_password }}"
        postgresql_databases:
          - name: gulagbot-desultd
            owner: gulagbot-desultd
          - name: gulagbot-test
            owner: gulagbot-test
      tags: [ home, db, psql ]