#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
# Database servers
---
- hosts: psql1.desu.ltd
  roles:
    - role: backup
      vars:
        backup_script: s3pgdump
      tags: [ backup ]
    - role: motd
      vars:
        motd_watch_services_extra:
          - postgresql
      tags: [ motd ]
    - role: postgresql
      vars:
        postgresql_global_config_options:
          - option: listen_addresses
            value: 192.168.164.156
        postgresql_hba_entries:
          - { type: local, database: all, user: postgres, auth_method: peer }
          - { type: local, database: all, user: all, auth_method: peer }
          - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
          - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
            # Used for internal access from other nodes
          - { type: host, database: all, user: all, address: '192.168.0.0/16', auth_method: md5 }
        postgresql_users:
          - name: gitea-desultd
            password: "{{ secret_gitea_db_pass }}"
          - name: nextcloud-desultd
            password: "{{ secret_nextcloud_db_pass }}"
        postgresql_databases:
          - name: gitea-desultd
            owner: gitea-desultd
          - name: nextcloud-desultd
            owner: nextcloud-desultd
      tags: [ db, psql ]
- hosts: psql1.9iron.club
  roles:
    - role: backup
      vars:
        backup_script: s3pgdump
      tags: [ backup ]
    - role: motd
      vars:
        motd_watch_services_extra:
          - postgresql
      tags: [ motd ]
    - role: postgresql
      vars:
        postgresql_hba_entries:
          - { type: local, database: all, user: postgres, auth_method: peer }
          - { type: local, database: all, user: all, auth_method: peer }
          - { type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5 }
          - { type: host, database: all, user: all, address: '::1/128', auth_method: md5 }
          - { type: host, database: all, user: all, address: '172.31.0.0/16', auth_method: md5 }
        postgresql_users:
          - name: gitea
            password: "{{ secret_gitea_9iron_db_pass }}"
          - name: nextcloud
            password: "{{ secret_nextcloud_9iron_db_pass }}"
          - name: pleroma
            password: "{{ secret_pleroma_9iron_db_pass }}"
          - name: matrix
            password: "{{ secret_matrix_9iron_db_pass }}"
        postgresql_databases:
          - name: gitea
            lc_collate: C.UTF-8
            lc_ctype: C.UTF-8
            owner: gitea
          - name: nextcloud
            lc_collate: C.UTF-8
            lc_ctype: C.UTF-8
            owner: nextcloud
          - name: pleroma
            lc_collate: C.UTF-8
            lc_ctype: C.UTF-8
            owner: pleroma
          - name: matrix
            lc_collate: C
            lc_ctype: C
            owner: matrix
      tags: [ db, psql ]