1 files changed, 87 insertions, 0 deletions

diff --git a/ansible/roles/sz-ds/tasks/main.yml b/ansible/roles/sz-ds/tasks/main.yml
new file mode 100644
index 0000000..9e55292
--- /dev/null
+++ b/ansible/roles/sz-ds/tasks/main.yml
@@ -0,0 +1,87 @@
+- name: misc packages
+  tags: packages
+  apt:
+    name: "{{ item }}"
+    install_recommends: no
+  with_items:
+    - python-psycopg2
+    - python3-psycopg2
+
+- name: accounts for sz-ds
+  tags: user
+  block:
+    - name: create sz-ds user
+      user:
+        name: sz-ds
+        shell: "/bin/bash"
+        createhome: no
+        home: /opt/sz-ds
+        system: yes
+    - file:
+        state: directory
+        path: /opt/sz-ds
+        owner: sz-ds
+        mode: u=rwx,go=
+    - file:
+        state: directory
+        path: /opt/sz-ds/bin
+    - copy:
+        src: opt/sz-ds/bash_profile
+        dest: /opt/sz-ds/.bash_profile
+
+- name: flyway for sz-ds
+  tags: flyway
+  block:
+    - name: mkdir /opt/sz-ds/flyway
+      file:
+        state: directory
+        path: /opt/sz-ds/flyway
+    - template:
+        src: opt/sz-ds/bin/flyway.j2
+        dest: /opt/sz-ds/bin/flyway
+        mode: a=rx
+    - name: Download and extract Flyway {{ flyway_version }}
+      unarchive:
+        src: "https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/{{ flyway_version }}/flyway-commandline-{{ flyway_version }}.zip"
+        dest: /opt/sz-ds/flyway
+        creates: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}"
+        remote_src: yes
+    - file:
+        path: "/opt/sz-ds/flyway/flyway-{{ flyway_version }}/flyway"
+        mode: a=rx
+    # flyway.conf is created later
+- name: sz-ds database
+  tags: sz-ds-pg
+  become: yes
+  become_user: postgres
+  vars:
+    ansible_ssh_pipelining: true
+  block:
+    - name: sz-ds
+      postgresql_user:
+        name: sz-ds
+        role_attr_flags: "NOLOGIN"
+    - name: sz-ds-flyway
+      tags: update-password
+      postgresql_user:
+        name: sz-ds-flyway
+        password: "{{ sz_ds_secret.db_password_flyway }}"
+        encrypted: yes
+    - name: sz-ds-web
+      tags: update-password
+      postgresql_user:
+        name: sz-ds-web
+        password: "{{ sz_ds_secret.db_password_web }}"
+        encrypted: yes
+    - name: sz-ds db
+      postgresql_db:
+        name: "sz-ds"
+        encoding: "utf-8"
+        owner: "sz-ds"
+    - postgresql_privs:
+        database: sz-ds
+        state: present
+        privs: USAGE
+        type: schema
+        objs: public
+        roles: sz-ds-web,sz-ds-flyway