From fdf38928edd187949c8f4fc5a60b9780500d3e2e Mon Sep 17 00:00:00 2001
From: Trygve Laugstøl <trygvis@inamo.no>
Date: Fri, 23 Dec 2022 14:25:38 +0100
Subject: concourse

---
 ansible/knot-pg-backup.yml | 56 ------------------------------------
 ansible/knot-pg.yml        | 72 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 72 insertions(+), 56 deletions(-)
 delete mode 100644 ansible/knot-pg-backup.yml
 create mode 100644 ansible/knot-pg.yml

(limited to 'ansible')

diff --git a/ansible/knot-pg-backup.yml b/ansible/knot-pg-backup.yml
deleted file mode 100644
index 4d0cac1..0000000
--- a/ansible/knot-pg-backup.yml
+++ /dev/null
@@ -1,56 +0,0 @@
----
-- hosts:
-    - knot
-  vars:
-    wal_g: /etc/postgresql/wal-g.env
-    wal_g_bin: /var/lib/postgresql/wal-g
-    pg_v: 15
-  tasks:
-    - name: "mkdir {{ wal_g }}"
-      become: yes
-      file:
-        path: "{{ wal_g }}"
-        state: directory
-        mode: ug=rx,o=
-        owner: root
-        group: postgres
-
-
-    - name: Load values from../knot-pdb.sops.yml
-      community.sops.load_vars:
-        name: env
-        file: ../knot-pdb.sops.yml
-
-    - name: Configure environment
-      become: yes
-      copy:
-        dest: "{{ wal_g }}/{{ item.file }}"
-        content: |
-          {{ item.content }}
-        owner: root
-        group: postgres
-        mode: g=r,u=r,o=
-      loop:
-        - {file: "AWS_ACCESS_KEY_ID", content: "{{ env.AWS_ACCESS_KEY_ID }}"}
-        - {file: "AWS_ENDPOINT", content: "{{ env.AWS_ENDPOINT }}"}
-        - {file: "AWS_REGION", content: "{{ env.AWS_REGION }}"}
-        - {file: "AWS_S3_FORCE_PATH_STYLE", content: "{{ env.AWS_S3_FORCE_PATH_STYLE }}"}
-        - {file: "AWS_SECRET_ACCESS_KEY", content: "{{ env.AWS_SECRET_ACCESS_KEY }}"}
-        - {file: "WALG_S3_PREFIX", content: "{{ env.WALG_S3_PREFIX }}"}
-        - {file: "PGHOST", content: "/var/run/postgresql"}
-
-    - name: /etc/postgresql/{{ pg_v }}/main/wal-g.conf
-      become: yes
-      copy:
-        dest: /etc/postgresql/{{ pg_v }}/main/wal-g.conf
-        content: |
-         archive_mode = yes
-         archive_command = '/usr/bin/envdir {{ wal_g }} {{ wal_g_bin }} wal-push %p'
-         archive_timeout = 60
-
-    - name: /etc/postgresql/{{ pg_v }}/main/postgresql.conf
-      become: yes
-      lineinfile:
-        path: /etc/postgresql/{{ pg_v }}/main/postgresql.conf
-        regexp: wal-g.conf
-        line: "include = 'wal-g.conf'"
diff --git a/ansible/knot-pg.yml b/ansible/knot-pg.yml
new file mode 100644
index 0000000..ec0b86b
--- /dev/null
+++ b/ansible/knot-pg.yml
@@ -0,0 +1,72 @@
+---
+- hosts:
+    - knot
+  vars:
+    wal_g: /etc/postgresql/wal-g.env
+    wal_g_bin: /var/lib/postgresql/wal-g
+    pg_v: 15
+  tasks:
+    - name: "mkdir {{ wal_g }}"
+      become: yes
+      file:
+        path: "{{ wal_g }}"
+        state: directory
+        mode: ug=rx,o=
+        owner: root
+        group: postgres
+
+
+    - name: Load values from../knot-pdb.sops.yml
+      community.sops.load_vars:
+        name: env
+        file: ../knot-pdb.sops.yml
+
+    - name: Configure environment
+      become: yes
+      tags: env
+      copy:
+        dest: "{{ wal_g }}/{{ item.file }}"
+        content: |
+          {{ item.content }}
+        owner: root
+        group: postgres
+        mode: g=r,u=r,o=
+      loop:
+        - {file: "AWS_ACCESS_KEY_ID", content: "{{ env.AWS_ACCESS_KEY_ID }}"}
+        - {file: "AWS_ENDPOINT", content: "{{ env.AWS_ENDPOINT }}"}
+        - {file: "AWS_REGION", content: "{{ env.AWS_REGION }}"}
+        - {file: "AWS_S3_FORCE_PATH_STYLE", content: "{{ env.AWS_S3_FORCE_PATH_STYLE }}"}
+        - {file: "AWS_SECRET_ACCESS_KEY", content: "{{ env.AWS_SECRET_ACCESS_KEY }}"}
+        - {file: "WALG_S3_PREFIX", content: "{{ env.WALG_S3_PREFIX }}"}
+        - {file: "PGHOST", content: "/var/run/postgresql"}
+
+    - name: /etc/postgresql/{{ pg_v }}/main/wal-g.conf
+      become: yes
+      copy:
+        dest: /etc/postgresql/{{ pg_v }}/main/wal-g.conf
+        content: |
+         archive_mode = yes
+         archive_command = '/usr/bin/envdir {{ wal_g }} {{ wal_g_bin }} wal-push %p'
+         archive_timeout = 60
+
+    - name: /etc/postgresql/{{ pg_v }}/main/postgresql.conf
+      become: yes
+      lineinfile:
+        path: /etc/postgresql/{{ pg_v }}/main/postgresql.conf
+        regexp: listen_addresses
+        line: "listen_addresses = '127.0.0.1,10.0.3.1,fdf3:aad9:a885:b3a::1'"
+
+    - name: /etc/postgresql/{{ pg_v }}/main/postgresql.conf
+      become: yes
+      lineinfile:
+        path: /etc/postgresql/{{ pg_v }}/main/postgresql.conf
+        regexp: wal-g.conf
+        line: "include = 'wal-g.conf'"
+
+    - name: /etc/postgresql/{{ pg_v }}/main/pg_hba.conf
+      become: yes
+      lineinfile:
+        path: /etc/postgresql/{{ pg_v }}/main/pg_hba.conf
+        regexp: fdf3:aad9:a885:b3a
+        line: "host all all fdf3:aad9:a885:b3a::/64 scram-sha-256"
+
-- 
cgit v1.2.3