--- - hosts: - knot roles: - mw-frontend - ufw - role: postfix tags: postfix - role: dovecot tags: dovecot - role: bind tags: bind - role: mosquitto-server tags: mosquitto-server become: true - role: lxc-host tags: lxc-host become: true - role: knot-apache tags: knot-apache become: true - role: knot-misc tags: knot-misc become: true tasks: - tags: pg-backup vars: wal_g: /etc/postgresql/wal-g.env wal_g_bin: /var/lib/postgresql/wal-g block: - name: "mkdir {{ wal_g }}" become: yes file: path: "{{ wal_g }}" state: directory mode: ug=rx,o= owner: root group: postgres - name: Configure environment become: yes copy: dest: "{{ wal_g }}/{{ item.file }}" content: "{{ item.content }}" owner: root group: postgres mode: g=r,u=r,o= loop: - {file: "AWS_ACCESS_KEY_ID", content: "{{ pg_backup_knot.sender.access_key }}"} - {file: "AWS_ENDPOINT", content: "https://minio.trygvis.io"} - {file: "AWS_REGION", content: "us-east-1"} - {file: "AWS_S3_FORCE_PATH_STYLE", content: "true"} - {file: "AWS_SECRET_ACCESS_KEY", content: "{{ pg_backup_knot.sender.secret_key }}"} - {file: "WALG_S3_PREFIX", content: "s3://{{ pg_backup_knot.bucket.name }}"} - {file: "PGHOST", content: "/var/run/postgresql"} - name: /etc/postgresql/13/main/wal-g.conf become: yes copy: dest: /etc/postgresql/13/main/wal-g.conf content: | archive_mode = yes archive_command = '/usr/bin/envdir {{ wal_g }} {{ wal_g_bin }} wal-push %p' archive_timeout = 60 - name: /etc/postgresql/13/main/postgresql.conf become: yes lineinfile: path: /etc/postgresql/13/main/postgresql.conf regexp: wal-g.conf line: "include = 'wal-g.conf'"