-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathmain.yml
61 lines (55 loc) · 1.62 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
---
# defaults variables for postgresql
# Postgresql.conf settings
pgsql_max_connections: 100
pgsql_shared_buffers: 32 #in MB
# Do we want to also be reachable on the network ?
# opening tcp/5432 and listening on all interfaces
# See also below to tune your settings based on network
pgsql_network_listen: False
# If true, which subnets we'll authorize for iptables and also automatically added in pg_hba (see below, concatenated)
pgsql_network_subnets:
- 192.168.1.0/24
# TLS support, optional but recommended if pgsql_network_listen !
# Default to False for testing puroposes.
# Don't forget to point to real key/crt it set to True
pgsql_tls: False
pgsql_tls_key: server.key
pgsql_tls_cert: server.crt
pgsql_tls_ca: ca.crt
# Clients for pg_hba.conf - see https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
# Remark: if pgsql_network_listen is set to True, the pgsql_network_subnets will be automatically added to this list with md5 auth
pgsql_hba_clients:
- type: local
database: all
user: postgres
auth_method: peer
- type: local
database: all
user: all
auth_method: md5
- type: host
database: all
user: all
address: '127.0.0.1/32'
auth_method: md5
- type: host
database: all
user: all
address: '::1/128'
auth_method: md5
# Do we want default users and databases to be created
# By default empty list
# example
# pgsql_users:
# - name: user1
# password: pass1
# role_attr: "NOCREATEDB,NOSUPERUSER,NOCREATEROLE"
# db: database1
pgsql_users: []
# Same for Databases
# example:
# pgsql_databases:
# - name: database1
# owner: user1
pgsql_databases: []