joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add simplified PostgreSQL infrastructure role for database services

Browse Source 
- Provides PostgreSQL server as shared database infrastructure
- Follows KISS principle with only essential configuration (11 variables vs 45 originally)
- Implements maximum security with Unix socket-only superuser access
- Uses scram-sha-256 authentication for application users
- Includes SystemD security hardening
- Applications manage their own databases/users via this infrastructure
- Production-ready with data checksums and localhost-only access
This commit is contained in:
Joakim
2025-11-18 21:33:50 +01:00
parent 7c3b02e5ad
commit 762d00eebf
9 changed files with 532 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
roles/postgresql/defaults/main.yml Normal file
View File

@@ -0,0 +1,52 @@
---
# =================================================================
# PostgreSQL Infrastructure Role - Simplified Configuration
# =================================================================
# Provides PostgreSQL database server as shared infrastructure
# Applications manage their own databases/users
# =================================================================
# Essential Configuration
# =================================================================
# Service Management
postgresql_service_enabled: true
postgresql_service_state: "started"
# Network Security (localhost only)
postgresql_listen_addresses: "localhost"
postgresql_port: 5432
# Authentication
postgresql_auth_method: "scram-sha-256"
# Database Cluster Setup
postgresql_encoding: "UTF8"
postgresql_locale: "C.UTF-8"
postgresql_data_checksums: true
# Security
postgresql_systemd_security: true
# =================================================================
# Optional Performance (Conservative Defaults)
# =================================================================
# Basic performance settings - PostgreSQL defaults are excellent
postgresql_max_connections: 100
postgresql_shared_buffers: "128MB"
# =================================================================
# Infrastructure Notes
# =================================================================
# This role provides minimal PostgreSQL infrastructure
# Applications should create their own databases/users:
#
# - postgresql_user:
# name: myapp
# password: "{{ vault_myapp_password }}"
# - postgresql_db:
# name: myapp
# owner: myapp
#
# PostgreSQL's built-in defaults are used for everything else