joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df4ae0eb170a86b9ce20844fb5903b5c8424f180
rick-infra/roles/postgresql/defaults/main.yml
Joakim 762d00eebf Add simplified PostgreSQL infrastructure role for database services 
- Provides PostgreSQL server as shared database infrastructure
- Follows KISS principle with only essential configuration (11 variables vs 45 originally)
- Implements maximum security with Unix socket-only superuser access
- Uses scram-sha-256 authentication for application users
- Includes SystemD security hardening
- Applications manage their own databases/users via this infrastructure
- Production-ready with data checksums and localhost-only access
2025-11-18 22:33:56 +01:00

52 lines
1.6 KiB
YAML
Raw Blame History

---
# =================================================================
# PostgreSQL Infrastructure Role - Simplified Configuration
# =================================================================
# Provides PostgreSQL database server as shared infrastructure
# Applications manage their own databases/users
# =================================================================
# Essential Configuration
# =================================================================
# Service Management
postgresql_service_enabled: true
postgresql_service_state: "started"
# Network Security (localhost only)
postgresql_listen_addresses: "localhost"
postgresql_port: 5432
# Authentication
postgresql_auth_method: "scram-sha-256"
# Database Cluster Setup
postgresql_encoding: "UTF8"
postgresql_locale: "C.UTF-8"
postgresql_data_checksums: true
# Security
postgresql_systemd_security: true
# =================================================================
# Optional Performance (Conservative Defaults)
# =================================================================
# Basic performance settings - PostgreSQL defaults are excellent
postgresql_max_connections: 100
postgresql_shared_buffers: "128MB"
# =================================================================
# Infrastructure Notes
# =================================================================
# This role provides minimal PostgreSQL infrastructure
# Applications should create their own databases/users:
#
# - postgresql_user:
# name: myapp
# password: "{{ vault_myapp_password }}"
# - postgresql_db:
# name: myapp
# owner: myapp
#
# PostgreSQL's built-in defaults are used for everything else
Reference in New Issue View Git Blame Copy Permalink