From 164d86d64616c7efa5ff6b51bf752455adb79d99 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 1 Feb 2025 17:20:36 -0600
Subject: [PATCH] r/postgresql-data: Manage users and databases

This role can ensure PostgreSQL users and databases are created for
applications that are not themselves managed by Ansible.  Notably, we
need to do this for anything deployed in Kubernetes that uses the
central database server.
---
 group_vars/postgresql.yml               | 12 ++++++++++++
 postgresql.yml                          |  2 ++
 roles/postgresql-data/defaults/main.yml |  2 ++
 roles/postgresql-data/tasks/main.yml    | 23 +++++++++++++++++++++++
 4 files changed, 39 insertions(+)
 create mode 100644 roles/postgresql-data/defaults/main.yml
 create mode 100644 roles/postgresql-data/tasks/main.yml

diff --git a/group_vars/postgresql.yml b/group_vars/postgresql.yml
index de325e3..33adddb 100644
--- a/group_vars/postgresql.yml
+++ b/group_vars/postgresql.yml
@@ -60,3 +60,15 @@ wal_g_pg_config:
   AWS_ENDPOINT: https://s3.backups.pyrocufflink.blue
   PGHOST: /run/postgresql
   WALG_STATSD_ADDRESS: localhost:9125
+
+postgresql_users:
+- name: ara
+- name: authelia
+- name: firefly
+- name: homeassistant
+
+postgresql_dbs:
+- name: ara
+- name: authelia
+- name: firefly
+- name: homeassistant
diff --git a/postgresql.yml b/postgresql.yml
index c55b042..c0f2e1e 100644
--- a/postgresql.yml
+++ b/postgresql.yml
@@ -14,3 +14,5 @@
   - postgresql-server
   - role: postgres-exporter
     tags: postgres-exporter
+  - role: postgresql-data
+    tags: postgresql-data
diff --git a/roles/postgresql-data/defaults/main.yml b/roles/postgresql-data/defaults/main.yml
new file mode 100644
index 0000000..8a7f24d
--- /dev/null
+++ b/roles/postgresql-data/defaults/main.yml
@@ -0,0 +1,2 @@
+postgresql_users: []
+postgresql_dbs: []
diff --git a/roles/postgresql-data/tasks/main.yml b/roles/postgresql-data/tasks/main.yml
new file mode 100644
index 0000000..9b3711a
--- /dev/null
+++ b/roles/postgresql-data/tasks/main.yml
@@ -0,0 +1,23 @@
+- name: ensure postgresql users exist
+  become: true
+  become_user: postgres
+  postgresql_user:
+    name: '{{ item.name }}'
+    password: '{{ item.password|d(omit) }}'
+    state: present
+  loop: '{{ postgresql_users }}'
+  tags:
+  - postgresql-user
+
+- name: ensure postgresql databases exist
+  become: true
+  become_user: postgres
+  postgresql_db:
+    name: '{{ item.name }}'
+    owner: '{{ item.owner|d(item.name) }}'
+    encoding: '{{ item.encoding|d(omit) }}'
+    lc_collate: '{{ item.lc_collate|d(omit) }}'
+    lc_ctype: '{{ item.lc_ctype|d(omit) }}'
+  loop: '{{ postgresql_dbs }}'
+  tags:
+  - postgresql-db