hetzner-ansible/roles/postgres/tasks/base-requirements.yml

- name: "Adding group postgresql"
  group:
    name: postgres
    gid: 2001

- name: "Adding user postgresql"
  user:
    name: postgres
    uid: 2000
    group: postgres
    home: /var/lib/postgresql
    system: true
    shell: /bin/bash

- name: "Ensuring repository meta is installed"
  apt:
    name: ["debian-keyring", "debian-archive-keyring", "apt-transport-https"]
    update_cache: yes
    cache_valid_time: 900
    state: present

- name: "Adding an apt signing key, uses whichever key is at the url"
  ansible.builtin.apt_key:
    url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
    state: present
    validate_certs: false

- name: "Adding postgresql repository into sources list"
  ansible.builtin.apt_repository:
    repo: deb http://apt.postgresql.org/pub/repos/apt {{ default_postgres_target_distribution }} main
    state: present

- name: "Ensuring postgres is installed"
  apt:
    name: "postgresql-{{ default_postgres_version }}"
    update_cache: yes
    cache_valid_time: 900
    state: present

- name: "Setup listen interfaces for postgresql instance"
  lineinfile:
    state: present
    regex: "^listen_addresses"
    line: "listen_addresses = 'localhost,{{ ansible_all_ipv4_addresses | ansible.netcommon.ipaddr(default_private_network) | first }}'"
    path: /etc/postgresql/{{ default_postgres_version }}/main/postgresql.conf
  register: listen_addresses

- name: "Setting 'max_connections={{ default_max_connections }}'"
  lineinfile:
    state: present
    regex: "^max_connections"
    line: "max_connections = {{ default_max_connections }}"
    path: /etc/postgresql/{{ default_postgres_version }}/main/postgresql.conf
  register: max_connections

- name: "Setting 'shared_buffers={{ default_shared_buffers }}'"
  lineinfile:
    state: present
    regex: "^shared_buffers"
    line: "shared_buffers = {{ default_shared_buffers }}"
    path: /etc/postgresql/{{ default_postgres_version }}/main/postgresql.conf
  register: shared_buffers

- name: "Creating archive directory if necessary"
  file:
    state: directory
    path: /postgresql/replication
    owner: postgres
    group: postgres
    mode: "g+s"

- name: "Creating backups directory if necessary"
  file:
    state: directory
    path: /backups
    owner: postgres
    group: postgres
    mode: "g+s"

- name: "Installing prometheus postgres exporter"
  apt:
    name: "prometheus-postgres-exporter"
    update_cache: yes
    cache_valid_time: 900
    state: present

- name: "Restarting postgres if necessary"
  service:
    name: postgresql
    state: restarted
  when: listen_addresses.changed or max_connections.changed or shared_buffers.changed