mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2024-12-27 03:18:31 +01:00
410a915a8a
This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`, similar to how it's done in: - https://github.com/spantaleev/gitea-docker-ansible-deploy - https://github.com/spantaleev/nextcloud-docker-ansible-deploy In the near future, we'll be removing a lot of the shared role code from here and using upstream roles for it. Some of the core `matrix-*` roles have already been extracted out into other reusable roles: - https://github.com/devture/com.devture.ansible.role.postgres - https://github.com/devture/com.devture.ansible.role.systemd_docker_base - https://github.com/devture/com.devture.ansible.role.timesync - https://github.com/devture/com.devture.ansible.role.vars_preserver - https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages - https://github.com/devture/com.devture.ansible.role.playbook_help We just need to migrate to those.
134 lines
7.8 KiB
YAML
134 lines
7.8 KiB
YAML
---
|
|
# Project source code URL: https://github.com/postgres/postgres
|
|
|
|
# Controls if the Postgres server managed by the playbook is enabled.
|
|
# You can turn it off and use an external Postgres server by setting this to `false`.
|
|
# Doing this has various downsides. See `docs/configuring-playbook-external-postgres.md` to learn more.
|
|
matrix_postgres_enabled: true
|
|
|
|
matrix_postgres_connection_hostname: "matrix-postgres"
|
|
matrix_postgres_connection_port: 5432
|
|
matrix_postgres_connection_username: "matrix"
|
|
matrix_postgres_connection_password: ""
|
|
matrix_postgres_db_name: "matrix"
|
|
|
|
matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres"
|
|
matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data"
|
|
|
|
# matrix_postgres_systemd_services_to_stop_for_maintenance_list specifies the list of systemd services to stop before vacuuming or upgrading.
|
|
# These services will be restarted after the operation completes.
|
|
matrix_postgres_systemd_services_to_stop_for_maintenance_list: []
|
|
|
|
matrix_postgres_architecture: amd64
|
|
|
|
# matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images.
|
|
# Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7).
|
|
# On ARM32, `-alpine` images fail with the following error:
|
|
# > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault
|
|
matrix_postgres_docker_image_suffix: "{{ '-alpine' if matrix_postgres_architecture in ['amd64', 'arm64'] else '' }}"
|
|
|
|
matrix_postgres_docker_image_v9: "{{ matrix_container_global_registry_prefix }}postgres:9.6.24{{ matrix_postgres_docker_image_suffix }}"
|
|
matrix_postgres_docker_image_v10: "{{ matrix_container_global_registry_prefix }}postgres:10.22{{ matrix_postgres_docker_image_suffix }}"
|
|
matrix_postgres_docker_image_v11: "{{ matrix_container_global_registry_prefix }}postgres:11.17{{ matrix_postgres_docker_image_suffix }}"
|
|
matrix_postgres_docker_image_v12: "{{ matrix_container_global_registry_prefix }}postgres:12.12{{ matrix_postgres_docker_image_suffix }}"
|
|
matrix_postgres_docker_image_v13: "{{ matrix_container_global_registry_prefix }}postgres:13.8{{ matrix_postgres_docker_image_suffix }}"
|
|
matrix_postgres_docker_image_v14: "{{ matrix_container_global_registry_prefix }}postgres:14.5{{ matrix_postgres_docker_image_suffix }}"
|
|
matrix_postgres_docker_image_v15: "{{ matrix_container_global_registry_prefix }}postgres:15.0{{ matrix_postgres_docker_image_suffix }}"
|
|
matrix_postgres_docker_image_latest: "{{ matrix_postgres_docker_image_v15 }}"
|
|
|
|
# This variable is assigned at runtime. Overriding its value has no effect.
|
|
matrix_postgres_docker_image_to_use: '{{ matrix_postgres_docker_image_latest }}'
|
|
|
|
matrix_postgres_docker_image_force_pull: "{{ matrix_postgres_docker_image_to_use.endswith(':latest') }}"
|
|
|
|
# A list of extra arguments to pass to the container
|
|
matrix_postgres_container_extra_arguments: []
|
|
|
|
# A list of extra arguments to pass to the postgres process
|
|
# e.g. "-c 'max_connections=200'"
|
|
matrix_postgres_process_extra_arguments: []
|
|
|
|
# Controls whether the matrix-postgres container exposes a port (tcp/5432 in the
|
|
# container) that can be used to access the database from outside the container (e.g. with psql)
|
|
#
|
|
# psql postgresql://username:password@localhost:<port>/database_name
|
|
#
|
|
# Takes an "<ip>:<port>" or "<port>" value (e.g. "127.0.0.1:5432"), or empty string to not expose.
|
|
matrix_postgres_container_postgres_bind_port: ""
|
|
|
|
# A list of additional (databases and their credentials) to create.
|
|
#
|
|
# Example:
|
|
# matrix_postgres_additional_databases:
|
|
# - name: matrix_appservice_discord
|
|
# username: matrix_appservice_discord
|
|
# password: some_password
|
|
# - name: matrix_appservice_slack
|
|
# username: matrix_appservice_slack
|
|
# password: some_password
|
|
matrix_postgres_additional_databases: []
|
|
|
|
# A list of roles/users to avoid creating when importing (or upgrading) the database.
|
|
# If a dump file contains the roles and they've also been created beforehand (see `matrix_postgres_additional_databases`),
|
|
# importing would fail.
|
|
# We either need to not create them or to ignore the `CREATE ROLE` statements in the dump.
|
|
matrix_postgres_import_roles_to_ignore: |
|
|
{{
|
|
(
|
|
[matrix_postgres_connection_username]
|
|
+
|
|
matrix_postgres_additional_databases|map(attribute='username') | list
|
|
) | unique
|
|
}}
|
|
|
|
# When importing an existing Postgres database (when restoring a backup) or when doing a Postgres upgrade (which dumps & restores), we'd like to avoid:
|
|
# - creating users (`CREATE ROLE ..`)
|
|
# - updating passwords for users (`ALTER ROLE matrix WITH SUPERUSER INHERIT NOCREATEROLE NOCREATEDB LOGIN NOREPLICATION NOBYPASSRLS PASSWORD 'md5...`)
|
|
#
|
|
# Both of these operations are done by the playbook anyway.
|
|
# Updating passwords is especially undesirable, because older versions hash passwords using md5 and export them as md5 hashes in the dump file,
|
|
# which is unsupported by default by newer Postgres versions (v14+).
|
|
# When users are created and passwords are set by the playbook, they end up hashed as `scram-sha-256` on Postgres v14+.
|
|
# If an md5-hashed password is restored on top, Postgres v14+ will refuse to authenticate users with it by default.
|
|
#
|
|
# We also allow for the role name to be quoted, which is rare, but might happen for role names which are special keywords (e.g. `default`).
|
|
matrix_postgres_import_roles_ignore_regex: "^(CREATE|ALTER) ROLE \\\"?({{ matrix_postgres_import_roles_to_ignore | join('|') }})\\\"?(;| WITH)" # noqa jinja[spacing]
|
|
|
|
# A list of databases to avoid creating when importing (or upgrading) the database.
|
|
# If a dump file contains the databases and they've also been created beforehand (see `matrix_postgres_additional_databases`),
|
|
# importing would fail.
|
|
# We either need to not create them or to ignore the `CREATE DATABASE` statements in the dump.
|
|
matrix_postgres_import_databases_to_ignore: |
|
|
{{
|
|
(
|
|
[matrix_postgres_db_name]
|
|
+
|
|
matrix_postgres_additional_databases|map(attribute='name') | list
|
|
) | unique
|
|
}}
|
|
|
|
# We also allow for the database name to be quoted, which is rare, but might happen for database names which are special keywords (e.g. `default`).
|
|
matrix_postgres_import_databases_ignore_regex: "^CREATE DATABASE \\\"?({{ matrix_postgres_import_databases_to_ignore | join('|') }})\\\"?\\s" # noqa jinja[spacing]
|
|
|
|
# The number of seconds to wait after starting `matrix-postgres.service`
|
|
# and before trying to run queries for creating additional databases/users against it.
|
|
#
|
|
# For most (subsequent) runs, Postgres would already be running, so no waiting will be happening at all.
|
|
#
|
|
# On ARM, we wait some more. ARM32 devices are especially known for being slow.
|
|
# ARM64 likely don't need such a long delay, but it doesn't hurt too much having it.
|
|
matrix_postgres_additional_databases_postgres_start_wait_timeout_seconds: "{{ 45 if matrix_postgres_architecture in ['arm32', 'arm64'] else 15 }}"
|
|
|
|
|
|
matrix_postgres_pgloader_container_image_self_build: false
|
|
matrix_postgres_pgloader_container_image_self_build_repo: "https://github.com/illagrenan/pgloader-docker.git"
|
|
matrix_postgres_pgloader_container_image_self_build_repo_branch: "v{{ matrix_postgres_pgloader_docker_image_tag }}"
|
|
matrix_postgres_pgloader_container_image_self_build_src_path: "{{ matrix_postgres_base_path }}/pgloader-container-src"
|
|
|
|
# We use illagrenan/pgloader, instead of the more official dimitri/pgloader image,
|
|
# because the official one only provides a `latest` tag.
|
|
matrix_postgres_pgloader_docker_image: "{{ matrix_postgres_pgloader_docker_image_name_prefix }}illagrenan/pgloader:{{ matrix_postgres_pgloader_docker_image_tag }}"
|
|
matrix_postgres_pgloader_docker_image_name_prefix: "{{ 'localhost/' if matrix_postgres_pgloader_container_image_self_build else matrix_container_global_registry_prefix }}"
|
|
matrix_postgres_pgloader_docker_image_tag: "3.6.2"
|
|
matrix_postgres_pgloader_docker_image_force_pull: "{{ matrix_postgres_pgloader_docker_image.endswith(':latest') }}"
|