diff options
| author |  shtlrs <[email protected]> | 2024-05-14 19:34:07 +0200 |
|---|---|---|
| committer |  jchristgit <[email protected]> | 2024-05-14 19:40:59 +0200 |
| commit | 0bc31eb27e3b63fdc4f191058736ad11e24a1c92 (patch) | |
| tree | 2a4938476e4e2cc0c958e9c4e9d99821f414ec8a | |
| parent | add the db_passwords secrets file (diff) | |
add the task that configures host based authentication
| -rw-r--r-- | ansible/roles/postgres/tasks/main.yml | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml index 034ff9c..b605093 100644 --- a/ansible/roles/postgres/tasks/main.yml +++ b/ansible/roles/postgres/tasks/main.yml @@ -32,3 +32,19 @@ become_user: "{{ postgres_user }}" tags: - role::postgres + + +- name: Set host based authentication rules for all postgres users at once + ansible.builtin.blockinfile: + path: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf + insertafter: "# Put your actual configuration here" + marker: "# {mark} ANSIBLE MANAGED HBA CONF BLOCK" + block: | + {% for db in postgres_databases %} + host {{ db.name }} {{ db.owner }} all scram-sha-256 + {% endfor %} + loop: "{{ postgres_databases }}" + notify: + - Reload the postgres service + tags: + - role::postgres |