aboutsummaryrefslogtreecommitdiffstats
path: root/ansible/roles/postgres
diff options
context:
space:
mode:
authorGravatar shtlrs <[email protected]>2024-06-01 20:16:16 +0200
committerGravatar shtlrs <[email protected]>2024-06-01 20:16:16 +0200
commit3e58e04c04a7afc83f26a6d4cc4589f950ab0388 (patch)
tree4f8a6e3b43846c13ba228766671856be9908246e /ansible/roles/postgres
parentMake issuing pg grants configurable (#327) (diff)
grant correct privileges to site and grafana
Diffstat (limited to 'ansible/roles/postgres')
-rw-r--r--ansible/roles/postgres/tasks/main.yml3
-rw-r--r--ansible/roles/postgres/vars/main/db_passwords.yml75
-rw-r--r--ansible/roles/postgres/vars/main/main.yml34
3 files changed, 75 insertions, 37 deletions
diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml
index 8a210be..eefafb7 100644
--- a/ansible/roles/postgres/tasks/main.yml
+++ b/ansible/roles/postgres/tasks/main.yml
@@ -77,8 +77,9 @@
database: "{{ grant.database }}"
state: "{{ grant.state }}"
privs: "{{ grant.privs }}"
- objs: "{{ grant.objs }}"
+ objs: "{{ grant.objs | default(omit) }}"
roles: "{{ grant.roles }}"
+ type: "{{ grant.type }}"
when: postgres_grants is defined
loop: "{{ postgres_grants }}"
loop_control:
diff --git a/ansible/roles/postgres/vars/main/db_passwords.yml b/ansible/roles/postgres/vars/main/db_passwords.yml
index 76403cb..ac88b43 100644
--- a/ansible/roles/postgres/vars/main/db_passwords.yml
+++ b/ansible/roles/postgres/vars/main/db_passwords.yml
@@ -1,37 +1,40 @@
$ANSIBLE_VAULT;1.1;AES256
-36316361616462303139376432343533313430666164303331323037376631663934373163303931
-6438343965666165643433656266663739656335623632330a666233333665666661663733346135
-61303332643737633865346634306339663261313562373066356330613234363265623161633832
-6435333065646664630a633530393465306436656434633366393834653663356630376131656430
-61663033333136646262626338656231363363386336643135353038333431313330393865663233
-33393635383564343461343431623932626436343939326462373861326561366533316532353431
-66396461626134336539313866323135646565333137306634316433326664626462613839623937
-63363635356665616163383237366361333466363530306137306633336231356639613833656565
-30373934336330623964393032356635323033386438646632663663653036386337653365363430
-35326234373761303739343136336530666562333231656664393530616363333939616639613232
-38643332623733323939613138653963333338383135323830616330633739633539646361356561
-61336361333231613132643565343536653732653665373264646565316562343764623232323535
-38363462326366316533663337323463396632313435643137303732656665396532623330383064
-32616266343966613635653439663861313933343937343966623030663262656339363065663035
-64633039383030326232626664613733366661663266653832353633623636373839353930376465
-62306235376138613065663465626264323634373330643865333664643666303762656566353931
-66623630353734623130356633383034306138373731323538376237366465643131616339396364
-31626563376334363163646238316163386465633532653339323763356265346531363635356664
-61623935313063333131383438313363353436653464366333333739646632613537616338643631
-38326539383432353661353139346233396534363632373865326632666132616262386630663762
-62323031633566316334666432626265643036626130643562313964366239626265616331643166
-61356234646530393561656435376534323138383066613462663761326238363939666465366636
-30616536343335366664626134653936373966646433366233633336626663643239306133643465
-63333465363734373335333236666332633038306231373132656461626434666163663566393438
-62383838346633616366316434393430663739643137666430653832666361656463383830313566
-65636437336235363365656638303864353965643766623534373631333431356131623466666637
-31303864343563363831636132303933336133303434343331663137303031303232393163623861
-30306133643833643233653538656338306138313139303536633965663635633230666332336333
-32303234363337306466383037393064643135626566323737396530616163616232376565386132
-66623930633037386338393962323739313031363064353635626138613830663336633861613363
-34393735323863396265316337336463363136643064306631386133653762333161363636343937
-38376136653163656161626334633832373034373231303236393932326563323030366232623636
-39393331363930643063633565333931663134646433336438383865663964626461326235656565
-31373833313064353737313836333938396131306534373033323965353930363533363866323266
-30623666353765363230323335633732666639303962353661386132623334333638633735306434
-64366331333637336436
+64663562373934643833323337353032666137313562303337626637373966386165353866666465
+3662343063346436313764643437383138393262376365380a643063653630383364646639383837
+32333532653037363936396366653539633964313165366639396133653964323933336434336534
+3731396263613230390a303565303332376333346433336365333835373363396532613364353766
+31626334376466346363633364303432323634386366333833656637316266306535623336313739
+64353264613734356664356565376361393635343831386439303739393334393931393833353638
+38623639343431363639343638323736643833356664386338303365343331333535663230333165
+36643066353431373038626138343237346461656566616130383639316634373832646463313739
+32656564373066316636303465656333663636313436636138336263323839653266303236313665
+39643836643234393361316464383861373961306132346564373432636264383063633661386663
+35323637636234666330663937663265616532376132643866623230333534396636366663653063
+37326363663764356230653937356633396234663766326161656664303438633363653831346638
+30633761363937663133313132366663373462356431653864653338383839316364363838353464
+30646661663463323364623066393964323163323564666336363066356165653639333435316266
+63373463666534633666363565326131626231306135323866386565636163323261633433373737
+66363738653261336163666135633563356234303435306234303138376162653064313666636135
+32323762386666666232646565396635366439373832373964633335323635306533643463363236
+61303136643438663463326538623261343133346664376135356632326265623765336461656539
+33383332363838323663333730373133373138616464333563393337343336643734653363346136
+36373530346465353765323663393162623736306339323037363564373834363363643964333736
+37323730383437323137663664663363623234363731393566653232663032653765373665663365
+66383538326665666363303632613436326639633565646461626365656665303165396132356431
+32613861313133613162383931636262333661663366393637316632623730343561333862393162
+65633035386130653931363838303830363636653030393638353837376330653339306538653962
+36623063643761303535353030376264616538393235383061623239306331313836643130303939
+62653734636339366430666131303331396661663935313430383834383935326462323836633463
+35373530623631306537323638653634333232643463326664363234393939383936356538396430
+66323834346438353464363763643939383466393536613463336437396438336436616439353163
+38383836656666656638343866613438646163363932343834313365653866333038306433353034
+61393631366364336461313166623635323233633937333061363362303765336234303835613136
+38383964653336623535633332663137366533663964326237626537353437373939643237646138
+33633939383463323365366362643635376561316239386366643034333332613361393332336230
+35376134663135376530626433376663376338363763396534643966626339336533663765366236
+62306136333635396333346233616565623232653635663964303564626361313633343361363035
+37626364386637363831653066373536656233363533363265623939626636613631373831336632
+39316137343434646262613263303434306233636662386662303034386637333636353434353561
+37363435356236623237303136366335623137323031613236343164313932643232626433643063
+35333063353766626637383537383535333366663934383030303635346565316462663966333138
+626365383665376133376566373666383266
diff --git a/ansible/roles/postgres/vars/main/main.yml b/ansible/roles/postgres/vars/main/main.yml
index 4fd4953..c7b6996 100644
--- a/ansible/roles/postgres/vars/main/main.yml
+++ b/ansible/roles/postgres/vars/main/main.yml
@@ -3,6 +3,10 @@ postgres_daemon: "postgresql@{{ postgres_version }}-main"
postgres_user: "postgres"
postgres_users:
+ - name: site
+ password: "{{ vault_postgres_user_passwords.site }}"
+ roles:
+
- name: pinnwand
password: "{{ vault_postgres_user_passwords.pinnwand }}"
roles:
@@ -50,6 +54,18 @@ postgres_hba_rules:
method: scram-sha-256
- conn_type: hostssl
+ database: site
+ user: grafana
+ address: all
+ method: scram-sha-256
+
+ - conn_type: hostssl
+ database: site
+ user: site
+ address: all
+ method: scram-sha-256
+
+ - conn_type: hostssl
database: bitwarden
user: bitwarden
address: all
@@ -108,3 +124,21 @@ postgres_databases:
owner: codejam_management
- name: metricity
owner: metricity
+ - name: site
+ owner: site
+
+
+postgres_grants:
+ - objs: api_nomination,api_infraction,api_user,api_nominationentry,pg_stat_statements,pg_stat_statements_info
+ privs: SELECT
+ state: present
+ roles: grafana
+ database: site
+ type: table
+
+ - objs: site
+ privs: CONNECT
+ state: present
+ roles: grafana
+ database: site
+ type: database
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-20 06:56:28 +0000