Add pg_ident.conf file

2 files changed, 18 insertions, 1 deletions

diff --git a/ansible/roles/postgres/files/ident.conf b/ansible/roles/postgres/files/ident.conf
new file mode 100644
index 0000000..786fb46
--- /dev/null
+++ b/ansible/roles/postgres/files/ident.conf
@@ -0,0 +1,4 @@
+# Managed by Ansible
+
+# MAP NAME        MATCH VALUE                             DATABASE USERNAME
+  mtls_cn_map     /^(\w+)\.postgres\.tls\.pydis\.wtf$     \1
diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml
index 989c459..1fb54e3 100644
--- a/ansible/roles/postgres/tasks/main.yml
+++ b/ansible/roles/postgres/tasks/main.yml
@@ -24,6 +24,7 @@
   community.postgresql.postgresql_user:
     name: "{{ item.name }}"
     password: "{{ item.password }}"
+    role_attr_flags: "{{ item['role_attr_flags'] | default('') }}"
     state: present
   loop_control:
     label: "{{ item.name }}"
@@ -51,7 +52,7 @@
     marker: "# {mark} ANSIBLE MANAGED HBA CONF BLOCK"
     block: |
       {% for rule in postgres_hba_rules %}
-      {{ rule.conn_type }}    {{ rule.database }}    {{ rule.user }}    {{ rule.address }}    {{ rule.method }}
+      {{ rule.conn_type }}    {{ rule.database }}    {{ rule.user }}    {{ rule.address }}    {{ rule.method }}   {{ rule['options'] | default('') }}
       {% endfor %}
   loop: "{{ postgres_hba_rules }}"
   notify:
@@ -102,3 +103,15 @@
     - role::postgres
   notify:
     - Restart the postgres service
+
+- name: Import PostgreSQL identity map (pg_ident.conf)
+  copy:
+    src: ident.conf
+    dest: /etc/postgresql/{{ postgres_version }}/main/pg_ident.conf
+    owner: postgres
+    group: postgres
+    mode: "0644"
+  tags:
+    - role::postgres
+  notify:
+    - Restart the postgres service