diff options
| -rw-r--r-- | ansible/roles/postgres/vars/main/db_passwords.yml | 64 | ||||
| -rw-r--r-- | ansible/roles/postgres/vars/main/main.yml | 43 |
2 files changed, 73 insertions, 34 deletions
diff --git a/ansible/roles/postgres/vars/main/db_passwords.yml b/ansible/roles/postgres/vars/main/db_passwords.yml index fb9e975..76403cb 100644 --- a/ansible/roles/postgres/vars/main/db_passwords.yml +++ b/ansible/roles/postgres/vars/main/db_passwords.yml @@ -1,29 +1,37 @@ $ANSIBLE_VAULT;1.1;AES256 -33323139363965656336373638346238616137373563396164363966663133346139666262323766 -6366623134383761353833373830313266613439643631390a666135346462303638396134376233 -37353435363838393738626334653762333630653039396661613262373964376432616661623739 -3064303439653961380a306535326665316666343637336266356539373863333062383864336239 -34613435316438316465383661633461393835643535316364373963343561363930333232303537 -65323036646638313737333837353738356462323731396430353361656232323830393734613863 -36326261623563323435643034303634316330336464663334393337343135326638383164643062 -33663032623139346461303762343730393332393236663031316236336237373864326238313931 -39396237396237333037663233353838623365386362376431326432393862663033323038396536 -39336134616131343265626566616565303634383662373836636631356364646533396637383764 -33373466636230643834616463383133636533303034306165323330393163353339303263323236 -61313835393761336136346136643764643831383437633733326230376566313235663663373764 -30353534343834323263623362343565353063643764346239653435356561633735666363376436 -30383965393761356561656131613534353930643662393137303263376561653631346465356431 -31343261626164653061633230353965613761343664623564316131336434356336663762396164 -36316138383963613533613535656265393232656638373162333535313430353931306236626365 -63356566356661353237653462336230326339356230353036653766633834623061366436663162 -39323264303634643636333736363630353632306431373439333831383430383634323334626632 -63343832363164653138333561333663366562643666626663626636306363373432353861623066 -37326364343261393562326436653434343865303266383365346466646631376332653965396135 -65663634636637303661366332313464656230666435336330633535656432633936386132613639 -30653962393766343133346534653661656663633432616638623062663664306534636664636262 -34336661326661653532356531313665656530306262376430633464333636333336333631396266 -36636632363738396435616132663035353637353861636163386135366361653631633431633966 -37326166316639316130353133636534353731333034303337386662613065653266393166323262 -33383161613433656132303362353034616464623437343230383337313631663434343936323936 -65393361323262386133326164363733323562343430646136343430383864366661633533303530 -31393135373865626262 +36316361616462303139376432343533313430666164303331323037376631663934373163303931 +6438343965666165643433656266663739656335623632330a666233333665666661663733346135 +61303332643737633865346634306339663261313562373066356330613234363265623161633832 +6435333065646664630a633530393465306436656434633366393834653663356630376131656430 +61663033333136646262626338656231363363386336643135353038333431313330393865663233 +33393635383564343461343431623932626436343939326462373861326561366533316532353431 +66396461626134336539313866323135646565333137306634316433326664626462613839623937 +63363635356665616163383237366361333466363530306137306633336231356639613833656565 +30373934336330623964393032356635323033386438646632663663653036386337653365363430 +35326234373761303739343136336530666562333231656664393530616363333939616639613232 +38643332623733323939613138653963333338383135323830616330633739633539646361356561 +61336361333231613132643565343536653732653665373264646565316562343764623232323535 +38363462326366316533663337323463396632313435643137303732656665396532623330383064 +32616266343966613635653439663861313933343937343966623030663262656339363065663035 +64633039383030326232626664613733366661663266653832353633623636373839353930376465 +62306235376138613065663465626264323634373330643865333664643666303762656566353931 +66623630353734623130356633383034306138373731323538376237366465643131616339396364 +31626563376334363163646238316163386465633532653339323763356265346531363635356664 +61623935313063333131383438313363353436653464366333333739646632613537616338643631 +38326539383432353661353139346233396534363632373865326632666132616262386630663762 +62323031633566316334666432626265643036626130643562313964366239626265616331643166 +61356234646530393561656435376534323138383066613462663761326238363939666465366636 +30616536343335366664626134653936373966646433366233633336626663643239306133643465 +63333465363734373335333236666332633038306231373132656461626434666163663566393438 +62383838346633616366316434393430663739643137666430653832666361656463383830313566 +65636437336235363365656638303864353965643766623534373631333431356131623466666637 +31303864343563363831636132303933336133303434343331663137303031303232393163623861 +30306133643833643233653538656338306138313139303536633965663635633230666332336333 +32303234363337306466383037393064643135626566323737396530616163616232376565386132 +66623930633037386338393962323739313031363064353635626138613830663336633861613363 +34393735323863396265316337336463363136643064306631386133653762333161363636343937 +38376136653163656161626334633832373034373231303236393932326563323030366232623636 +39393331363930643063633565333931663134646433336438383865663964626461326235656565 +31373833313064353737313836333938396131306534373033323965353930363533363866323266 +30623666353765363230323335633732666639303962353661386132623334333638633735306434 +64366331333637336436 diff --git a/ansible/roles/postgres/vars/main/main.yml b/ansible/roles/postgres/vars/main/main.yml index 1e94b20..4fd4953 100644 --- a/ansible/roles/postgres/vars/main/main.yml +++ b/ansible/roles/postgres/vars/main/main.yml @@ -28,8 +28,21 @@ postgres_users: password: "{{ vault_postgres_user_passwords.metricity }}" roles: + - name: metabase + password: "{{ vault_postgres_user_passwords.metabase }}" + roles: + - pg_read_all_data + + - name: grafana + password: "{{ vault_postgres_user_passwords.grafana }}" + roles: + - pg_read_all_data + postgres_hba_rules: + # + # Service HBA rules + # - conn_type: hostssl database: pinnwand user: pinnwand @@ -37,12 +50,6 @@ postgres_hba_rules: method: scram-sha-256 - conn_type: hostssl - database: all - user: blackbox - address: all - method: scram-sha-256 - - - conn_type: hostssl database: bitwarden user: bitwarden address: all @@ -66,6 +73,30 @@ postgres_hba_rules: address: all method: scram-sha-256 + # + # Backup service HBA rules + # + - conn_type: hostssl + database: all + user: blackbox + address: all + method: scram-sha-256 + + # + # Analytics HBA rules + # + - conn_type: hostssl + database: metricity + user: metabase + address: all + method: scram-sha-256 + + - conn_type: hostssl + database: metricity + user: grafana + address: all + method: scram-sha-256 + postgres_databases: - name: pinnwand owner: pinnwand |