postgres_version: "15" postgres_daemon: "postgresql@{{ postgres_version }}-main" postgres_user: "postgres" postgres_users: - name: site password: "{{ vault_postgres_user_passwords.site }}" roles: - name: pixels password: "{{ vault_postgres_user_passwords.pixels }}" roles: - name: pinnwand password: "{{ vault_postgres_user_passwords.pinnwand }}" roles: - name: blackbox password: "{{ vault_postgres_user_passwords.blackbox }}" roles: - pg_read_all_data - name: metabase password: "{{ vault_postgres_user_passwords.metabase }}" roles: - pg_read_all_data - name: bitwarden password: "{{ vault_postgres_user_passwords.bitwarden }}" roles: - name: blackknight password: "{{ vault_postgres_user_passwords.blackknight }}" roles: - name: codejam_management password: "{{ vault_postgres_user_passwords.codejam_management }}" roles: - name: metricity password: "{{ vault_postgres_user_passwords.metricity }}" roles: - name: metabase password: "{{ vault_postgres_user_passwords.metabase }}" roles: - pg_read_all_data - name: grafana password: "{{ vault_postgres_user_passwords.grafana }}" roles: - pg_read_all_data - name: devops password: "{{ vault_postgres_user_passwords.devops }}" roles: role_attr_flags: SUPERUSER postgres_hba_rules: # # Service HBA rules # - conn_type: hostssl database: pinnwand user: pinnwand address: all method: scram-sha-256 - conn_type: hostssl database: site user: grafana address: all method: scram-sha-256 - conn_type: hostssl database: site user: site address: all method: scram-sha-256 - conn_type: hostssl database: bitwarden user: bitwarden address: all method: scram-sha-256 - conn_type: hostssl database: blackknight user: blackknight address: all method: scram-sha-256 - conn_type: hostssl database: codejam_management user: codejam_management address: all method: scram-sha-256 - conn_type: hostssl database: pixels user: pixels address: all method: scram-sha-256 - conn_type: hostssl database: metricity user: metricity address: all method: scram-sha-256 - conn_type: hostssl database: metabase user: metabase address: all method: scram-sha-256 # # Backup service HBA rules # - conn_type: hostssl database: all user: blackbox address: all method: scram-sha-256 # # Analytics HBA rules # - conn_type: hostssl database: metricity user: metabase address: all method: scram-sha-256 - conn_type: hostssl database: site user: metabase address: all method: scram-sha-256 - conn_type: hostssl database: metricity user: grafana address: all method: scram-sha-256 - conn_type: hostssl database: pixels user: metabase address: all method: scram-sha-256 # # DevOps Administration rules # - conn_type: hostssl database: all user: devops address: 127.0.0.1/32 method: cert options: map=mtls_cn_map - conn_type: hostssl database: all user: devops address: "::1/128" method: cert options: map=mtls_cn_map postgres_databases: - name: pinnwand owner: pinnwand - name: bitwarden owner: bitwarden - name: blackknight owner: blackknight - name: codejam_management owner: codejam_management - name: metricity owner: metricity - name: site owner: site - name: metabase owner: metabase - name: pixels owner: pixels - name: devops owner: devops postgres_grants: - objs: api_nomination,api_infraction,api_user,api_nominationentry,pg_stat_statements,pg_stat_statements_info privs: SELECT state: present roles: grafana database: site type: table - objs: site privs: CONNECT state: present roles: grafana database: site type: database