change directory structure
This commit is contained in:
parent
a172a02fe1
commit
99d88677f9
18 changed files with 226 additions and 155 deletions
4
ansible/roles/backup/handlers/main.yml
Normal file
4
ansible/roles/backup/handlers/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
- name: restart sshd
|
||||
systemd:
|
||||
name: sshd
|
||||
state: restarted
|
||||
34
ansible/roles/backup/tasks/main.yml
Normal file
34
ansible/roles/backup/tasks/main.yml
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
- name: Add backup share user
|
||||
user:
|
||||
name: "{{ backup_share_user }}"
|
||||
create_home: false
|
||||
password: '!'
|
||||
shell: /sbin/nologin
|
||||
system: true
|
||||
- name: Add backup control user
|
||||
user:
|
||||
name: "{{ backup_control_user }}"
|
||||
password: '!'
|
||||
shell: /usr/bin/sh
|
||||
system: true
|
||||
groups: "libvirt"
|
||||
- name: Copy control script
|
||||
copy:
|
||||
src: "backup_control.sh"
|
||||
dest: "/home/{{ backup_control_user }}/control.sh"
|
||||
owner: "{{ backup_control_user }}"
|
||||
group: "{{ backup_control_user }}"
|
||||
mode: u=rx,g=rx,o=rx
|
||||
- name: Add backup user principals file
|
||||
copy:
|
||||
dest: "/etc/ssh/backup_principals"
|
||||
content: "backup"
|
||||
- name: Install user CA
|
||||
copy:
|
||||
dest: "/etc/ssh/user_ca_key.pub"
|
||||
content: "{{ user_ca }}"
|
||||
- name: Copy ssh config for backup user
|
||||
template:
|
||||
src: "sshd.conf.j2"
|
||||
dest: "/etc/ssh/sshd_config.d/custom.conf"
|
||||
notify: restart sshd
|
||||
4
ansible/roles/postgresql/handlers/main.yml
Normal file
4
ansible/roles/postgresql/handlers/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
- name: restart postgres
|
||||
systemd:
|
||||
name: postgresql
|
||||
state: restarted
|
||||
44
ansible/roles/postgresql/tasks/main.yml
Normal file
44
ansible/roles/postgresql/tasks/main.yml
Normal file
|
|
@ -0,0 +1,44 @@
|
|||
- name: Create terraform database
|
||||
postgresql_db:
|
||||
name: terraform_state
|
||||
owner: terraform
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Create database user
|
||||
postgresql_user:
|
||||
name: terraform
|
||||
become: true
|
||||
become_user: postgres
|
||||
|
||||
- name: Grant database user access to database
|
||||
postgresql_privs:
|
||||
type: database
|
||||
database: terraform_state
|
||||
roles: terraform
|
||||
grant_option: no
|
||||
privs: all
|
||||
become: true
|
||||
become_user: postgres
|
||||
notify: restart postgres
|
||||
|
||||
- name: Allow remote access to database for user
|
||||
postgresql_pg_hba:
|
||||
dest: /etc/postgresql/15/main/pg_hba.conf
|
||||
contype: host
|
||||
databases: all
|
||||
method: trust
|
||||
users: terraform
|
||||
address: "10.42.0.0/24"
|
||||
create: true
|
||||
become: true
|
||||
become_user: postgres
|
||||
notify: restart postgres
|
||||
|
||||
- name: Open postgres port
|
||||
ini_file:
|
||||
path: /etc/postgresql/15/main/postgresql.conf
|
||||
section: null
|
||||
option: listen_addresses
|
||||
value: "'*'"
|
||||
notify: restart postgres
|
||||
Reference in a new issue