Add postgres role/container.

2024-03-29 20:56:28 +01:00 · 2024-03-29 20:56:28 +01:00 · 7918d3b6f7
commit 7918d3b6f7
parent a24851a8b1
7 changed files with 106 additions and 0 deletions
--- a/env.yml
+++ b/env.yml
@ -2,6 +2,7 @@ domain: viyurz.fr
 timezone: "Europe/Paris"
 host_uid: 1000
 docker_projects_dir: "{{ ansible_env['HOME'] }}/docker-projects"
+project_dir: "{{ docker_projects_dir }}/{{ role_name }}"

 # UID shift for mapping between host & containers
 uid_shift: 99999
@ -43,6 +44,7 @@ projects:
  - hedgedoc
  - homepage
  - mailserver
+  - postgres
  - reverse-proxy
  - searxng
  - synapse
@ -55,6 +57,7 @@ projects_to_backup:
  - etebase
  - hedgedoc
  - mailserver
+  - postgres
  - synapse
  - uptime-kuma
  - vaultwarden
@ -85,6 +88,7 @@ ports:
  mailserver_smtps: 1465
  mailserver_imaps: 1993
  mailserver_jmap: 1443
+  postgres: 5432
  searxng: 8083
  synapse: 8008
  syncthing_discosrv: 8443
@ -105,6 +109,7 @@ users:
  hedgedoc_mysql: 1005
  homepage: 8686
  mailserver: 8
+  postgres: 70
  searxng: 977
  searxng_redis: 999
  synapse: 991
@ -125,6 +130,7 @@ volumes:
  mailserver_datadir: /mnt/mailserverdata
  mailserver_tls_certificate_file: "/etc/letsencrypt/live/mail.{{ domain }}/fullchain.pem"
  mailserver_tls_certificate_key_file: "/etc/letsencrypt/live/mail.{{ domain }}/privkey.pem"
+  postgres_datadir: /mnt/postgresdata
  synapse_datadir: /mnt/synapsedata
  synapse_postgres_datadir: /mnt/synapsepgdata
  syncthing_datadir: "{{ cifs_mounts['syncthing']['path'] }}"
--- a/roles/postgres/tasks/backup.yml
+++ b/roles/postgres/tasks/backup.yml
@ -0,0 +1,24 @@
+- name: Create borg backup from PostgreSQL dumpall
+  shell: |
+    docker exec postgres
+    pg_dumpall |
+    borg create
+    --compression lzma
+    "{{ borg_repodir }}::{{ role_name }}-{now:%Y-%m-%d_%H-%M-%S}"
+    -
+    --stdin-name dumpall.sql
+  environment:
+    DOCKER_HOST: "unix:///run/user/{{ host_uid }}/docker.sock"
+    BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+  become: true
+
+- name: Prune borg repository
+  command:
+    cmd: |
+      borg prune
+      --glob-archives='{{ role_name }}-*'
+      {{ borg_prune_options }}
+      {{ borg_repodir }}
+  environment:
+    BORG_PASSCOMMAND: "cat {{ borg_passphrase_file }}"
+  become: true
--- a/roles/postgres/tasks/main.yml
+++ b/roles/postgres/tasks/main.yml
@ -0,0 +1,9 @@
+- name: Include backup tasks
+  include_tasks:
+    file: backup.yml
+  when: run_backup | default(false) | bool
+
+- name: Include update tasks
+  include_tasks:
+    file: update.yml
+  when: run_update | default(false) | bool
--- a/roles/postgres/tasks/update.yml
+++ b/roles/postgres/tasks/update.yml
@ -0,0 +1,48 @@
+- name: "Create {{ project_dir }} directory"
+  file:
+    path: "{{ project_dir }}"
+    state: directory
+
+- name: Template docker-compose.yaml & .env to project directory
+  template:
+    src: "{{ item }}"
+    dest: "{{ project_dir }}/{{ item }}"
+    owner: "{{ host_uid }}"
+    group: "{{ host_uid }}"
+    mode: '600'
+  loop:
+    - docker-compose.yaml
+    - .env
+
+- name: "Create (if not exists) directory {{ volumes['postgres_datadir'] }} & set permissions"
+  file:
+    path: "{{ volumes['postgres_datadir'] }}"
+    state: directory
+    owner: "{{ users['postgres'] + uid_shift }}"
+    group: "{{ users['postgres'] + uid_shift }}"
+    mode: '700'
+  become: true
+
+- name: Pull project services
+  community.docker.docker_compose:
+    project_src: "{{ project_dir }}"
+    recreate: never
+    pull: true
+    debug: true
+  when: docker_pull_images | bool
+  register: postgres_docker_compose_pull_result
+
+- name: Display pulled image(s) name
+  set_fact:
+    postgres_pulled_images: "{{ postgres_pulled_images | default([]) + [item.pulled_image.name] }}"
+  loop: "{{ postgres_docker_compose_pull_result['actions'] | default([]) | selectattr('pulled_image', 'defined') }}"
+
+- name: Include backup tasks
+  include_tasks:
+    file: backup.yml
+  # Make a backup if we didn't already make one and we pulled a new image
+  when: not run_backup and postgres_pulled_images is defined
+
+- name: Create/Restart project services
+  community.docker.docker_compose:
+    project_src: "{{ project_dir }}"
--- a/roles/postgres/templates/.env
+++ b/roles/postgres/templates/.env
@ -0,0 +1,5 @@
+POSTGRES_PASSWORD='{{ postgres_password | default("") }}'
+# Required for Synapse
+LANG=C
+POSTGRES_INITDB_ARGS="--locale=C --encoding=UTF8"
+
--- a/roles/postgres/templates/docker-compose.yaml
+++ b/roles/postgres/templates/docker-compose.yaml
@ -0,0 +1,11 @@
+services:
+  postgres:
+    container_name: postgres
+    image: docker.io/library/postgres:16-alpine
+    restart: always
+    user: {{ users['postgres'] }}:{{ users['postgres'] }}
+    env_file: .env
+    ports:
+      - {{ ports['postgres'] }}:5432
+    volumes:
+      - {{ volumes['postgres_datadir'] }}:/var/lib/postgresql/data
--- a/secrets.yml.example
+++ b/secrets.yml.example
@ -13,6 +13,9 @@ coturn_secrets:
 hedgedoc_secrets:
  mysql_root_password:

+# Password of the 'postgres' superuser
+postgres_password:
+
 searxng_secrets:
  searxng_secret: