feat: pg with extensions and open to podmans containers

2025-11-11 00:02:15 +01:00
parent ba37edd498
commit e7dbe470da
7 changed files with 158 additions and 98 deletions
@@ -0,0 +1,38 @@
+---
+- name: Check if pgvector is installed
+  ansible.builtin.command: pacman -Qi pgvector
+  register: pgvector_installed
+  changed_when: false
+  failed_when: false
+
+- name: Install pgvector from AUR
+  when: pgvector_installed.rc != 0
+  block:
+    - name: Disable SUDOERS password prompt for AUR installation
+      no_log: true
+      ansible.builtin.lineinfile:
+        dest: /etc/sudoers
+        state: present
+        regexp: "^#?%wheel"
+        line: "%wheel ALL=(ALL) NOPASSWD: ALL"
+        validate: /usr/sbin/visudo -cf %s
+
+    - name: Install pgvector from AUR
+      become: false
+      ansible.builtin.command:
+        cmd: "paru -S --noconfirm pgvector"
+
+    - name: Restore SUDOERS password prompt after AUR installation
+      no_log: true
+      ansible.builtin.lineinfile:
+        dest: /etc/sudoers
+        state: present
+        regexp: "^#?%wheel"
+        line: "%wheel ALL=(ALL:ALL) ALL"
+        validate: /usr/sbin/visudo -cf %s
+
+- name: Ensure PostgreSQL is initialized
+  ansible.builtin.command:
+    cmd: initdb -D {{ postgres_data_dir }}
+    creates: "{{ postgres_data_dir }}/PG_VERSION"
+  become_user: "{{ postgres_admin_user }}"
@@ -0,0 +1,16 @@
+---
+- name: Create current version symlink
+  ansible.builtin.shell:
+    cmd: set -o pipefail && ln -sf $(ls -1 /etc/postgresql/ | grep -E '^[0-9]+$' | sort -V | tail -n1) /etc/postgresql/current
+    creates: /etc/postgresql/current
+    executable: /bin/bash
+
+- name: Get installed PostgreSQL version
+  ansible.builtin.shell: psql --version | grep -oP '\d+' | head -1
+  register: postgres_version
+  changed_when: false
+
+- name: Install pgvector extension
+  ansible.builtin.package:
+    name: "postgresql-{{ postgres_version.stdout }}-pgvector"
+    state: present
@@ -20,20 +20,8 @@
    name: "{{ postgres_packages }}"
    state: present

- name: Create current version symlink (Debian)
-  ansible.builtin.shell:
-    cmd: set -o pipefail && ln -sf $(ls -1 /etc/postgresql/ | grep -E '^[0-9]+$' | sort -V | tail -n1) /etc/postgresql/current
-    creates: /etc/postgresql/current
-    executable: /bin/bash
-  when: ansible_facts['os_family'] == 'Debian'
-
- name: Ensure PostgreSQL is initialized (Arch)
-  ansible.builtin.command:
-    cmd: initdb -D {{ postgres_data_dir }}
-    creates: "{{ postgres_data_dir }}/PG_VERSION"
-  become: true
-  become_user: "{{ postgres_admin_user }}"
-  when: ansible_facts['os_family'] == 'Archlinux'
+- name: Include OS-specific tasks
+  ansible.builtin.include_tasks: "{{ ansible_facts['os_family'] | lower }}.yml"

 - name: Ensure PostgreSQL config directory exists
  ansible.builtin.file:
@@ -60,6 +48,25 @@
    mode: "0640"
  notify: Restart PostgreSQL

+- name: Configure pg_hba.conf for Podman subnet access
+  ansible.builtin.lineinfile:
+    path: "{{ postgres_hba_path }}"
+    line: "host    all             all             {{ podman_subnet }}            scram-sha-256"
+    insertafter: "^# IPv4 local connections:"
+    state: present
+  when: podman_subnet is defined
+  notify: Restart PostgreSQL
+
+- name: Setup firewall rules for PostgreSQL
+  community.general.ufw:
+    rule: allow
+    src: "{{ item }}"
+    port: "{{ postgres_port }}"
+    proto: tcp
+    direction: in
+    comment: "PostgreSQL"
+  loop: "{{ postgres_firewall_allowed_sources }}"
+
 - name: Enable and start PostgreSQL service
  ansible.builtin.systemd:
    name: "{{ postgres_service_name }}"
@@ -71,5 +78,4 @@
    name: "{{ postgres_admin_user }}"
    password: "{{ postgres_admin_password }}"
    state: present
-  become: true
  become_user: "{{ postgres_admin_user }}"