44 lines
1.5 KiB
YAML
44 lines
1.5 KiB
YAML
---
|
|
- name: postgresql-ssl-config | TLS configuration
|
|
when: psql_enable_ssl
|
|
tags: ['postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf']
|
|
block:
|
|
- name: postgresql-ssl-config | Setup SSL in the postgresql configuration
|
|
become: true
|
|
become_user: postgres
|
|
community.postgresql.postgresql_set:
|
|
name: '{{ item.name }}'
|
|
value: "{{ item.value }}"
|
|
loop: '{{ psql_conf_ssl_parameters }}'
|
|
notify: Restart postgresql
|
|
|
|
- name: postgresql-ssl-config | Create the pki directory to store the private key
|
|
ansible.builtin.file:
|
|
dest: /etc/pki/postgresql
|
|
state: directory
|
|
owner: postgres
|
|
group: postgres
|
|
mode: '0750'
|
|
|
|
- name: postgresql-ssl-config | Create a postgres accessible ssl key file if it does not exist
|
|
ansible.builtin.copy:
|
|
src: "{{ psql_ssl_privkey_global_file }}"
|
|
dest: "{{ psql_ssl_privkey_file }}"
|
|
owner: postgres
|
|
group: postgres
|
|
mode: '0400'
|
|
remote_src: true
|
|
|
|
- name: postgresql-ssl-config | Disable the TLS configuration
|
|
when: not psql_enable_ssl
|
|
tags: ['postgresql', 'postgres', 'pg_ssl_conf', 'pg_conf']
|
|
block:
|
|
- name: postgresql-ssl-config | Disable SSL in the postgresql configuration
|
|
become: true
|
|
become_user: postgres
|
|
community.postgresql.postgresql_set:
|
|
name: '{{ item.name }}'
|
|
value: "{{ item.value }}"
|
|
loop: '{{ psql_conf_disable_ssl_parameters }}'
|
|
notify: Restart postgresql
|