--- # # To give postgresql access to remote clients you need to define something like that: # # psql_db_data: # - { name: 'db_name', user: 'db_user', pwd: 'db_pwd', allowed_hosts: [ '146.48.123.17/32', '146.48.122.110/32' ] } # - name: Give access to the remote postgresql client lineinfile: name=/etc/postgresql/{{ psql_version }}/main/pg_hba.conf regexp="^host {{ item.0.name }} {{ item.0.user }} {{ item.1 }}.*$" line="host {{ item.0.name }} {{ item.0.user }} {{ item.1 }} md5" with_subelements: - psql_db_data - allowed_hosts when: - psql_listen_on_ext_int - psql_db_data is defined - item.1 is defined notify: Reload postgresql tags: - postgresql - postgres - pg_hba - name: We want postgres listen on the public IP lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^listen_addresses.*$" line="listen_addresses = '*'" notify: Restart postgresql when: - psql_listen_on_ext_int - psql_db_data is defined tags: - postgresql - postgres - pg_conf - name: If postgresql is only accessed from localhost make it listen only on the localhost interface lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^listen_addresses.*$" line="listen_addresses = 'localhost'" notify: Restart postgresql when: - not psql_listen_on_ext_int - psql_db_data is defined tags: - postgresql - postgres - pg_conf - name: Log the connections lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_connections.*$" line="log_connections = on" notify: Restart postgresql when: - psql_listen_on_ext_int - psql_db_data is defined tags: - postgresql - postgres - pg_conf - name: Log the disconnections lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_disconnections.*$" line="log_disconnections = on" notify: Restart postgresql when: - psql_listen_on_ext_int - psql_db_data is defined tags: - postgresql - postgres - pg_conf - name: Log the hostnames lineinfile: name=/etc/postgresql/{{ psql_version }}/main/postgresql.conf regexp="^log_hostname.*$" line="log_hostname = on" notify: Restart postgresql when: - psql_listen_on_ext_int - psql_db_data is defined tags: - postgresql - postgres - pg_conf - name: Set the correct permissions to the postgresql files file: dest=/etc/postgresql/{{ psql_version }}/main/{{ item }} owner=root group=postgres mode=0640 with_items: - pg_hba.conf - postgresql.conf tags: - postgresql - postgres - pg_hba