diff --git a/defaults/main.yml b/defaults/main.yml index 1e3ba4c..beff20f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -74,38 +74,17 @@ freshrss_limits_max_registrations: "1" freshrss_extensions_enabled: - "Tumblr-GDPR" -freshrss_postgres_ssl_mode: disable -freshrss_postgres_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt -freshrss_postgres_server: "{{ inventory_hostname }}" -freshrss_postgres_port: 5432 -freshrss_postgres_superuser: postgres -freshrss_postgres_password: postgres +ttrss_db_type: pgsql +freshrss_db_server: localhost +freshrss_db_port: 5432 +freshrss_db_name: freshrss +freshrss_db_user: pgfreshrss +freshrss_db_password: secure -freshrss_postgres_db: - name: freshrss - lc_collate: en_US.UTF-8 - lc_ctype: en_US.UTF-8' - encoding: UTF-8 - template: template0 - login_user: "{{ freshrss_postgres_superuser }}" - login_password: "{{ freshrss_postgres_password }}" - # login_unix_socket: # defaults to not set - port: "{{ freshrss_postgres_port }}" - # owner: # defaults to not set - state: present - -freshrss_postgres_user: - name: pgfreshrss - password: freshrss - encrypted: 'yes' - # priv: # defaults to not set - # role_attr_flags: # defaults to not set - db: "{{ freshrss_postgres_db.name }}" - login_user: "{{ freshrss_postgres_superuser }}" - login_password: "{{ freshrss_postgres_password }}" - # login_unix_socket: # defaults to not set - port: "{{ freshrss_postgres_port }}" - state: present +# @var freshrss_db_ssl_mode:description: This variable is only supported for `pgsql` DB type. +freshrss_db_ssl_mode: disable +# @var freshrss_db_ssl_mode:description: This variable is only supported for `pgsql` DB type. +freshrss_db_ssl_rootcert: /etc/ssl/certs/ca-certificates.crt freshrss_iptables_enabled: False freshrss_open_ports: diff --git a/molecule/default/playbook.yml b/molecule/default/playbook.yml index 2055a99..8efcc94 100644 --- a/molecule/default/playbook.yml +++ b/molecule/default/playbook.yml @@ -4,12 +4,12 @@ vars: postgres_repository_enabled: True postgres_users: - - name: "postgres" - password: "postgres" - role_attr_flags: SUPERUSER - login_host: localhost - state: present - pam_user: True + - name: "pgfreshrss" + password: "secure" + priv: ALL + db: "freshrss" + postgres_dbs: + - name: "freshrss" dockerengine_packages_extra: - epel-release - python2-pip diff --git a/tasks/prepare.yml b/tasks/prepare.yml index 803f0fe..ba987ac 100644 --- a/tasks/prepare.yml +++ b/tasks/prepare.yml @@ -6,39 +6,3 @@ mode: 0755 become: True become_user: root - -- block: - - name: Setup postgres db '{{ freshrss_postgres_db.name }}' - postgresql_db: - name: "{{ freshrss_postgres_db.name }}" - lc_collate: "{{ freshrss_postgres_db.lc_collate | default('en_US.UTF-8') }}" - lc_ctype: "{{ freshrss_postgres_db.lc_ctype | default('en_US.UTF-8') }}" - encoding: "{{ freshrss_postgres_db.encoding | default('UTF-8') }}" - template: "{{ freshrss_postgres_db.template | default('template0') }}" - login_host: "{{ freshrss_postgres_db.login_host | default('localhost') }}" - login_password: "{{ freshrss_postgres_db.login_password | default(omit) }}" - login_user: "{{ freshrss_postgres_db.login_user | default(omit) }}" - login_unix_socket: "{{ freshrss_postgres_db.login_unix_socket | default(omit) }}" - port: "{{ freshrss_postgres_db.port | default(omit) }}" - owner: "{{ freshrss_postgres_db.owner | default(omit) }}" - state: "{{ freshrss_postgres_db.state | default('present') }}" - no_log: "{{ False if freshrss_ansible_debug | default(False) else True }}" - when: freshrss_postgres_db is defined - - - name: Setup postgres user '{{ freshrss_postgres_user.name }}' - postgresql_user: - name: "{{ freshrss_postgres_user.name }}" - password: "{{ 'md5' + (freshrss_postgres_user.password + freshrss_postgres_user.name) | hash('md5') }}" - encrypted: "{{ freshrss_postgres_user.encrypted | default('yes') }}" - priv: "{{ freshrss_postgres_user.priv | default(omit) }}" - role_attr_flags: "{{ freshrss_postgres_user.role_attr_flags | default(omit) }}" - db: "{{ freshrss_postgres_user.db | default(omit) }}" - login_host: "{{ freshrss_postgres_user.login_host | default('localhost') }}" - login_password: "{{ freshrss_postgres_user.login_password | default(omit) }}" - login_user: "{{ freshrss_postgres_user.login_user | default(omit) }}" - login_unix_socket: "{{ freshrss_postgres_user.login_unix_socket | default(omit) }}" - port: "{{ freshrss_postgres_user.port | default(omit) }}" - state: "{{ freshrss_postgres_user.state | default('present') }}" - no_log: "{{ False if freshrss_ansible_debug | default(False) else True }}" - when: freshrss_postgres_user is defined - delegate_to: "{{ freshrss_postgres_server }}" diff --git a/templates/services/freshrss-compose.yml.j2 b/templates/services/freshrss-compose.yml.j2 index d8c8998..db0a766 100644 --- a/templates/services/freshrss-compose.yml.j2 +++ b/templates/services/freshrss-compose.yml.j2 @@ -69,12 +69,12 @@ services: - FRESHRSS_CURLOPT_PROXYUSERPWD={{ freshrss_curlopt_proxyuserpwd }} {% endif %} - FRESHRSS_DB_TYPE=pgsql - - FRESHRSS_DB_HOST={{ freshrss_postgres_server }};sslmode={{ freshrss_postgres_ssl_mode }} - - FRESHRSS_POSTGRES_SSL_ROOTCERT={{ freshrss_postgres_ssl_rootcert }} - - FRESHRSS_DB_PORT={{ freshrss_postgres_port }} - - FRESHRSS_DB_USER={{ freshrss_postgres_user.name }} - - FRESHRSS_DB_PASSWORD={{ freshrss_postgres_user.password }} - - FRESHRSS_DB_BASE={{ freshrss_postgres_db.name }} + - FRESHRSS_DB_HOST={{ freshrss_db_server }}{% if ttrss_db_type == "pgsql" %};sslmode={{ freshrss_db_ssl_mode }}{% endif %} + - FRESHRSS_db_SSL_ROOTCERT={{ freshrss_db_ssl_rootcert }} + - FRESHRSS_DB_PORT={{ freshrss_db_port }} + - FRESHRSS_DB_USER={{ freshrss_db_user }} + - FRESHRSS_DB_PASSWORD={{ freshrss_db_password }} + - FRESHRSS_DB_BASE={{ freshrss_db_name }} - FRESHRSS_DB_PREFIX=freshrss_ - FRESHRSS_EXTENSIONS_ENABLED={{ freshrss_extensions_enabled | join(',') }} {% if freshrss_memory_limit is defined %}