diff --git a/defaults/main.yml b/defaults/main.yml index 7646b9a..7b0863c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -52,8 +52,8 @@ postgres_podman_args: postgres_log_level: warning postgres_user: postgres -postgres_password: postgres -postgres_db: postgres +# @var postgres_password:description: Password of the superuser defined in `postgres_user`. +# postgres_password:value: $ "_unset_" # @var postgres_app_user:description: > # Application user name without superuser privileges. Full access to `postgres_db` @@ -63,10 +63,11 @@ postgres_db: postgres # @var postgres_app_password:description: Application user password. # @var postgres_app_password:value: $ "_unset_" +postgres_db: postgres + postgres_host_auth_method: scram-sha-256 postgres_initdb_args: - --auth-host=scram-sha-256 - - --auth-local=scram-sha-256 postgres_tls_enabled: False postgres_tls_ca_file: "/var/lib/postgresql/tls/CA.pem" diff --git a/templates/etc/containers/systemd/postgres.env.j2 b/templates/etc/containers/systemd/postgres.env.j2 index d402d88..0caef7b 100644 --- a/templates/etc/containers/systemd/postgres.env.j2 +++ b/templates/etc/containers/systemd/postgres.env.j2 @@ -1,7 +1,9 @@ #jinja2: lstrip_blocks: True {{ ansible_managed | comment }} POSTGRES_USER={{ postgres_user }} +{% if postgres_password is defined %} POSTGRES_PASSWORD={{ postgres_password }} +{% endif %} {% if postgres_app_user is defined and postgres_app_password is defined %} POSTGRES_APP_USER={{ postgres_app_user }} POSTGRES_APP_PASSWORD={{ postgres_app_password }}