---
postgres_repository_enabled: False
postgres_version: 10
postgres_repository_filename: "Postgresql-{{ postgres_version | regex_replace('\\.') }}"
postgres_user: postgres
postgres_group: postgres

# Available postgresql.conf options
postgres_log_destination:
  - stderr
postgres_log_directory: log
postgres_log_filename: postgresql.log
postgres_log_rotation_age: 1d
postgres_log_rotation_size: 0

postgres_iptables_enabled: False
postgres_connection_port: 5432
postgres_connection_addresses:
  - localhost
postgres_socket_directories:
  - /var/run/postgresql

postgres_password_encryption: md5

# Enable and setup ssl transport security
postgres_tls_enabled: False
postgres_tls_cert_filename: "mycert.pem"
postgres_tls_key_filename: "mykey.pem"
postgres_tls_source_use_content: False
postgres_tls_source_use_files: True
postgres_tls_cert_source: mycert.pem
postgres_tls_key_source: mykey.pem

postgres_users: []
# - name: jdoe #required; the rest are optional
#   password: # defaults to not set
#   encrypted: # defaults to 'yes'
#   priv: # defaults to not set
#   role_attr_flags: # defaults to not set
#   db: # defaults to not set
#   login_host: # defaults to 'localhost'
#   login_password: # defaults to not set
#   login_user: # defaults to '{{ postgres_user }}'
#   login_unix_socket: # defaults to 1st of postgres_socket_directories
#   port: # defaults to not set
#   state: # defaults to 'present'
#   pam_user: # defaults to not set

postgres_hba_entries:
  - {type: local, database: all, user: all, auth_method: peer}
  - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: md5}
  - {type: host, database: all, user: all, address: '::1/128', auth_method: md5}