Raspberry-Pi-IaC/roles/postgres/tasks/main.yml

---
- name: Include user role
  ansible.builtin.include_role:
    name: user
  vars:
    user_username: "{{ postgres_unix_username }}"
    user_password: "{{ postgres_unix_password }}"
    user_add_to_docker_group: true
- name: Install ensure_certificate_setup.sh
  become: true
  ansible.builtin.copy:
    src: ensure_certificate_setup.sh
    dest: "/root/.bin/"
    mode: '0700'
    owner: root
# Output of the hook can be found as part of the logs at: /var/log/letsencrypt/letsencrypt.log
- name: Create certificates for PostgreSQL (postgres.kleinendorst.info)
  become: true
  ansible.builtin.command:
    cmd: >-
      /snap/bin/certbot certonly
        --dns-cloudflare
        --dns-cloudflare-propagation-seconds 120
        --dns-cloudflare-credentials '/root/.secrets/certbot/cloudflare.ini'
        --deploy-hook '/root/.bin/ensure_certificate_setup.sh'
        --agree-tos -m {{ administration_email }}
        -d postgres.kleinendorst.info
    creates: "/etc/letsencrypt/live/postgres.kleinendorst.info"
- name: Create the compose project directory
  become: true
  become_user: "{{ postgres_unix_username }}"
  ansible.builtin.file:
    path: "/home/{{ postgres_unix_username }}/postgres"
    state: directory
    owner: "{{ postgres_unix_username }}"
    mode: '0744'
- name: Create the compose project
  become: true
  become_user: "{{ postgres_unix_username }}"
  ansible.builtin.template:
    src: docker-compose.yml.j2
    dest: "/home/{{ postgres_unix_username }}/postgres/docker-compose.yml"
    owner: "{{ postgres_unix_username }}"
    mode: '0644'
- name: Create and start services
  become: true
  community.docker.docker_compose_v2:
    project_src: "/home/{{ postgres_unix_username }}/postgres/"
  register: docker_compose_output