add dump user

2022-10-23 17:31:08 +02:00 · 2022-10-23 17:31:08 +02:00 · 262c97168b
commit 262c97168b
parent e9361a6c90
3 changed files with 14 additions and 1 deletions
--- a/ansible/group_vars/database
+++ b/ansible/group_vars/database
@ -23,6 +23,8 @@ postgresql_users:
    password: "{{  lookup('hashi_vault', 'secret=secrets/data/ansible/database:dendrite')}}"
  - name: paperless
    password: "{{  lookup('hashi_vault', 'secret=secrets/data/ansible/database:paperless')}}"
+  - name: dump
+    password: "{{  lookup('hashi_vault', 'secret=secrets/data/ansible/database:dump')}}"

 postgresql_databases:
  - name: wikijs
@ -45,3 +47,4 @@ postgresql_databases:
    owner: dendrite
  - name: paperless
    owner: paperless
+
--- a/ansible/playbooks/database.yml
+++ b/ansible/playbooks/database.yml
@ -5,3 +5,12 @@
  roles:
    - role: ansible-role-postgresql
      become: true
+  tasks: 
+    - name: add pg_read_all_data to dump
+      community.postgresql.postgresql_membership:
+        target_roles: 
+          - dump
+        groups:
+          - pg_read_all_data  
+      become: true
+      become_user: "{{ postgresql_user }}"
--- a/ansible/playbooks/server.yml
+++ b/ansible/playbooks/server.yml
@ -7,5 +7,6 @@
  roles:
    - system
    - autofs
-    - msmtp
+    - role: msmtp
+      when: ansible_os_family != "RedHat"
    - cronie