Add postgres role

Or rather rip it out of netbox. Improve DB password handling.

roles/netbox/tasks/db.yml

@@ -1,55 +0,0 @@
-- name: Install packages
-  package:
-    name:
-      - postgresql
-      - py3-psycopg2
-      - redis
-
-- name: Enable services
-  service:
-    name: '{{ item }}'
-    enabled: true
-    state: started
-  loop:
-    - postgresql
-    - redis
-
-- name: Create .pgpass
-  copy:
-    dest: '{{ user_info.home }}/.pgpass'
-    content: |
-      localhost:5432:{{ database }}:{{ user }}:{{ db_password }}
-    force: no
-    mode: 0600
-    owner: '{{ user_info.uid }}'
-    group: '{{ user_info.group }}'
-
-- become: yes
-  become_method: su
-  become_user: postgres
-  block:
-    - name: Create database
-      postgresql_db:
-        name: '{{ database }}'
-
-    - name: Create database user
-      postgresql_user:
-        db: '{{ database }}'
-        name: '{{ user }}'
-        password: '{{ db_password }}'
-        no_password_changes: yes
-
-    - name: Set schema owner
-      postgresql_owner:
-        db: '{{ database }}'
-        new_owner: '{{ user }}'
-        obj_name: public
-        obj_type: schema
-
-    - name: Grant database privileges
-      postgresql_privs:
-        db: '{{ database }}'
-        role: '{{ user }}'
-        privs: CREATE
-        type: database
-

roles/netbox/tasks/main.yml

@@ -1,8 +1,12 @@
-- name: Set variables
-  set_fact:
-    user: '{{ user | default("netbox") }}'
-    database: '{{ database | default("netbox") }}'
-    db_password: '{{ lookup("password", "/dev/null", chars=["ascii_letters", "digits"]) }}'
+- name: Install redis
+  package:
+    name: redis
+
+- name: Enable redis service
+  service:
+    name: redis
+    enabled: true
+    state: started
 
 - name: Create group for web service
   group:
@@ -18,8 +22,5 @@
     system: yes
   register: user_info
 
-- name: Set up database
-  import_tasks: db.yml
-
 - name: Set up app
   import_tasks: app.yml

roles/postgres/tasks/main.yml

@@ -0,0 +1,69 @@
+- name: Install packages
+  package:
+    name:
+      - postgresql
+      - py3-psycopg2
+
+- name: Enable services
+  service:
+    name: postgresql
+    enabled: true
+    state: started
+
+- name: Check for existing database password
+  become: yes
+  become_user: '{{ user }}'
+  become_method: su
+  slurp:
+    path: '~/.pgpass'
+  register: pgpass
+  failed_when: false
+
+- name: Get database password
+  when: '"content" in pgpass'
+  set_fact: db_password='{{ pgpass.content | b64decode | split(":") | last }}'
+
+- name: Create database password
+  when: '"content" not in pgpass'
+  set_fact: db_password='{{ lookup("password", "/dev/null", chars=["ascii_letters", "digits"]) }}'
+
+- name: Create .pgpass
+  become: yes
+  become_user: '{{ user }}'
+  become_method: su
+  copy:
+    dest: '~/.pgpass'
+    content: |
+      localhost:5432:{{ user }}:{{ user }}:{{ db_password }}
+    force: no
+    mode: 0600
+
+- become: yes
+  become_method: su
+  become_user: postgres
+  block:
+    - name: Create database
+      postgresql_db:
+        name: '{{ database | default(user) }}'
+
+    - name: Create database user
+      postgresql_user:
+        db: '{{ database | default(user) }}'
+        name: '{{ user }}'
+        password: '{{ db_password }}'
+        no_password_changes: '{{ "content" in pgpass }}'
+
+    - name: Set schema owner
+      postgresql_owner:
+        db: '{{ database | default(user) }}'
+        new_owner: '{{ user }}'
+        obj_name: public
+        obj_type: schema
+
+    - name: Grant database privileges
+      postgresql_privs:
+        db: '{{ database | default(user) }}'
+        role: '{{ user }}'
+        privs: CREATE
+        type: database
+

setup.yml

@@ -24,8 +24,11 @@
 - hosts: netbox
   roles:
     - alpine
+    - postgres
     - nginx
     - netbox
+  vars:
+    user: netbox
 
 - hosts: samba
   roles: