dave
/
ansible-playbooks
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
2 Branches
0 Tags
425 KiB
 
 
Tag: Branch: Tree: bdbca4a90e
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bdbca4a90e'
${ noResults }
ansible-playbooks/roles/postgres/defaults/main.yml

66 lines
2.0 KiB
Raw Blame History

postgresql_user: postgres
postgresql_group: postgres
postgresql_data_dir: /opt/postgresql
postgresql_conf_dir: /etc/postgresql
postgresql_tls_dir: "{{ (postgresql_conf_dir, 'tls') | path_join }}"
postgresql_db: []
postgresql_string_parameters:
- listen_addresses
- log_destination
- syslog_facility
- datestyle
- lc_monetary
- lc_messages
- lc_numeric
- lc_time
- unix_socket_directories
- timezone
- log_timezone
- ssl_ciphers
- ssl_ca_file
- ssl_cert_file
- ssl_key_file
- ssl_dh_params_file
postgresql_default_config:
listen_addresses: "{{ '*' if (host_primary_role == 'postgres') or (database_self_hosted == false) else '127.0.0.1' }}"
max_connections: 125
bonjour: no
password_encryption: scram-sha-256
wal_level: replica
wal_init_zero: no
wal_recycle: no
log_destination: syslog
syslog_facility: LOCAL0
datestyle: "ISO, DMY"
lc_messages: C
lc_monetary: C
lc_numeric: C
lc_time: C
unix_socket_directories: /var/run/postgresql
log_timezone: "{{ timezone }}"
timezone: "{{ timezone }}"
shared_buffers: "{{ ((host_hardware.memory | d(512) | int) * (1024/2)) | int }}kB"
work_mem: "{{ ((host_hardware.memory | d(512) | int) * (1024/35)) | round(1, 'ceil') | int }}kB"
max_wal_size: "{{ ((host_hardware.disk | d(2) | float) * (1024 / 2)) | int }}MB"
postgresql_tls_config:
ssl: yes
ssl_ciphers: "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256"
ssl_prefer_server_ciphers: yes
ssl_min_protocol_version: TLSv1.2
ssl_ecdh_curve: secp384r1
ssl_ca_file: "{{ (postgresql_tls_dir, 'root.crt') | path_join }}"
ssl_cert_file: "{{ (postgresql_tls_dir, 'ecc384.crt') | path_join }}"
ssl_key_file: "{{ (postgresql_tls_dir, 'ecc384.key') | path_join }}"
ssl_dh_params_file: "{{ (postgresql_tls_dir, 'dhparam.pem') | path_join }}"