homelab/ansible/inventories/dev/group_vars/postgresql.yml

---

postgresql_global_config_options:
  - option: unix_socket_directories
    value: '{{ postgresql_unix_socket_directories | join(",") }}'
  - option: log_directory
    value: 'log'
  - option: listen_addresses
    value: "*"

postgresql_auth_method: scram-sha-256

postgresql_hba_entries:
  - {type: local, database: all, user: postgres, auth_method: peer}
  - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: "{{ postgresql_auth_method }}"}
  - {type: host, database: forgejo_db, user: forgejo, address: '192.168.0.20/32', auth_method: "{{ postgresql_auth_method }}"}
  - {type: host, database: test_db, user: test, address: '0.0.0.0/0', auth_method: "{{ postgresql_auth_method }}"}

postgresql_databases:
  - name: forgejo_db
    owner: forgejo
    # state: absent

postgresql_users:
  - name: forgejo
    password: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      63306634323739306638666538376262643231306337343036313737373735303264356238663335
      6430623539346236303539333764666137613762623330640a643834326436363631626537396264
      31653265343035626439376134633839376432313962323163626436633466386165386332333737
      6339386339303566310a623236323630376665623664656563376430643836666433656433386434
      62623536376461323563616237316232366633663834333365633334646264313831376661366436
      61313538333965313062313138383935663739303935643331333238363463386537383238616466
      62343232326661346563353236373163373463383431646334623537616231396137393663376332
      35373132333865306634316433663539396632373638626130343331623138643063333561636532
      66653139663830353632326639393835343137336235626261353130656336653962303665646664
      63303735393638336137666234383363383764313533323031303533343562336230613434316432
      383632343762373735633664313431613064
    encrypted: true
    # state: absent

postgresql_privs:
  - db: forgejo_db
    roles: forgejo
    privs: ALL
    type: database
    # state: absent

postgres_users_no_log: false



fluentbit_settings:
  service:
    flush: 1
    daemon: false
    log_level: info
    http_server: false
  pipeline:
    inputs:
      - name: systemd
        tag: systemd_input
    filters:
      - name: rewrite_tag
        match: systemd_input
        rule: $_SYSTEMD_UNIT ^(postgresql.service)$ postgresql false
      - name: rewrite_tag
        match: systemd_input
        rule: $_SYSTEMD_UNIT ^(postgresql.service.+|(?!postgresql.service).*)$ systemd false
      - name: record_modifier
        match: postgresql
        allowlist_key:
          - MESSAGE
      # - name: record_modifier
      #   match: systemd_tag
      #   allowlist_key:
      #     - _SYSTEMD_UNIT
      #     - MESSAGE
    outputs:
      - name: loki
        host: 192.168.0.252
        labels: "env=dev,hostname=postgresql,service_name=postgresql"
        match: postgresql
      - name: loki
        host: 192.168.0.252
        labels: "env=dev,hostname=postgresql,service_name=systemd"
        match: systemd