Automate postgresql setup

Creates the user and the database provided by the environment variable.
These are currently duplicated in postgres.env so we might want to find
a way to have them in only one place.

I tried my best at keeping the pg_hba.conf file secure for the server,
but I am no expert so it'd be great if someone could check it out.

.gitignore

@@ -13,3 +13,4 @@ templates/*.html.go
 *.bat
 *.backup
 tags
+*.retry

deploy/ansible/hosts

@@ -1,2 +1,5 @@
 [webservers]
 127.0.0.1:2200 ansible_connection=ssh ansible_ssh_user=vagrant
+
+[dbs]
+127.0.0.1:2200 ansible_connection=ssh ansible_ssh_user=vagrant

deploy/ansible/roles/docker/tasks/main.yml

@@ -11,7 +11,7 @@
   become: true
 
 - name: Install Docker CE
-  yum: 
+  yum:
     name: docker-ce
     state: present
   become: true
@@ -24,7 +24,7 @@
     mode: 0755
   become: true
 
-- name: Enable docker at boot
+- name: Start docker and enable at boot
   systemd:
     enabled: yes
     name: docker

deploy/ansible/roles/postgresql/tasks/main.yml

@@ -0,0 +1,63 @@
+- name: Install postgresql
+  yum:
+    name: postgresql-server
+    state: present
+  become: true
+
+- name: Initialize postgresql
+  command: postgresql-setup initdb
+  # Will error when database has already been initialized so just ignore it
+  ignore_errors: yes
+  become: true
+
+- name: Install adapter for python
+  yum:
+    name: python-psycopg2
+    state: present
+  become: true
+
+- name: Start postgresql and enable at boot
+  systemd:
+    enabled: yes
+    name: postgresql
+    state: started
+  become: true
+
+- name: Create nyaapantsu database
+  postgresql_db:
+    name: "{{ nyaapantsu_dbname }}"
+  become: true
+  become_user: postgres
+
+# TODO Probably better idea to not set SUPERUSER
+- name: Create nyaapantsu user
+  postgresql_user:
+    db: "{{ nyaapantsu_dbname }}"
+    name: "{{ nyaapantsu_user }}"
+    password: "{{ nyaapantsu_password }}"
+    role_attr_flags: SUPERUSER,LOGIN
+  become: true
+  become_user: postgres
+
+- name: Grant privileges to user
+  postgresql_privs:
+    db: "{{ nyaapantsu_dbname }}"
+    priv: ALL
+    roles: "{{ nyaapantsu_user }}"
+    state: present
+    type: database
+  become: true
+  become_user: postgres
+
+- name: Add custom pg_hba.conf
+  template:
+    src: pg_hba.conf.j2
+    dest: /var/lib/pgsql/data/pg_hba.conf
+  become: true
+  become_user: postgres
+
+- name: Reload postgres
+  systemd:
+    name: postgresql
+    state: reloaded
+  become: true

deploy/ansible/roles/postgresql/templates/pg_hba.conf.j2

@@ -0,0 +1,13 @@
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+# For debugging purposes
+local   "{{ nyaapantsu_dbname }}" "{{ nyaapantsu_user }}" md5
+local   all             all                                     peer
+# IPv4 local connections:
+host    "{{ nyaapantsu_user }}" "{{ nyaapantsu_password }}" 127.0.0.1/32            md5
+# IPv6 local connections:
+host    all             all             ::1/128                 ident
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+#local   replication     postgres                                peer
+#host    replication     postgres        127.0.0.1/32            ident
+#host    replication     postgres        ::1/128                 ident

deploy/ansible/roles/postgresql/vars/main.yml

@@ -0,0 +1,3 @@
+nyaapantsu_dbname: nyaapantsu
+nyaapantsu_user: nyaapantsu
+nyaapantsu_password: nyaapantsu

deploy/ansible/setup_server.retry

@@ -1 +0,0 @@
-127.0.0.1

deploy/ansible/setup_server.yml

@@ -1,5 +1,9 @@
-- name: Dotfiles
+- name: Set up webserver
   hosts: webservers
-
   roles:
       - docker
+
+- name: Set up databases
+  hosts: dbs
+  roles:
+      - postgresql

deploy/docker-compose.postgres-prod.yml

@@ -9,6 +9,7 @@ services:
       - postgres-prod.env
     environment:
       - PANTSU_INTERNAL_PORT=${PANTSU_INTERNAL_PORT}
+    network_mode: "host"
     ports:
       # 0.0.0.0 makes it accessible to the network
       # You may want to remove it to make pantsu available only