aboutsummaryrefslogtreecommitdiffstats
path: root/roles/postgresql_server/vars/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/postgresql_server/vars/main.yml')
-rw-r--r--roles/postgresql_server/vars/main.yml40
1 files changed, 40 insertions, 0 deletions
diff --git a/roles/postgresql_server/vars/main.yml b/roles/postgresql_server/vars/main.yml
new file mode 100644
index 0000000..52cecc4
--- /dev/null
+++ b/roles/postgresql_server/vars/main.yml
@@ -0,0 +1,40 @@
+postgresql_packages:
+ - postgresql-server
+ - python3-psycopg2
+
+postgresql_user: postgres
+
+postgresql_data_dir: /var/lib/pgsql/data
+postgresql_keytab: /var/lib/gssproxy/postgresql.keytab
+
+postgresql_certificate_path: /etc/pki/tls/certs/postgres.pem
+postgresql_certificate_key_path: /etc/pki/tls/private/postgres.key
+postgresql_dhparams_path: /etc/pki/tls/certs/postgres-dhparams.pem
+postgresql_ssl_ciphers: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
+
+postgresql_hbac_hostgroup: postgresql_servers
+postgresql_hbac_service: postgresql
+
+postgresql_archive_shell: >-
+ pg_dumpall | gzip > "pg_dumpall-$(date +%Y%m%d%H%M%S).sql.gz"
+
+postgresql_selinux_policy_te: |
+ require {
+ type postgresql_t;
+ type postgresql_exec_t;
+ type gssproxy_t;
+ type gssproxy_var_lib_t;
+ class dir search;
+ class sock_file write;
+ class unix_stream_socket connectto;
+ class file getattr;
+ }
+
+ #============= postgresql_t ==============
+ allow postgresql_t gssproxy_var_lib_t:dir search;
+ allow postgresql_t gssproxy_var_lib_t:sock_file write;
+ allow postgresql_t gssproxy_t:unix_stream_socket connectto;
+ allow postgresql_t gssproxy_var_lib_t:dir search;
+
+ #============= gssproxy_t ==============
+ allow gssproxy_t postgresql_exec_t:file getattr;
generated by cgit (git 2.34.1) at 2024-09-19 11:54:58 -0400