Create mailserver_database db and users

roles/mailserver_database/defaults/main.yml

@@ -1,3 +0,0 @@
----
-
-

roles/mailserver_database/defaults/main/plain.yml

@@ -0,0 +1,9 @@
+---
+
+mailserver_database: mailserver
+mailserver_user:
+  name: mailadmin
+  pwd: "{{ vault_mailserver_user_pwd }}"
+mailserver_ro_user:
+  name: mailserver
+  pwd: "{{ vault_mailserver_ro_user_pwd }}"

roles/mailserver_database/defaults/main/vault.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+34393761613531383133343866383438646331633237353639386539333636613530356636663038
+3934633864373132316331326366303734346234666336380a333862383430393430343762656362
+32613366613965633065316234626238616331323538353132613666323263336638643465393938
+3737616465343664380a306231663432396132346636333433383162383039383763393666393462
+32383632313437353161313636386465313562366336316533303938323364323663616631666538
+65343564326237643461666631323066626563653032333534373764666139306236313731653335
+38613333663436313866623839373036643235656664636265326636303561373362336564636131
+30373737383338656436

roles/mailserver_database/tasks/main.yml

@@ -6,3 +6,34 @@
     name:
       - postgresql
       - postfix-pgsql
+      - python3-psycopg2
+      - acl
+
+- name: Create postgresql users
+  become: true
+  become_user: postgres
+  loop:
+    - "{{ mailserver_user }}"
+    - "{{ mailserver_ro_user }}"
+  community.postgresql.postgresql_user:
+    name: "{{ item.name }}"
+    state: present
+    password: "{{ item.pwd }}"
+
+- name: Create postgresql database
+  become: true
+  become_user: postgres
+  community.postgresql.postgresql_db:
+    name: "{{ mailserver_database }}"
+    owner: "{{ mailserver_user.name }}"
+    state: present
+
+- name: Set privileges for postgresql RO user
+  become: true
+  become_user: postgres
+  community.postgresql.postgresql_privs:
+    database: "{{ mailserver_database }}"
+    roles: "{{ mailserver_ro_user.name }}"
+    privs: select
+    objs: ALL_IN_SCHEMA
+    state: present