From 5fa26ed18792146f72cd8918d9f740cd0faef334 Mon Sep 17 00:00:00 2001
From: transcaffeine <transcaffeine@finally.coffee>
Date: Sun, 20 Apr 2025 12:16:12 +0200
Subject: [PATCH] fix(postgresql): ignore errors on first run in check mode,
 support overriding internal postgresql container username, fix container
 image name creation

---
 roles/postgresql/defaults/main/config.yml       | 3 ++-
 roles/postgresql/defaults/main/container.yml    | 6 ++++--
 roles/postgresql/tasks/configure.yml            | 8 +++++++-
 roles/postgresql/tasks/deploy-docker.yml        | 2 ++
 roles/postgresql/templates/postgresql-passwd.j2 | 2 +-
 5 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/roles/postgresql/defaults/main/config.yml b/roles/postgresql/defaults/main/config.yml
index 4b88d7b..676b4b4 100644
--- a/roles/postgresql/defaults/main/config.yml
+++ b/roles/postgresql/defaults/main/config.yml
@@ -1,7 +1,8 @@
 ---
 postgresql_config_connect_socket: true
+postgresql_config_unix_socket: "/var/run/postgresql"
 postgresql_config_unix_socket_directories:
-  - "/var/run/postgresql"
+  - "{{ postgresql_config_unix_socket }}"
 postgresql_config_listen_addresses:
   - '*'
 postgresql_config_port: 5432
diff --git a/roles/postgresql/defaults/main/container.yml b/roles/postgresql/defaults/main/container.yml
index 45b499d..fc5c90b 100644
--- a/roles/postgresql/defaults/main/container.yml
+++ b/roles/postgresql/defaults/main/container.yml
@@ -18,7 +18,7 @@ postgresql_container_image: >-2
         ((postgresql_container_image_flavour is string)
           and (postgresql_container_image_flavour | length > 0))
         | ternary(
-          '_' + postgresql_container_image_flavour | default('', true),
+          '-' + postgresql_container_image_flavour | default('', true),
           '',
         )
       ),
@@ -48,7 +48,7 @@ postgresql_container_config_volumes:
   - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro"
   - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro"
 postgresql_container_unix_socket_volumes:
-  - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
+  - "{{ postgresql_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
 postgresql_container_initdb_volumes: >-2
   {{ postgresql_container_base_volumes
     + postgresql_container_unix_socket_volumes
@@ -69,5 +69,7 @@ postgresql_container_oom_kill: ~
 postgresql_container_oom_score_adj: ~
 postgresql_container_ulimits: ~
 
+postgresql_container_user_name: "postgres"
+postgresql_unix_socket_path: "{{ postgresql_config_unix_socket }}"
 postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd"
 postgresql_container_data_dir: "/var/lib/postgresql/data"
diff --git a/roles/postgresql/tasks/configure.yml b/roles/postgresql/tasks/configure.yml
index 1c20426..a7014e3 100644
--- a/roles/postgresql/tasks/configure.yml
+++ b/roles/postgresql/tasks/configure.yml
@@ -54,7 +54,13 @@
   vars:
     postgresql_login_host: >-2
       {{
-        (postgresql_config_unix_socket_directories | first)
+        (
+          (postgresql_deployment_method in ['docker'])
+          | ternary(
+            postgresql_unix_socket_path,
+            (postgresql_config_unix_socket_directories | first)
+          )
+        )
         if postgresql_config_connect_socket else 
         (postgresql_container_info.container.NetworkSettings.IPAddress)
       }}
diff --git a/roles/postgresql/tasks/deploy-docker.yml b/roles/postgresql/tasks/deploy-docker.yml
index 86cbca4..718887d 100644
--- a/roles/postgresql/tasks/deploy-docker.yml
+++ b/roles/postgresql/tasks/deploy-docker.yml
@@ -51,12 +51,14 @@
     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
     state: "{{ postgresql_container_state }}"
   when: ansible_facts['service_mgr'] == 'systemd'
+  ignore_errors: "{{ ansible_check_mode }}"
 
 - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
   ansible.builtin.systemd:
     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
     enabled: "{{ postgresql_state == 'present' }}"
   when: ansible_facts['service_mgr'] == 'systemd'
+  ignore_errors: "{{ ansible_check_mode }}"
 
 - name: Lookup {{ postgresql_data_path }}/global
   ansible.builtin.stat:
diff --git a/roles/postgresql/templates/postgresql-passwd.j2 b/roles/postgresql/templates/postgresql-passwd.j2
index cbed141..ac9373d 100644
--- a/roles/postgresql/templates/postgresql-passwd.j2
+++ b/roles/postgresql/templates/postgresql-passwd.j2
@@ -16,4 +16,4 @@ list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
 irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
 _apt:x:42:65534::/nonexistent:/usr/sbin/nologin
 nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
-postgres:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash
+{{ postgresql_container_user_name }}:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash