feat(postgresql): add ansible role for postgresql deployment

roles/postgresql/defaults/main/config.yml

@@ -0,0 +1,17 @@
+---
+postgresql_config_connect_socket: true
+postgresql_config_unix_socket_directories:
+  - "/var/run/postgresql"
+postgresql_config_listen_addresses:
+  - '*'
+postgresql_config_port: 5432
+
+postgresql_base_config:
+  listen_addresses: "{{ postgresql_config_listen_addresses }}"
+  unix_socket_directories: "{{ postgresql_config_unix_socket_directories }}"
+  port: "{{ postgresql_config_port }}"
+postgresql_merged_config: >-2
+  {{ postgresql_base_config | combine(
+    postgresql_config | default({}, true),
+    recursive=True
+  ) }}

roles/postgresql/defaults/main/container.yml

@@ -0,0 +1,73 @@
+---
+postgresql_container_image_registry: docker.io
+postgresql_container_image_namespace: ~
+postgresql_container_image_name: postgres
+postgresql_container_image_tag: ~
+postgresql_container_image_source: pull
+postgresql_container_image_force_source: >-2
+  {{ postgresql_container_image_tag | default(false, true) | bool }}
+postgresql_container_image: >-2
+  {{
+    ([
+      postgresql_container_image_registry | default([], true),
+      postgresql_container_image_namespace | default([], true),
+      postgresql_container_image_name
+    ] | flatten | join('/'))
+    + ':' + postgresql_container_image_tag | default(
+      postgresql_version + (
+        ((postgresql_container_image_flavour is string)
+          and (postgresql_container_image_flavour | length > 0))
+        | ternary(
+          '_' + postgresql_container_image_flavour | default('', true),
+          '',
+        )
+      ),
+      true
+    )
+  }}
+
+postgresql_container_name: "postgresql-{{ postgresql_major_version }}"
+postgresql_container_env: ~
+postgresql_container_user: >-2
+  {{ postgresql_user_id }}:{{ postgresql_user_group_id }}
+postgresql_container_ports: ~
+postgresql_container_labels: ~
+postgresql_container_networks: ~
+postgresql_container_recreate: ~
+postgresql_container_etc_hosts: ~
+postgresql_container_restart_policy: "on-failure"
+postgresql_container_state: >-2
+  {{ (postgresql_state == 'present') | ternary('started', 'absent') }}
+postgresql_container_volumes: ~
+postgresql_container_unix_socket_path: >-2
+  {{ postgresql_config_unix_socket_directories | first }}
+postgresql_container_base_volumes:
+  - "{{ postgresql_container_passwd_file }}:/etc/passwd:ro"
+  - "{{ postgresql_data_path }}:{{ postgresql_container_data_dir }}:Z"
+postgresql_container_config_volumes:
+  - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro"
+  - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro"
+postgresql_container_unix_socket_volumes:
+  - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
+postgresql_container_initdb_volumes: >-2
+  {{ postgresql_container_base_volumes
+    + postgresql_container_unix_socket_volumes
+    + (postgresql_container_volumes | default([], true)) }}
+postgresql_container_merged_volumes: >-2
+  {{ postgresql_container_base_volumes
+    + postgresql_container_config_volumes
+    + (postgresql_container_unix_socket_volumes if postgresql_config_connect_socket else [])
+    + (postgresql_container_volumes | default([], true)) }}
+postgresql_systemd_tmpfile_socket_correction_unit_name: >-2
+  {{ postgresql_container_unix_socket_path | split('/') | reject('eq', '') | join('-') }}
+
+# (Memory) performance tuning
+postgresql_container_memory: ~
+postgresql_container_memory_reservation: ~
+postgresql_container_shm_size: ~
+postgresql_container_oom_kill: ~
+postgresql_container_oom_score_adj: ~
+postgresql_container_ulimits: ~
+
+postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd"
+postgresql_container_data_dir: "/var/lib/postgresql/data"

roles/postgresql/defaults/main/main.yml

@@ -0,0 +1,33 @@
+---
+postgresql_user: postgresql
+postgresql_version: >-2
+  {{ postgresql_versions[postgresql_major_version | string] }}
+postgresql_major_version: 16
+postgresql_versions:
+  "17": "17.2"
+  "16": "16.6"
+  "15": "15.10"
+  "14": "14.15"
+
+postgresql_config_path: >-2
+  /etc/postgresql/{{ postgresql_major_version }}
+postgresql_data_path: >-2
+  /var/lib/postgresql/{{ postgresql_major_version }}
+postgresql_pg_ident_conf_file: >-2
+  {{ postgresql_config_path }}/pg_ident.conf
+postgresql_pg_hba_conf_file: >-2
+  {{ postgresql_config_path }}/pg_hba.conf
+postgresql_admin_role: "postgres"
+postgresql_admin_role_contype: local
+postgresql_admin_role_method: peer
+postgresql_admin_local_user: >-2
+  {{ ansible_facts['user_id'] }}
+postgresql_admin_role_mapping_name: >-2
+  {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }}
+postgresql_admin_pg_ident_conf: "{{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}"
+postgresql_admin_pg_hba_conf_options: >-2
+  map={{ postgresql_admin_role_mapping_name }}
+postgresql_superuser_password: ~
+
+postgresql_state: present
+postgresql_deployment_method: docker

roles/postgresql/defaults/main/user.yml

@@ -0,0 +1,10 @@
+---
+postgresql_user_system: true
+postgresql_user_create_home: false
+postgresql_user_groups: ~
+postgresql_user_append: ~
+
+postgresql_user_id: >-2
+  {{ postgresql_user_info.uid | default(postgresql_user, true) }}
+postgresql_user_group_id: >-2
+  {{ postgresql_user_info.group | default(postgresql_user, true) }}