update(elasticsearch): bump version to 9.0.2

README.md

@@ -11,6 +11,9 @@
 - [`mariadb`](roles/mariadb/README.md): deploy mariadb
   in a docker container
 
+- [`postgresql`](roles/postgresql/README.md): deploy postgresql,
+  the worlds most advances open-source relational database
+
 - [`valkey`](roles/valkey/README.md): deploy and configure valkey,
   an open source in-memory data store under BSD license, forked
   from redis.

galaxy.yml

@@ -1,12 +1,14 @@
 namespace: finallycoffee
 name: databases
-version: 0.1.1
+version: 0.1.4
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
 description: Collection for deploying and configuring databases
 dependencies:
-  "community.docker": "^3.0.0"
+  "community.docker": "^4.0.0"
+  "community.postgresql": "^3.9.0"
+  "containers.podman": "^1.16.0"
 license_file: LICENSE.md
 build_ignore:
 - '*.tar.gz'
@@ -16,5 +18,7 @@ tags:
   - elasticsearch
   - redis
   - mariadb
+  - postgresql
+  - postgres
   - valkey
   - docker

playbooks/postgresql.yml

@@ -0,0 +1,6 @@
+---
+- name: Deploy and configure PostgreSQL
+  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
+  become: "{{ postgresql_become | default(true, true) }}"
+  roles:
+    - role: finallycoffee.databases.postgresql

playbooks/postgresql_client.yml

@@ -0,0 +1,24 @@
+---
+- import_playbook: finallycoffee.databases.postgresql_user
+  vars:
+    postgresql_users:
+      - name: "{{ postgresql_client_username }}"
+        password: "{{ postgresql_client_password }}"
+- import_playbook: finallycoffee.databases.postgresql_database
+  vars:
+    postgresql_databases:
+      - name: "{{ postgresql_client_database }}"
+        owner: "{{ postgresql_client_username }}"
+        encoding: "{{ postgresql_client_database_encoding | default('UTF8', true) }}"
+        lc_ctype: "{{ postgresql_client_database_lc_ctype | default('en_US.UTF-8', true) }}"
+        lc_collate: "{{ postgresql_client_database_lc_collate | default('en_US.UTF-8', true) }}"
+- import_playbook: finallycoffee.databases.postgresql_host_based_authentication
+  vars:
+    postgresql_authentications:
+      - users: "{{ postgresql_client_username }}"
+        databases: "{{ postgresql_client_database }}"
+        contype: "{{ postgresql_client_database_contype | default('local') }}"
+        method: "{{ postgresql_client_database_auth_method | default('md5') }}"
+        options: "{{ postgresql_client_options | default(false, true) }}"
+        address: "{{ postgresql_client_address | default(false, true) }}"
+        netmask: "{{ postgresql_client_netmask | default(false, true) }}"

playbooks/postgresql_clients.yml

@@ -0,0 +1,4 @@
+---
+- import_playbook: finallycoffee.databases.postgresql_user
+- import_playbook: finallycoffee.databases.postgresql_database
+- import_playbook: finallycoffee.databases.postgresql_host_based_authentication

playbooks/postgresql_database.yml

@@ -0,0 +1,26 @@
+---
+- name: Configure postgresql databases
+  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
+  become: "{{ postgresql_become | default(false, true) }}"
+  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
+  tasks:
+    - name: Configure individual postgresql database
+      community.postgresql.postgresql_db:
+        name: "{{ postgresql_database.name }}"
+        owner: "{{ postgresql_database.owner | default(omit) }}"
+        state: "{{ postgresql_database_state }}"
+        template: "{{ postgresql_database.template | default(omit, true) }}"
+        encoding: "{{ postgresql_database.encoding | default(omit, true) }}"
+        lc_ctype: "{{ postgresql_database.lc_ctype | default(omit, true) }}"
+        lc_collate: "{{ postgresql_database.lc_collate | default(omit, true) }}"
+        login_host: "{{ postgresql_connection_host | default(omit, true) }}"
+        login_port: "{{ postgresql_connection_port | default(omit, true) }}"
+        login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}"
+        login_user: "{{ postgresql_connection_user | default(omit, true) }}"
+        login_password: "{{ postgresql_connection_password | default(omit, true) }}"
+      vars:
+        postgresql_database_state: "{{ postgresql_database.state | default('present', true) }}"
+      loop: "{{ postgresql_databases | default([]) }}"
+      loop_control:
+        loop_var: postgresql_database
+        label: "{{ postgresql_database.name }}"

playbooks/postgresql_host_based_authentication.yml

@@ -0,0 +1,23 @@
+---
+- name: Configure postgresql host based authentications
+  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
+  become: "{{ postgresql_become | default(false, true) }}"
+  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
+  tasks:
+    - name: Configure individual postgresql host based authentication
+      community.postgresql.postgresql_pg_hba:
+        dest: "{{ postgresql_pg_hba_conf_file }}"
+        users: "{{ postgresql_auth.users | default(omit) }}"
+        databases: "{{ postgresql_auth.databases | default(omit) }}"
+        contype: "{{ postgresql_auth.contype }}"
+        state: "{{ postgresql_auth_state }}"
+        method: "{{ postgresql_auth.method | default(omit, true) }}"
+        options: "{{ postgresql_auth.options | default(omit, true) }}"
+        address: "{{ postgresql_auth.address | default(omit, true) }}"
+        netmask: "{{ postgresql_auth.netmask | default(omit, true) }}"
+      vars:
+        postgresql_auth_state: "{{ postgresql_auth.state | default('present', true) }}"
+      loop: "{{ postgresql_authentications | default([]) }}"
+      loop_control:
+        loop_var: postgresql_auth
+        label: "{{ postgresql_auth.users }}@{{ postgresql_auth.databases }}"

playbooks/postgresql_user.yml

@@ -0,0 +1,24 @@
+---
+- name: Configure postgresql users
+  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
+  become: "{{ postgresql_become | default(false, true) }}"
+  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
+  tasks:
+    - name: Configure individual postgresql user
+      community.postgresql.postgresql_user:
+        name: "{{ postgresql_user.name }}"
+        state: "{{ postgresql_user_state }}"
+        password: "{{ postgresql_user_password }}"
+        login_host: "{{ postgresql_connection_host | default(omit, true) }}"
+        login_port: "{{ postgresql_connection_port | default(omit, true) }}"
+        login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}"
+        login_user: "{{ postgresql_connection_user | default(omit, true) }}"
+        login_password: "{{ postgresql_connection_password | default(omit, true) }}"
+      vars:
+        postgresql_user_state: "{{ postgresql_user.state | default('present', true) }}"
+        postgresql_user_password: >-2
+          {{ (postgresql_user_state != 'absent') | ternary(postgresql_user.password, omit) }}
+      loop: "{{ postgresql_users | default([]) }}"
+      loop_control:
+        loop_var: postgresql_user
+        label: "{{ postgresql_user.name }}"

roles/elasticsearch/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-elasticsearch_version: 8.15.3
+elasticsearch_version: "9.0.2"
 elasticsearch_state: present
 
 elasticsearch_base_path: /opt/elasticsearch

roles/mariadb/defaults/main.yml

@@ -1,9 +1,10 @@
 ---
-mariadb_version: "10.11.9"
+mariadb_version: "10.11.11"
 mariadb_base_path: /var/lib/mariadb
 mariadb_data_path: >-2
   {{ mariadb_base_path }}/{{ mariadb_version | split('.') | first }}
 mariadb_state: present
+mariadb_deployment_method: docker
 
 mariadb_root_password: ~
 mariadb_database: ~

roles/mariadb/tasks/deploy-docker.yml

@@ -0,0 +1,20 @@
+---
+- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
+  community.docker.docker_image:
+    name: "{{ mariadb_container_image }}"
+    state: "{{ mariadb_state }}"
+    source: "{{ mariadb_container_image_source }}"
+    force_source: "{{ mariadb_container_image_force_source }}"
+
+- name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
+  community.docker.docker_container:
+    name: "{{ mariadb_container_name }}"
+    image: "{{ mariadb_container_image }}"
+    env: "{{ mariadb_container_environment }}"
+    ports: "{{ mariadb_container_ports | default(omit, true) }}"
+    labels: "{{ mariadb_container_labels | default(omit, true) }}"
+    volumes: "{{ mariadb_container_volumes }}"
+    networks: "{{ mariadb_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
+    restart_policy: "{{ mariadb_container_restart_policy }}"
+    state: "{{ mariadb_container_state }}"

roles/mariadb/tasks/deploy-podman.yml

@@ -0,0 +1,20 @@
+---
+- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
+  containers.podman.podman_image:
+    name: "{{ mariadb_container_image }}"
+    state: "{{ mariadb_state }}"
+    pull: "{{ (mariadb_container_image_source == 'pull') | bool }}"
+    force: "{{ mariadb_container_image_force_source }}"
+
+- name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
+  containers.podman.podman_container:
+    name: "{{ mariadb_container_name }}"
+    image: "{{ mariadb_container_image }}"
+    env: "{{ mariadb_container_environment }}"
+    ports: "{{ mariadb_container_ports | default(omit, true) }}"
+    labels: "{{ mariadb_container_labels | default(omit, true) }}"
+    volumes: "{{ mariadb_container_volumes }}"
+    network: "{{ mariadb_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
+    restart_policy: "{{ mariadb_container_restart_policy }}"
+    state: "{{ mariadb_container_state }}"

roles/mariadb/tasks/main.yml

@@ -1,20 +1,19 @@
 ---
-- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
-  community.docker.docker_image:
-    name: "{{ mariadb_container_image }}"
-    state: "{{ mariadb_state }}"
-    source: "{{ mariadb_container_image_source }}"
-    force_source: "{{ mariadb_container_image_force_source }}"
+- name: Ensure mariadb state parameter is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unknown state '{{ mariadb_state }}'!
+      Supported states are {{ mariadb_states | join(', ') }}
+  when: mariadb_state not in mariadb_states
+
+- name: Ensure deployment method is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unknown deployment method '{{ mariadb_deployment_method }}'!
+      Supported deployment methods are {{ mariadb_deployment_methods | join(', ') }}
+  when: mariadb_deployment_method not in mariadb_deployment_methods
+
+- name: Ensure mariadb is deployed using {{ mariadb_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ mariadb_deployment_method }}.yml"
 
-- name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
-  community.docker.docker_container:
-    name: "{{ mariadb_container_name }}"
-    image: "{{ mariadb_container_image }}"
-    env: "{{ mariadb_container_environment }}"
-    ports: "{{ mariadb_container_ports | default(omit, true) }}"
-    labels: "{{ mariadb_container_labels | default(omit, true) }}"
-    volumes: "{{ mariadb_container_volumes }}"
-    networks: "{{ mariadb_container_networks | default(omit, true) }}"
-    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
-    restart_policy: "{{ mariadb_container_restart_policy }}"
-    state: "{{ mariadb_container_state }}"

roles/mariadb/vars/main.yml

@@ -1,4 +1,10 @@
 ---
+mariadb_states:
+  - present
+  - absent
+mariadb_deployment_methods:
+  - docker
+  - podman
 
 mariadb_container_database_environment:
   MARIADB_DATABASE: "{{ mariadb_database }}"

roles/postgresql/README.md

@@ -0,0 +1,27 @@
+# `finallycoffee.databases.postgresql` ansible role
+
+PostgreSQL is the self proclaimed "world's most advanced" open source relational
+database. This ansible role can deploy and configure postgresql.
+
+By default, the role configures the remote's effective ansible user with
+peer authentication for the (postgresql) role `postgres` on all databases (with all grants).
+
+## Required configuration
+
+Set `postgresql_superuser_password` to your superusers desired password.
+
+## Optional configuration
+
+Set `postgresql_major_version` to your desired postgresql major version,
+for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6).
+
+This role can be executed multiple times with different
+`postgresql_major_version` values to provide new database versions for up-to-
+date applications and older versions for software which does not yet support
+them. Container name and host mounts encode the major version to prevent
+accidental usage of the 'wrong' `PGDATA` directory.
+
+## Requirements
+
+- `psycopg2` (pip) package
+- `docker` (pip) package

roles/postgresql/defaults/main/config.yml

@@ -0,0 +1,18 @@
+---
+postgresql_config_connect_socket: true
+postgresql_config_unix_socket: "/var/run/postgresql"
+postgresql_config_unix_socket_directories:
+  - "{{ postgresql_config_unix_socket }}"
+postgresql_config_listen_addresses:
+  - '*'
+postgresql_config_port: 5432
+
+postgresql_base_config:
+  listen_addresses: "{{ postgresql_config_listen_addresses }}"
+  unix_socket_directories: "{{ postgresql_config_unix_socket_directories }}"
+  port: "{{ postgresql_config_port }}"
+postgresql_merged_config: >-2
+  {{ postgresql_base_config | combine(
+    postgresql_config | default({}, true),
+    recursive=True
+  ) }}

roles/postgresql/defaults/main/container.yml

@@ -0,0 +1,75 @@
+---
+postgresql_container_image_registry: docker.io
+postgresql_container_image_namespace: ~
+postgresql_container_image_name: postgres
+postgresql_container_image_tag: ~
+postgresql_container_image_source: pull
+postgresql_container_image_force_source: >-2
+  {{ postgresql_container_image_tag | default(false, true) | bool }}
+postgresql_container_image: >-2
+  {{
+    ([
+      postgresql_container_image_registry | default([], true),
+      postgresql_container_image_namespace | default([], true),
+      postgresql_container_image_name
+    ] | flatten | join('/'))
+    + ':' + postgresql_container_image_tag | default(
+      postgresql_version + (
+        ((postgresql_container_image_flavour is string)
+          and (postgresql_container_image_flavour | length > 0))
+        | ternary(
+          '-' + postgresql_container_image_flavour | default('', true),
+          '',
+        )
+      ),
+      true
+    )
+  }}
+
+postgresql_container_name: "postgresql-{{ postgresql_major_version }}"
+postgresql_container_env: ~
+postgresql_container_user: >-2
+  {{ postgresql_user_id }}:{{ postgresql_user_group_id }}
+postgresql_container_ports: ~
+postgresql_container_labels: ~
+postgresql_container_networks: ~
+postgresql_container_recreate: ~
+postgresql_container_etc_hosts: ~
+postgresql_container_restart_policy: "on-failure"
+postgresql_container_state: >-2
+  {{ (postgresql_state == 'present') | ternary('started', 'absent') }}
+postgresql_container_volumes: ~
+postgresql_container_unix_socket_path: >-2
+  {{ postgresql_config_unix_socket_directories | first }}
+postgresql_container_base_volumes:
+  - "{{ postgresql_container_passwd_file }}:/etc/passwd:ro"
+  - "{{ postgresql_data_path }}:{{ postgresql_container_data_dir }}:Z"
+postgresql_container_config_volumes:
+  - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro"
+  - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro"
+postgresql_container_unix_socket_volumes:
+  - "{{ postgresql_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
+postgresql_container_initdb_volumes: >-2
+  {{ postgresql_container_base_volumes
+    + postgresql_container_unix_socket_volumes
+    + (postgresql_container_volumes | default([], true)) }}
+postgresql_container_merged_volumes: >-2
+  {{ postgresql_container_base_volumes
+    + postgresql_container_config_volumes
+    + (postgresql_container_unix_socket_volumes if postgresql_config_connect_socket else [])
+    + (postgresql_container_volumes | default([], true)) }}
+postgresql_systemd_tmpfile_socket_correction_unit_name: >-2
+  {{ postgresql_container_unix_socket_path | split('/') | reject('eq', '') | join('-') }}
+
+# (Memory) performance tuning
+postgresql_container_memory: ~
+postgresql_container_memory_reservation: ~
+postgresql_container_shm_size: ~
+postgresql_container_oom_kill: ~
+postgresql_container_oom_score_adj: ~
+postgresql_container_ulimits: ~
+
+postgresql_container_user_name: "postgres"
+postgresql_unix_socket_path: "{{ postgresql_config_unix_socket }}"
+postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd"
+postgresql_container_data_dir: "/var/lib/postgresql/data"

roles/postgresql/defaults/main/main.yml

@@ -0,0 +1,33 @@
+---
+postgresql_user: postgresql
+postgresql_version: >-2
+  {{ postgresql_versions[postgresql_major_version | string] }}
+postgresql_major_version: 16
+postgresql_versions:
+  "17": "17.2"
+  "16": "16.6"
+  "15": "15.10"
+  "14": "14.15"
+
+postgresql_config_path: >-2
+  /etc/postgresql/{{ postgresql_major_version }}
+postgresql_data_path: >-2
+  /var/lib/postgresql/{{ postgresql_major_version }}
+postgresql_pg_ident_conf_file: >-2
+  {{ postgresql_config_path }}/pg_ident.conf
+postgresql_pg_hba_conf_file: >-2
+  {{ postgresql_config_path }}/pg_hba.conf
+postgresql_admin_role: "postgres"
+postgresql_admin_role_contype: local
+postgresql_admin_role_method: peer
+postgresql_admin_local_user: >-2
+  {{ ansible_facts['user_id'] }}
+postgresql_admin_role_mapping_name: >-2
+  {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }}
+postgresql_admin_pg_ident_conf: "{{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}"
+postgresql_admin_pg_hba_conf_options: >-2
+  map={{ postgresql_admin_role_mapping_name }}
+postgresql_superuser_password: ~
+
+postgresql_state: present
+postgresql_deployment_method: docker

roles/postgresql/defaults/main/user.yml

@@ -0,0 +1,10 @@
+---
+postgresql_user_system: true
+postgresql_user_create_home: false
+postgresql_user_groups: ~
+postgresql_user_append: ~
+
+postgresql_user_id: >-2
+  {{ postgresql_user_info.uid | default(postgresql_user, true) }}
+postgresql_user_group_id: >-2
+  {{ postgresql_user_info.group | default(postgresql_user, true) }}

roles/postgresql/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Restart postgresql container '{{ postgresql_container_name }}' (docker)
+  community.docker.docker_container:
+    name: "{{ postgresql_container_name }}"
+    state: "{{ postgresql_container_state }}"
+    restart: true
+    comparisons:
+      '*': "ignore"
+  when:
+    - postgresql_deployment_method == 'docker'
+    - postgresql_container_state not in ['absent', 'stopped']
+  listen: postgresql_restart

roles/postgresql/meta/main.yml

@@ -0,0 +1,12 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: postgresql
+  description: >-2
+    PostgreSQL is the self-proclaimed 'worlds most advanced' open source relational database
+  galaxy_tags:
+    - postgresql
+    - postgres
+    - database
+    - docker

roles/postgresql/tasks/configure.yml

@@ -0,0 +1,66 @@
+---
+- name: Configure postgresql
+  block:
+    - name: Ensure postgresql superuser is set
+      community.postgresql.postgresql_user:
+        name: "{{ postgresql_admin_role }}"
+        password: "{{ postgresql_superuser_password }}"
+        login_host: "{{ postgresql_login_host }}"
+      register: postgresql_superuser_password_result
+      until: "postgresql_superuser_password_result is succeeded"
+      retries: 10
+      delay: 2
+
+    - name: Ensure postgresql configuration is set
+      community.postgresql.postgresql_set:
+        name: "{{ option.key }}"
+        value: "{{ pg_option_value }}"
+        login_host: "{{ postgresql_login_host }}"
+        login_port: "{{ postgresql_config_port }}"
+        login_password: "{{ postgresql_superuser_password }}"
+      loop: "{{ postgresql_merged_config | dict2items }}"
+      loop_control:
+        loop_var: option
+      vars:
+        pg_option_value: >-2
+          {{
+            (option.value | join(' '))
+            if (option.value is iterable
+              and option.value is not string
+              and option.value is not mapping)
+            else option.value
+          }}
+      register: postgresql_config_results
+
+    - name: Ensure postgresql configuration is reloaded
+      community.postgresql.postgresql_query:
+        db: "postgres"
+        query: "SELECT pg_reload_conf();"
+        login_host: "{{ postgresql_login_host }}"
+        login_port: "{{ postgresql_config_port }}"
+        login_password: "{{ postgresql_superuser_password }}"
+
+    - name: Ensure restart handler is fired if required
+      debug:
+        msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}"
+      when: result.changed
+      changed_when: "{{ result.restart_required }}"
+      notify: postgresql_restart
+      loop: "{{ postgresql_config_results.results }}"
+      loop_control:
+        loop_var: result
+        label: "{{ result.option.key }}"
+  when: postgresql_state == 'present'
+  vars:
+    postgresql_login_host: >-2
+      {{
+        (
+          (postgresql_deployment_method in ['docker'])
+          | ternary(
+            postgresql_unix_socket_path,
+            (postgresql_config_unix_socket_directories | first)
+          )
+        )
+        if postgresql_config_connect_socket else 
+        (postgresql_container_info.container.NetworkSettings.IPAddress)
+      }}

roles/postgresql/tasks/deploy-docker.yml

@@ -0,0 +1,97 @@
+---
+- name: Ensure postgresql container image '{{ postgresql_container_image }}' is {{ postgresql_state }}
+  community.docker.docker_image:
+    name: "{{ postgresql_container_image }}"
+    state: "{{ postgresql_state }}"
+    source: "{{ postgresql_container_image_source }}"
+    force_source: "{{ postgresql_container_image_force_source }}"
+  register: postgresql_container_image_info
+  until: postgresql_container_image_info is success
+  retries: 5
+  delay: 4
+
+- name: Ensure /etc/passwd for container is {{ postgresql_state }}
+  ansible.builtin.template:
+    src: "postgresql-passwd.j2"
+    dest: "{{ postgresql_container_passwd_file }}"
+    owner: "{{ postgresql_user_id }}"
+    group: "{{ postgresql_user_group_id }}"
+    mode: "0640"
+  when: postgresql_state == 'present'
+
+- name: Ensure systemd unit to correct path permissions is {{ postgresql_state }}
+  ansible.builtin.copy:
+    dest: "/etc/systemd/system/{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
+    content: |+2
+      [Unit]
+      Description="Ensure permissions on {{ postgresql_container_unix_socket_path }}"
+      After=systemd-tmpfiles-setup.service
+      Before=docker.service
+      
+      [Service]
+      Type=exec
+      RemainAfterExit=yes
+      ExecStart=/bin/bash -c 'mkdir {{ postgresql_container_unix_socket_path }} ||:; chown {{ postgresql_user }}:{{ postgresql_user }} {{ postgresql_container_unix_socket_path }}'
+      
+      [Install]
+      WantedBy=multi-user.target
+  when:
+    - ansible_facts['service_mgr'] == 'systemd'
+    - postgresql_state == 'present'
+  register: postgresql_systemd_tmpfile_correction_unit_info
+
+- name: Ensure systemd is reloaded
+  ansible.builtin.systemd:
+    daemon_reload: true
+  when:
+    - postgresql_systemd_tmpfile_correction_unit_info.changed
+
+- name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
+  ansible.builtin.systemd:
+    name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
+    state: "{{ postgresql_container_state }}"
+  when: ansible_facts['service_mgr'] == 'systemd'
+  ignore_errors: "{{ ansible_check_mode }}"
+
+- name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
+  ansible.builtin.systemd:
+    name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
+    enabled: "{{ postgresql_state == 'present' }}"
+  when: ansible_facts['service_mgr'] == 'systemd'
+  ignore_errors: "{{ ansible_check_mode }}"
+
+- name: Lookup {{ postgresql_data_path }}/global
+  ansible.builtin.stat:
+    path: "{{ postgresql_data_path }}/global"
+    get_checksum: false
+  register: postgresql_global_data_info
+
+- name: Initialize database if empty
+  ansible.builtin.include_tasks:
+    file: "initialize-docker.yml"
+  when:
+    - postgresql_state == 'present'
+    - not postgresql_global_data_info.stat.exists
+    - postgresql_global_data_info.stat.isdir is defined
+    - not postgresql_global_data_info.stat.isdir
+
+- name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }}
+  community.docker.docker_container:
+    name: "{{ postgresql_container_name }}"
+    image: "{{ postgresql_container_image }}"
+    env: "{{ postgresql_container_env | default(omit, true) }}"
+    user: "{{ postgresql_container_user | default(omit, true) }}"
+    ports: "{{ postgresql_container_ports | default(omit, true) }}"
+    labels: "{{ postgresql_container_labels | default(omit, true) }}"
+    volumes: "{{ postgresql_container_merged_volumes }}"
+    recreate: "{{ postgresql_container_recreate | default(omit, true) }}"
+    networks: "{{ postgresql_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}"
+    memory: "{{ postgresql_container_memory | default(omit, true) }}"
+    memory_reservation: "{{ postgresql_container_memory_reservation | default(omit, true) }}"
+    oom_killer: "{{ postgresql_container_oom_killer | default(omit, true) }}"
+    oom_score_adj: "{{ postgresql_container_oom_score_adj | default(omit, true) }}"
+    shm_size: "{{ postgresql_container_shm_size | default(omit, true) }}"
+    ulimits: "{{ postgresql_container_ulimits | default(omit, true) }}"
+    restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}"
+    state: "{{ postgresql_container_state }}"

roles/postgresql/tasks/initialize-docker.yml

@@ -0,0 +1,47 @@
+---
+- name: Ensure container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} to initialise the database
+  community.docker.docker_container:
+    name: "{{ postgresql_container_name }}"
+    image: "{{ postgresql_container_image }}"
+    env: >-2
+      {{ postgresql_container_env | default({}, true)
+         | combine({'POSTGRES_PASSWORD': postgresql_superuser_password}) }}
+    user: "{{ postgresql_container_user | default(omit, true) }}"
+    ports: "{{ postgresql_container_ports | default(omit, true) }}"
+    labels: "{{ postgresql_container_labels | default(omit, true) }}"
+    volumes: "{{ postgresql_container_initdb_volumes }}"
+    recreate: "{{ postgresql_container_recreate | default(omit, true) }}"
+    networks: "{{ postgresql_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}"
+    memory: "{{ postgresql_container_memory | default(omit, true) }}"
+    memory_reservation: "{{ postgresql_container_memory_reservation | default(omit, true) }}"
+    oom_killer: "{{ postgresql_container_oom_killer | default(omit, true) }}"
+    oom_score_adj: "{{ postgresql_container_oom_score_adj | default(omit, true) }}"
+    shm_size: "{{ postgresql_container_shm_size | default(omit, true) }}"
+    ulimits: "{{ postgresql_container_ulimits | default(omit, true) }}"
+    restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}"
+    state: "{{ postgresql_container_state }}"
+  register: postgresql_container_info
+
+- name: Wait for container startup
+  block:
+    - name: Wait for container startup (socket)
+      ansible.builtin.wait_for:
+        path: "{{ postgresql_config_unix_socket_directories | first  }}/.s.PGSQL.{{ postgresql_config_port }}"
+      when: "postgresql_config_connect_socket | bool"
+    - name: Wait for container startup (port)
+      ansible.builtin.wait_for:
+        host: >-2
+          {{ (pg_addresses == '*') | ternary(
+                 omit,
+                 postgresql_config_listen_addresses | first
+             ) }}
+        port: "{{ postgresql_config_port }}"
+      when: "not postgresql_config_connect_socket | bool"
+      vars:
+        pg_addresses: "{{ postgresql_config_listen_addresses | join(',') }}"
+
+- name: Ensure init container '{{ postgresql_container_name }}' is removed
+  community.docker.docker_container:
+    name: "{{ postgresql_container_name }}"
+    state: absent

roles/postgresql/tasks/main.yml

@@ -0,0 +1,72 @@
+---
+- name: Ensure state is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Invalid state '{{ postgresql_state }}'! Supported
+      states are {{ postgresql_states | join(', ') }}.
+  when: postgresql_state not in postgresql_states
+
+- name: Ensure deployment method is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported deployment method '{{ postgresql_deployment_method }}!
+      Supported deployment methods are {{ postgresql_deployment_methods | join(', ') }}.
+  when: postgresql_deployment_method not in postgresql_deployment_methods
+
+- name: Ensure postgresql user '{{ postgresql_user }}' is {{ postgresql_state }}
+  ansible.builtin.user:
+    name: "{{ postgresql_user }}"
+    state: "{{ postgresql_state }}"
+    system: "{{ postgresql_user_system | default(omit, true) }}"
+    create_home: "{{ postgresql_user_create_home | default(omit, true) }}"
+    groups: "{{ postgresql_user_groups | default(omit, true) }}"
+    append: "{{ postgresql_user_append | default(omit, true) }}"
+  register: postgresql_user_info
+
+- name: Ensure directories are {{ postgresql_state }}
+  ansible.builtin.file:
+    path: "{{ path.name }}"
+    state: "{{ (postgresql_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ path.owner | default(postgresql_user_id, true) }}"
+    group: "{{ path.group | default(postgresql_user_group_id, true) }}"
+    mode: "{{ path.mode | default('0755', true) }}"
+  loop:
+    - name: "{{ postgresql_config_path }}"
+    - name: "{{ postgresql_data_path }}"
+      mode: "0700"
+  loop_control:
+    loop_var: path
+    label: "{{ path.name }}"
+
+- name: Check for existing PG_VERSION file
+  ansible.builtin.stat:
+    path: "{{ postgresql_data_path }}/PG_VERSION"
+  register: postgresql_data_dir_version_info
+
+- name: Read existing PG_VERSION file
+  ansible.builtin.slurp:
+    path: "{{ postgresql_data_path }}/PG_VERSION"
+  register: postgresql_data_dir_version_content
+  when:
+    - postgresql_data_dir_version_info.stat.exists
+
+- name: Prevent major version changes
+  ansible.builtin.fail:
+    msg: >-2
+      Mismatched postgresql version for the data directory!
+      Aborting...
+  when:
+    - postgresql_data_dir_version_info.stat.exists
+    - "(postgresql_data_dir_version_content.content | b64decode | int) != (postgresql_major_version | int)"
+
+- name: Prepare authentication and authorization for database admin role
+  ansible.builtin.include_tasks:
+    file: "prepare.yml"
+
+- name: Deploy postgresql using {{ postgresql_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ postgresql_deployment_method }}.yml"
+
+- name: Configure postgresql
+  ansible.builtin.include_tasks:
+    file: "configure.yml"

roles/postgresql/tasks/prepare.yml

@@ -0,0 +1,35 @@
+---
+- name: Ensure postgresql config files are {{ postgresql_state }}
+  ansible.builtin.lineinfile:
+    path: "{{ file.name }}"
+    insertafter: "{{ file.insert_after | default(omit) }}"
+    insertbefore: "{{ file.insert_before | default(omit) }}"
+    line: "{{ file.line }}"
+    owner: "{{ postgresql_user_id }}"
+    group: "{{ postgresql_user_group_id }}"
+    create: true
+  loop_control:
+    loop_var: file
+    label: "{{ file.name }}"
+  loop:
+    - name: "{{ postgresql_pg_hba_conf_file }}"
+      insert_before: "BOF"
+      line: "# Ansible managed"
+    - name: "{{ postgresql_pg_ident_conf_file }}"
+      insert_before: "BOF"
+      line: "# Ansible managed"
+    - name: "{{ postgresql_pg_ident_conf_file }}"
+      insert_after: "# Ansible managed"
+      line: "{{ postgresql_admin_pg_ident_conf }}"
+  when: postgresql_state == 'present'
+  notify: postgresql_restart
+
+- name: Configure permissions for postgresql admin role
+  community.postgresql.postgresql_pg_hba:
+    dest: "{{ postgresql_pg_hba_conf_file }}"
+    contype: "{{ postgresql_admin_role_contype }}"
+    users: "{{ postgresql_admin_role }}"
+    method: "{{ postgresql_admin_role_method }}"
+    options: "{{ postgresql_admin_pg_hba_conf_options }}"
+  when: postgresql_state == 'present'
+  notify: postgresql_restart

roles/postgresql/templates/postgresql-passwd.j2

@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
+_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
+nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
+{{ postgresql_container_user_name }}:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash

roles/postgresql/vars/main.yml

@@ -0,0 +1,6 @@
+---
+postgresql_states:
+  - present
+  - absent
+postgresql_deployment_methods:
+  - docker

roles/redis/tasks/deploy-docker.yml

@@ -23,4 +23,5 @@
     networks: "{{ redis_container_networks | default(omit, true) }}"
     etc_hosts: "{{ redis_container_etc_hosts | default(omit, true) }}"
     dns_servers: "{{ redis_container_dns_servers | default(omit, true) }}"
+    restart_policy: "{{ redis_container_restart_policy | default(omit, true) }}"
     state: "{{ redis_container_state }}"

roles/valkey/defaults/main/main.yml

@@ -1,5 +1,5 @@
 ---
-valkey_version: "8.0.1"
+valkey_version: "8.1.1"
 valkey_state: "present"
 valkey_instance: ~
 valkey_instance_suffix: >-2
@@ -9,6 +9,8 @@ valkey_user: >-2
   valkey{{ valkey_instance_suffix }}
 
 valkey_config_path: "/etc/valkey"
+valkey_config_path_owner: "root"
+valkey_config_path_group: "root"
 valkey_config_file: >-2
   {{ valkey_config_path }}/valkey{{ valkey_instance_suffix }}.conf
 valkey_data_path: "/var/lib/valkey{{ valkey_instance_suffix }}"

roles/valkey/tasks/deploy-docker.yml

@@ -23,4 +23,5 @@
     networks: "{{ valkey_container_networks | default(omit, true) }}"
     etc_hosts: "{{ valkey_container_etc_hosts | default(omit, true) }}"
     dns_servers: "{{ valkey_container_dns_servers | default(omit, true) }}"
+    restart_policy: "{{ valkey_container_restart_policy | default(omit, true) }}"
     state: "{{ valkey_container_state }}"

roles/valkey/tasks/main.yml

@@ -39,6 +39,8 @@
     mode: "{{ path.mode | default('0755') }}"
   loop:
     - name: "{{ valkey_config_path }}"
+      owner: "{{ valkey_config_path_owner }}"
+      group: "{{ valkey_config_path_group }}"
     - name: "{{ valkey_data_path }}"
   loop_control:
     loop_var: "path"