meta: bump collection version to 0.1.2, require community.docker>=4.0.0, community.postgresql>=3.9.0

LICENSE.md

@@ -0,0 +1,482 @@
+THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS
+COOPERATIVE NON-VIOLENT PUBLIC LICENSE (\"LICENSE\"). THE WORK IS
+PROTECTED BY COPYRIGHT AND ALL OTHER APPLICABLE LAWS. ANY USE OF THE
+WORK OTHER THAN AS AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS
+PROHIBITED. BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED IN THIS
+LICENSE, YOU AGREE TO BE BOUND BY THE TERMS OF THIS LICENSE.TO THE
+EXTENT THIS LICENSE MAY BE CONSIDERED TO BE A CONTRACT, THE LICENSOR
+GRANTS YOU THE RIGHTS CONTAINED HERE IN AS CONSIDERATION FOR ACCEPTING
+THE TERMS AND CONDITIONS OF THIS LICENSE AND FOR AGREEING TO BE BOUND BY
+THE TERMS AND CONDITIONS OF THIS LICENSE.
+
+# Definitions
+
+An Act of War is any action of one country against any group either with
+an intention to provoke a conflict or an action that occurs during a
+declared war or during armed conflict between military forces of any
+origin. This includes but is not limited to enforcing sanctions or
+sieges, supplying armed forces, or profiting from the manufacture of
+tools or weaponry used in military conflict.
+
+An Adaptation is a work based upon the Work, or upon the Work and other
+pre-existing works, such as a translation, adaptation, derivative work,
+arrangement of music or other alterations of a literary or artistic
+work, or phonogram or performance and includes cinematographic
+adaptations or any other form in which the Work may be recast,
+transformed, or adapted including in any form recognizably derived from
+the original, except that a work that constitutes a Collection will not
+be considered an Adaptation for the purpose of this License. For the
+avoidance of doubt, where the Work is a musical work, performance or
+phonogram, the synchronization of the Work in timed-relation with a
+moving image (\"synching\") will be considered an Adaptation for the
+purpose of this License. In addition, where the Work is designed to
+output a neural network the output of the neural network will be
+considered an Adaptation for the purpose of this license.
+
+Bodily Harm is any physical hurt or injury to a person that interferes
+with the health or comfort of the person and that is more than merely
+transient or trifling in nature.
+
+Distribute is to make available to the public the original and copies of
+the Work or Adaptation, as appropriate, through sale, gift or any other
+transfer of possession or ownership.
+
+Incarceration is Confinement in a jail, prison, or any other place where
+individuals of any kind are held against either their will or (if their
+will cannot be determined) the will of their legal guardian or
+guardians. In the case of a conflict between the will of the individual
+and the will of their legal guardian or guardians, the will of the
+individual will take precedence.
+
+Licensor is The individual, individuals, entity, or entities that
+offer(s) the Work under the terms of this License
+
+Original Author is in the case of a literary or artistic work, the
+individual, individuals, entity or entities who created the Work or if
+no individual or entity can be identified, the publisher; and in
+addition
+
+-   in the case of a performance the actors, singers, musicians,
+    dancers, and other persons who act, sing, deliver, declaim, play in,
+    interpret or otherwise perform literary or artistic works or
+    expressions of folklore;
+
+-   in the case of a phonogram the producer being the person or legal
+    entity who first fixes the sounds of a performance or other sounds;
+    and,
+
+-   in the case of broadcasts, the organization that transmits the
+    broadcast.
+
+Work is the literary and/or artistic work offered under the terms of
+this License including without limitation any production in the
+literary, scientific and artistic domain, whatever may be the mode or
+form of its expression including digital form, such as a book, pamphlet
+and other writing; a lecture, address, sermon or other work of the same
+nature; a dramatic or dramatico-musical work; a choreographic work or
+entertainment in dumb show; a musical composition with or without words;
+a cinematographic work to which are assimilated works expressed by a
+process analogous to cinematography; a work of drawing, painting,
+architecture, sculpture, engraving or lithography; a photographic work
+to which are assimilated works expressed by a process analogous to
+photography; a work of applied art; an illustration, map, plan, sketch
+or three-dimensional work relative to geography, topography,
+architecture or science; a performance; a broadcast; a phonogram; a
+compilation of data to the extent it is protected as a copyrightable
+work; or a work performed by a variety or circus performer to the extent
+it is not otherwise considered a literary or artistic work.
+
+You means an individual or entity exercising rights under this License
+who has not previously violated the terms of this License with respect
+to the Work, or who has received express permission from the Licensor to
+exercise rights under this License despite a previous violation.
+
+Publicly Perform means to perform public recitations of the Work and to
+communicate to the public those public recitations, by any means or
+process, including by wire or wireless means or public digital
+performances; to make available to the public Works in such a way that
+members of the public may access these Works from a place and at a place
+individually chosen by them; to perform the Work to the public by any
+means or process and the communication to the public of the performances
+of the Work, including by public digital performance; to broadcast and
+rebroadcast the Work by any means including signs, sounds or images.
+
+Reproduce is to make copies of the Work by any means including without
+limitation by sound or visual recordings and the right of fixation and
+reproducing fixations of the Work, including storage of a protected
+performance or phonogram in digital form or other electronic medium.
+
+Software is any digital Work which, through use of a third-party piece
+of Software or through the direct usage of itself on a computer system,
+the memory of the computer is modified dynamically or semi-dynamically.
+\"Software\", secondly, processes or interprets information.
+
+Source Code is Any digital Work which, through use of a third-party
+piece of Software or through the direct usage of itself on a computer
+system, the memory of the computer is modified dynamically or
+semi-dynamically. \"Software\", secondly, processes or interprets
+information.
+
+Surveilling is the use of the Work to either overtly or covertly observe
+and record persons and or their activities.
+
+A Network Service is the use of a piece of Software to interpret or
+modify information that is subsequently and directly served to users
+over the Internet.
+
+To Discriminate is the use of a piece of Software to interpret or modify
+information that is subsequently and directly served to users over the
+Internet.
+
+Hate Speech is Communication or any form of expression which is solely
+for the purpose of expressing hatred for some group or advocating a form
+of Discrimination between humans.
+
+Coercion is leveraging of the threat of force or use of force to
+intimidate a person in order to gain compliance, or to offer large
+incentives which aim to entice a person to act against their will.
+
+# Fair Dealing Rights
+
+Nothing in this License is intended to reduce, limit, or restrict any
+uses free from copyright or rights arising from limitations or
+exceptions that are provided for in connection with the copyright
+protection under copyright law or other applicable laws.
+
+# License Grant
+
+Subject to the terms and conditions of this License, Licensor hereby
+grants You a worldwide, royalty-free, non-exclusive, perpetual (for the
+duration of the applicable copyright) license to exercise the rights in
+the Work as stated below:
+
+To Reproduce the Work, to incorporate the Work into one or more
+Collections, and to Reproduce the Work as incorporated in the
+Collections
+
+To create and Reproduce Adaptations provided that any such Adaptation,
+including any translation in any medium, takes reasonable steps to
+clearly label, demarcate or otherwise identify that changes were made to
+the original Work. For example, a translation could be marked \"The
+original work was translated from English to Spanish,\" or a
+modification could indicate \"The original work has been modified.\"
+
+To Distribute and Publicly Perform the Work including as incorporated in
+Collections.
+
+To Distribute and Publicly Perform Adaptations. The above rights may be
+exercised in all media and formats whether now known or hereafter
+devised. The above rights include the right to make such modifications
+as are technically necessary to exercise the rights in other media and
+formats. This License constitutes the entire agreement between the
+parties with respect to the Work licensed here. There are no
+understandings, agreements or representations with respect to the Work
+not specified here. Licensor shall not be bound by any additional
+provisions that may appear in any communication from You. This License
+may not be modified without the mutual written agreement of the Licensor
+and You. All rights not expressly granted by Licensor are hereby
+reserved, including but not limited to the rights set forth in
+Non-waivable Compulsory License Schemes, Waivable Compulsory License
+Schemes, and Voluntary License Schemes in the restrictions.
+
+# Restrictions
+
+The license granted in the license grant above is expressly made subject
+to and limited by the following restrictions:
+
+You may Distribute or Publicly Perform the Work only under the terms of
+this License. You must include a copy of, or the Uniform Resource
+Identifier (URI) for, this License with every copy of the Work You
+Distribute or Publicly Perform. You may not offer or impose any terms on
+the Work that restrict the terms of this License or the ability of the
+recipient of the Work to exercise the rights granted to that recipient
+under the terms of the License. You may not sublicense the Work. You
+must keep intact all notices that refer to this License and to the
+disclaimer of warranties with every copy of the Work You Distribute or
+Publicly Perform. When You Distribute or Publicly Perform the Work, You
+may not impose any effective technological measures on the Work that
+restrict the ability of a recipient of the Work from You to exercise the
+rights granted to that recipient under the terms of the License. This
+Section applies to the Work as incorporated in a Collection, but this
+does not require the Collection apart from the Work itself to be made
+subject to the terms of this License. If You create a Collection, upon
+notice from any Licensor You must, to the extent practicable, remove
+from the Collection any credit as requested. If You create an
+Adaptation, upon notice from any Licensor You must, to the extent
+practicable, remove from the Adaptation any credit as requested.
+
+## Commercial Restrictions
+
+You may not exercise any of the rights granted to You in the above
+section in any manner that is primarily intended for or directed toward
+commercial advantage or private monetary compensation unless you meet
+the following requirements.
+
+i.  You are a worker-owned business or worker-owned collective.
+
+ii. after tax, all financial gain, surplus, profits and benefits
+    produced by the business or collective are distributed among the
+    worker-owners unless a set amount is to be allocated towards
+    community projects as decided by a previously-established consensus
+    agreement between the worker-owners where all worker-owners agreed.
+
+iii. You are not using such rights on behalf of a business other than
+     those specified in (i) or (ii) above, nor are using such rights as
+     a proxy on behalf of a business with the intent to circumvent the
+     aforementioned restrictions on such a business.
+
+The exchange of the Work for other copyrighted works by means of digital
+file-sharing or otherwise shall not be considered to be intended for or
+directed toward commercial advantage or private monetary compensation,
+provided there is no payment of any monetary compensation in connection
+with the exchange of copyrighted works.
+
+If the Work meets the definition of Software, You may exercise the
+rights granted in the license grant only if You provide a copy of the
+corresponding Source Code from which the Work was derived in digital
+form, or You provide a URI for the corresponding Source Code of the
+Work, to any recipients upon request.
+
+If the Work is used as or for a Network Service, You may exercise the
+rights granted in the license grant only if You provide a copy of the
+corresponding Source Code from which the Work was derived in digital
+form, or You provide a URI for the corresponding Source Code to the
+Work, to any recipients of the data served or modified by the Web
+Service.
+
+Any use by a business that is privately owned and managed, and that
+seeks to generate profit from the labor of employees paid by salary or
+other wages, is not permitted under this license.
+
+## 
+
+You may exercise the rights granted in the license grant for any
+purposes only if:
+
+i.  You do not use the Work for the purpose of inflicting Bodily Harm on
+    human beings (subject to criminal prosecution or otherwise) outside
+    of providing medical aid or undergoing a voluntary procedure under
+    no form of Coercion.
+
+ii. You do not use the Work for the purpose of Surveilling or tracking
+    individuals for financial gain.
+
+iii. You do not use the Work in an Act of War.
+
+iv. You do not use the Work for the purpose of supporting or profiting
+    from an Act of War.
+
+v.  You do not use the Work for the purpose of Incarceration.
+
+vi. You do not use the Work for the purpose of extracting, processing,
+    or refining, oil, gas, or coal. Or to in any other way to
+    deliberately pollute the environment as a byproduct of manufacturing
+    or irresponsible disposal of hazardous materials.
+
+vii. You do not use the Work for the purpose of expediting,
+     coordinating, or facilitating paid work undertaken by individuals
+     under the age of 12 years.
+
+viii. You do not use the Work to either Discriminate or spread Hate
+      Speech on the basis of sex, sexual orientation, gender identity,
+      race, age, disability, color, national origin, religion, caste, or
+      lower economic status.
+
+## 
+
+If You Distribute, or Publicly Perform the Work or any Adaptations or
+Collections, You must, unless a request has been made by any Licensor to
+remove credit from a Collection or Adaptation, keep intact all copyright
+notices for the Work and provide, reasonable to the medium or means You
+are utilizing:
+
+i.  the name of the Original Author (or pseudonym, if applicable) if
+    supplied, and/or if the Original Author and/or Licensor designate
+    another party or parties (e.g., a sponsor institute, publishing
+    entity, journal) for attribution (\"Attribution Parties\") in
+    Licensor\'s copyright notice, terms of service or by other
+    reasonable means, the name of such party or parties;
+
+ii. the title of the Work if supplied;
+
+iii. to the extent reasonably practicable, the URI, if any, that
+     Licensor to be associated with the Work, unless such URI does not
+     refer to the copyright notice or licensing information for the
+     Work; and,
+
+iv. in the case of an Adaptation, a credit identifying the use of the
+    Work in the Adaptation (e.g., \"French translation of the Work by
+    Original Author,\" or \"Screenplay based on original Work by
+    Original Author\").
+
+If any Licensor has sent notice to request removing credit, You must, to
+the extent practicable, remove any credit as requested. The credit
+required by this Section may be implemented in any reasonable manner;
+provided, however, that in the case of an Adaptation or Collection, at a
+minimum such credit will appear, if a credit for all contributing
+authors of the Adaptation or Collection appears, then as part of these
+credits and in a manner at least as prominent as the credits for the
+other contributing authors. For the avoidance of doubt, You may only use
+the credit required by this Section for the purpose of attribution in
+the manner set out above and, by exercising Your rights under this
+License, You may not implicitly or explicitly assert or imply any
+connection with, sponsorship or endorsement by the Original Author,
+Licensor and/or Attribution Parties, as appropriate, of You or Your use
+of the Work, without the separate, express prior written permission of
+the Original Author, Licensor and/or Attribution Parties.
+
+Non-waivable Compulsory License Schemes. In those jurisdictions in which
+the right to collect royalties through any statutory or compulsory
+licensing scheme cannot be waived, the Licensor reserves the exclusive
+right to collect such royalties for any exercise by You of the rights
+granted under this License
+
+Waivable Compulsory License Schemes. In those jurisdictions in which the
+right to collect royalties through any statutory or compulsory licensing
+scheme can be waived, the Licensor reserves the exclusive right to
+collect such royalties for any exercise by You of the rights granted
+under this License if Your exercise of such rights is for a purpose or
+use which is otherwise than noncommercial as permitted under Commercial
+Restrictions and otherwise waives the right to collect royalties through
+any statutory or compulsory licensing scheme.
+
+Voluntary License Schemes. The Licensor reserves the right to collect
+royalties, whether individually or, in the event that the Licensor is a
+member of a collecting society that administers voluntary licensing
+schemes, via that society, from any exercise by You of the rights
+granted under this License that is for a purpose or use which is
+otherwise than noncommercial as permitted under the license grant.
+
+Except as otherwise agreed in writing by the Licensor or as may be
+otherwise permitted by applicable law, if You Reproduce, Distribute or
+Publicly Perform the Work either by itself or as part of any Adaptations
+or Collections, You must not distort, mutilate, modify or take other
+derogatory action in relation to the Work which would be prejudicial to
+the Original Author\'shonor or reputation. Licensor agrees that in those
+jurisdictions (e.g. Japan), in which any exercise of the right granted
+in the license grant of this License (the right to make Adaptations)
+would be deemed to be a distortion, mutilation, modification or other
+derogatory action prejudicial to the Original Author\'s honor and
+reputation, the Licensor will waive or not assert, as appropriate, this
+Section, to the fullest extent permitted by the applicable national law,
+to enable You to reasonably exercise Your right under the license grant
+of this License (right to make Adaptations) but not otherwise.
+
+Do not make any legal claim against anyone accusing the Work, with or
+without changes, alone or with other works, of infringing any patent
+claim.
+
+# Representations Warranties and Disclaimer
+
+UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR
+OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY
+KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE,
+INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY,
+FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF
+LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS,
+WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE
+EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
+
+# Limitation on Liability
+
+EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW, IN NO EVENT WILL
+LICENSOR BE LIABLE TO YOU ON ANY LEGAL THEORY FOR ANY SPECIAL,
+INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF
+THIS LICENSE OR THE USE OF THE WORK, EVEN IF LICENSOR HAS BEEN ADVISED
+OF THE POSSIBILITY OF SUCH DAMAGES.
+
+# Termination
+
+This License and the rights granted hereunder will terminate
+automatically upon any breach by You of the terms of this License.
+Individuals or entities who have received Adaptations or Collections
+from You under this License, however, will not have their licenses
+terminated provided such individuals or entities remain in full
+compliance with those licenses. The Sections on definitions, fair
+dealing rights, representations, warranties, and disclaimer, limitation
+on liability, termination, and revised license versions will survive any
+termination of this License.
+
+Subject to the above terms and conditions, the license granted here is
+perpetual (for the duration of the applicable copyright in the Work).
+Notwithstanding the above, Licensor reserves the right to release the
+Work under different license terms or to stop distributing the Work at
+any time; provided, however that any such election will not serve to
+withdraw this License (or any other license that has been, or is
+required to be, granted under the terms of this License), and this
+License will continue in full force and effect unless terminated as
+stated above.
+
+# Revised License Versions
+
+This License may receive future revisions in the original spirit of the
+license intended to strengthen This License. Each version of This
+License has an incrementing version number.
+
+Unless otherwise specified like in the below subsection The Licensor has
+only granted this current version of This License for The Work. In this
+case future revisions do not apply.
+
+The Licensor may specify that the latest available revision of This
+License be used for The Work by either explicitly writing so or by
+suffixing the License URI with a \"+\" symbol.
+
+The Licensor may specify that The Work is also available under the terms
+of This License\'s current revision as well as specific future
+revisions. The Licensor may do this by writing it explicitly or
+suffixing the License URI with any additional version numbers each
+separated by a comma.
+
+# Miscellaneous
+
+Each time You Distribute or Publicly Perform the Work or a Collection,
+the Licensor offers to the recipient a license to the Work on the same
+terms and conditions as the license granted to You under this License.
+
+Each time You Distribute or Publicly Perform an Adaptation, Licensor
+offers to the recipient a license to the original Work on the same terms
+and conditions as the license granted to You under this License.
+
+If the Work is classified as Software, each time You Distribute or
+Publicly Perform an Adaptation, Licensor offers to the recipient a copy
+and/or URI of the corresponding Source Code on the same terms and
+conditions as the license granted to You under this License.
+
+If the Work is used as a Network Service, each time You Distribute or
+Publicly Perform an Adaptation, or serve data derived from the Software,
+the Licensor offers to any recipients of the data a copy and/or URI of
+the corresponding Source Code on the same terms and conditions as the
+license granted to You under this License.
+
+If any provision of this License is invalid or unenforceable under
+applicable law, it shall not affect the validity or enforceability of
+the remainder of the terms of this License, and without further action
+by the parties to this agreement, such provision shall be reformed to
+the minimum extent necessary to make such provision valid and
+enforceable.
+
+No term or provision of this License shall be deemed waived and no
+breach consented to unless such waiver or consent shall be in writing
+and signed by the party to be charged with such waiver or consent.
+
+This License constitutes the entire agreement between the parties with
+respect to the Work licensed here. There are no understandings,
+agreements or representations with respect to the Work not specified
+here. Licensor shall not be bound by any additional provisions that may
+appear in any communication from You. This License may not be modified
+without the mutual written agreement of the Licensor and You.
+
+The rights granted under, and the subject matter referenced, in this
+License were drafted utilizing the terminology of the Berne Convention
+for the Protection of Literary and Artistic Works (as amended on
+September 28, 1979), the Rome Convention of 1961, the WIPO Copyright
+Treaty of 1996, the WIPO Performances and Phonograms Treaty of 1996 and
+the Universal Copyright Convention (as revised on July 24, 1971). These
+rights and subject matter take effect in the relevant jurisdiction in
+which the License terms are sought to be enforced according to the
+corresponding provisions of the implementation of those treaty
+provisions in the applicable national law. If the standard suite of
+rights granted under applicable copyright law includes additional rights
+not granted under this License, such additional rights are deemed to be
+included in the License; this License is not intended to restrict the
+license of any rights under applicable law.

README.md

@@ -0,0 +1,19 @@
+# `finallycoffee.databases` ansible collection
+
+## Roles
+
+- [`elasticsearch`](roles/elasticsearch/README.md): deploy
+  elasticsearch (OSS) in a docker container
+
+- [`redis`](roles/redis/README.md): deploy and configure redis,
+  a fast cache, vector search and NoSQL database.
+
+- [`mariadb`](roles/mariadb/README.md): deploy mariadb
+  in a docker container
+
+- [`postgresql`](roles/postgresql/README.md): deploy postgresql,
+  the worlds most advances open-source relational database
+
+- [`valkey`](roles/valkey/README.md): deploy and configure valkey,
+  an open source in-memory data store under BSD license, forked
+  from redis.

galaxy.yml

@@ -0,0 +1,23 @@
+namespace: finallycoffee
+name: databases
+version: 0.1.2
+readme: README.md
+authors:
+- transcaffeine <transcaffeine@finally.coffee>
+description: Collection for deploying and configuring databases
+dependencies:
+  "community.docker": "^4.0.0"
+  "community.postgresql": "^3.9.0"
+license_file: LICENSE.md
+build_ignore:
+- '*.tar.gz'
+repository: https://git.finally.coffee/finallycoffee/databases
+issues: https://codeberg.org/finallycoffee/ansible-collection-databases/issues
+tags:
+  - elasticsearch
+  - redis
+  - mariadb
+  - postgresql
+  - postgres
+  - valkey
+  - docker

meta/runtime.yml

@@ -0,0 +1,2 @@
+---
+requires_ansible: ">=2.15"

playbooks/postgresql.yml

@@ -0,0 +1,6 @@
+---
+- name: Deploy and configure PostgreSQL
+  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
+  become: "{{ postgresql_become | default(true, true) }}"
+  roles:
+    - role: finallycoffee.databases.postgresql

playbooks/valkey.yml

@@ -0,0 +1,6 @@
+---
+- name: Deploy and configure valkey
+  hosts: "{{ valkey_hosts | default('valkey', true) }}"
+  become: "{{ valkey_become | default(true, true) }}"
+  roles:
+    - finallycoffee.databases.valkey

roles/elasticsearch/README.md

@@ -0,0 +1,22 @@
+# `finallycoffee.base.elastiscsearch`
+
+A simple ansible role which deploys a single-node elastic container to provide
+an easy way to do some indexing.
+
+## Usage
+
+Per default, `/opt/elasticsearch/data` is used to persist data, it is
+customizable by using either `elasticsearch_base_path` or `elasticsearch_data_path`.
+
+As elasticsearch be can be quite memory heavy, the maximum amount of allowed RAM
+can be configured using `elasticsearch_allocated_ram_mb`, defaulting to 512 (mb).
+
+The cluster name and discovery type can be overridden using
+`elasticsearch_config_cluster_name` (default: elastic) and
+`elasticsearch_config_discovery_type` (default: single-node), should one
+need a multi-node elasticsearch deployment.
+
+Per default, no ports or networks are mapped, and explizit mapping using
+either ports (`elasticsearch_container_ports`) or networks
+(`elasticsearch_container_networks`) is required in order for other services
+to use elastic.

roles/elasticsearch/defaults/main.yml

@@ -0,0 +1,50 @@
+---
+elasticsearch_version: "8.17.0"
+elasticsearch_state: present
+
+elasticsearch_base_path: /opt/elasticsearch
+elasticsearch_data_path: "{{ elasticsearch_base_path }}/data"
+
+elasticsearch_config_cluster_name: elastic
+elasticsearch_config_discovery_type: single-node
+elasticsearch_config_boostrap_memory_lock: true
+elasticsearch_allocated_ram_mb: 512
+
+elasticsearch_container_image_registry: docker.elastic.co
+elasticsearch_container_image_namespace: elasticsearch
+elasticsearch_container_image_name: elasticsearch-oss
+elasticsearch_container_image_tag: ~
+elasticsearch_container_image: >-2
+  {{
+    ([
+      elasticsearch_container_image_registry | default([], true),
+      elasticsearch_container_image_namespace | default([], true),
+      elasticsearch_container_image_name,
+    ] | flatten | join('/'))
+    + ':' +
+    (elasticsearch_container_image_tag | default(elasticsearch_version, true))
+  }}
+elasticsearch_container_image_source: pull
+elasticsearch_container_image_force_source: >-2
+  {{ elasticsearch_container_image_tag | default(false, true) | bool }}
+
+elasticsearch_container_name: elasticsearch
+elasticsearch_container_env:
+  "ES_JAVA_OPTS": "-Xms{{ elasticsearch_allocated_ram_mb }}m -Xmx{{ elasticsearch_allocated_ram_mb }}m"
+  "cluster.name": "{{ elasticsearch_config_cluster_name }}"
+  "discovery.type": "{{ elasticsearch_config_discovery_type }}"
+  "bootstrap.memory_lock": "{{ 'true' if elasticsearch_config_boostrap_memory_lock else 'false' }}"
+elasticsearch_container_user: ~
+elasticsearch_container_ports: ~
+elasticsearch_container_labels:
+  version: "{{ elasticsearch_version }}"
+elasticsearch_container_ulimits:
+#  - "memlock:{{ (1.5 * 1024 * elasticsearch_allocated_ram_mb) | int }}:{{ (1.5 * 1024 * elasticsearch_allocated_ram_mb) | int }}"
+  - "memlock:-1:-1"
+elasticsearch_container_volumes:
+  - "{{ elasticsearch_data_path }}:/usr/share/elasticsearch/data:z"
+elasticsearch_container_networks: ~
+elasticsearch_container_purge_networks: ~
+elasticsearch_container_restart_policy: unless-stopped
+elasticsearch_container_state: >-2
+  {{ (elasticsearch_state == 'present') | ternary('started', 'absent') }}

roles/elasticsearch/meta/main.yml

@@ -0,0 +1,10 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: elasticsearch
+  description: >-2
+    Deploy elasticsearch in a docker container
+  galaxy_tags:
+    - elasticsearch
+    - docker

roles/elasticsearch/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+- name: Check if state is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported state '{{ elasticsearch_state }}'. Supported
+      states are {{ elasticsearch_states | join(', ') }}.
+  when: elasticsearch_state not in elasticsearch_states
+
+- name: Ensure host directories are {{ elasticsearch_state }}
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: "0777"
+  loop:
+    - "{{ elasticsearch_base_path }}"
+    - "{{ elasticsearch_data_path }}"
+
+- name: Ensure elasticsearch container image '{{ elasticsearch_container_image }}' is {{ elasticsearch_state }}
+  community.docker.docker_image:
+    name: "{{ elasticsearch_container_image }}"
+    state: "{{ elasticsearch_state }}"
+    source: "{{ elasticsearch_container_image_source }}"
+    force_source: "{{ elasticsearch_container_image_force_source }}"
+    force_source: "{{ elasticsearch_container_image_tag|default(false, true)|bool }}"
+
+- name: Ensure elasticsearch container '{{ elasticsearch_container_name }}' is {{ elasticsearch_container_state }}
+  community.docker.docker_container:
+    name: "{{ elasticsearch_container_name }}"
+    image: "{{ elasticsearch_container_image }}"
+    env: "{{ elasticsearch_container_env | default(omit, True) }}"
+    user: "{{ elasticsearch_container_user | default(omit, True) }}"
+    ports: "{{ elasticsearch_container_ports | default(omit, True) }}"
+    labels: "{{ elasticsearch_container_labels | default(omit, True) }}"
+    volumes: "{{ elasticsearch_container_volumes }}"
+    ulimits: "{{ elasticsearch_container_ulimits }}"
+    networks: "{{ elasticsearch_container_networks | default(omit, True) }}"
+    restart_policy: "{{ elasticsearch_container_restart_policy }}"
+    state: "{{ elasticsearch_container_state }}"

roles/elasticsearch/vars/main.yml

@@ -0,0 +1,4 @@
+---
+elasticsearch_states:
+  - present
+  - absent

roles/mariadb/defaults/main.yml

@@ -1,8 +1,9 @@
 ---
-
+mariadb_version: "10.11.10"
-mariadb_version: "10.6.11"
 mariadb_base_path: /var/lib/mariadb
-mariadb_data_path: "{{ mariadb_base_path }}/{{ mariadb_version }}"
+mariadb_data_path: >-2
+  {{ mariadb_base_path }}/{{ mariadb_version | split('.') | first }}
+mariadb_state: present
 
 mariadb_root_password: ~
 mariadb_database: ~
@@ -13,10 +14,24 @@ mariadb_container_base_environment:
   MARIADB_ROOT_PASSWORD: "{{ mariadb_root_password }}"
 mariadb_container_extra_environment: {}
 
-mariadb_container_name: mariadb
+mariadb_container_image_registry: docker.io
-mariadb_container_image_name: docker.io/mariadb
+mariadb_container_image_namespace: ~
+mariadb_container_image_name: mariadb
 mariadb_container_image_tag: ~
-mariadb_container_image: "{{ mariadb_container_image_name }}:{{ mariadb_container_image_tag | default(mariadb_version, true) }}"
+mariadb_container_image: >-2
+  {{
+    ([
+      mariadb_container_image_registry | default([], true),
+      mariadb_container_image_namespace | default([], true),
+      mariadb_container_image_name,
+    ] | flatten | join('/'))
+    + ':' + mariadb_container_image_tag | default(mariadb_version, true)
+  }}
+mariadb_container_image_source: pull
+mariadb_container_image_force_source: >-2
+  {{ mariadb_container_image_tag | default(false, true) | bool }}
+
+mariadb_container_name: mariadb
 mariadb_container_base_volumes:
   - "{{ mariadb_data_path }}:{{ mariadb_container_data_path }}:z"
 mariadb_container_extra_volumes: []
@@ -30,3 +45,5 @@ mariadb_container_environment: >-2
       if (mariadb_database and mariadb_username and mariadb_password)
       else {}, recursive=True)
   | combine(mariadb_container_extra_environment) }}
+mariadb_container_state: >-2
+  {{ (mariadb_state == 'present') | ternary('started', 'absent') }}

roles/mariadb/meta/main.yml

@@ -0,0 +1,10 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: mariadb
+  description: >-2
+    Deploy mariadb using docker
+  galaxy_tags:
+    - mariadb
+    - docker

roles/mariadb/tasks/main.yml

@@ -1,20 +1,20 @@
 ---
-- name: Ensure mariaDB container image is present on host
+- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
   community.docker.docker_image:
     name: "{{ mariadb_container_image }}"
-    state: present
+    state: "{{ mariadb_state }}"
-    source: pull
+    source: "{{ mariadb_container_image_source }}"
+    force_source: "{{ mariadb_container_image_force_source }}"
 
-- name: Ensure mariaDB {{ mariadb_version }} is running as '{{ mariadb_container_name }}'
+- name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
   community.docker.docker_container:
     name: "{{ mariadb_container_name }}"
     image: "{{ mariadb_container_image }}"
     env: "{{ mariadb_container_environment }}"
-    ports: "{{ mariadb_container_ports }}"
+    ports: "{{ mariadb_container_ports | default(omit, true) }}"
-    labels: "{{ mariadb_container_labels }}"
+    labels: "{{ mariadb_container_labels | default(omit, true) }}"
     volumes: "{{ mariadb_container_volumes }}"
     networks: "{{ mariadb_container_networks | default(omit, true) }}"
     etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
-    purge_networks: "{{ mariadb_container_purge_networks | default(omit, true) }}"
     restart_policy: "{{ mariadb_container_restart_policy }}"
-    state: started
+    state: "{{ mariadb_container_state }}"

roles/postgresql/README.md

@@ -0,0 +1,27 @@
+# `finallycoffee.databases.postgresql` ansible role
+
+PostgreSQL is the self proclaimed "world's most advanced" open source relational
+database. This ansible role can deploy and configure postgresql.
+
+By default, the role configures the remote's effective ansible user with
+peer authentication for the (postgresql) role `postgres` on all databases (with all grants).
+
+## Required configuration
+
+Set `postgresql_superuser_password` to your superusers desired password.
+
+## Optional configuration
+
+Set `postgresql_major_version` to your desired postgresql major version,
+for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6).
+
+This role can be executed multiple times with different
+`postgresql_major_version` values to provide new database versions for up-to-
+date applications and older versions for software which does not yet support
+them. Container name and host mounts encode the major version to prevent
+accidental usage of the 'wrong' `PGDATA` directory.
+
+## Requirements
+
+- `psycopg2` (pip) package
+- `docker` (pip) package

roles/postgresql/defaults/main/config.yml

@@ -0,0 +1,17 @@
+---
+postgresql_config_connect_socket: true
+postgresql_config_unix_socket_directories:
+  - "/var/run/postgresql"
+postgresql_config_listen_addresses:
+  - '*'
+postgresql_config_port: 5432
+
+postgresql_base_config:
+  listen_addresses: "{{ postgresql_config_listen_addresses }}"
+  unix_socket_directories: "{{ postgresql_config_unix_socket_directories }}"
+  port: "{{ postgresql_config_port }}"
+postgresql_merged_config: >-2
+  {{ postgresql_base_config | combine(
+    postgresql_config | default({}, true),
+    recursive=True
+  ) }}

roles/postgresql/defaults/main/container.yml

@@ -0,0 +1,73 @@
+---
+postgresql_container_image_registry: docker.io
+postgresql_container_image_namespace: ~
+postgresql_container_image_name: postgres
+postgresql_container_image_tag: ~
+postgresql_container_image_source: pull
+postgresql_container_image_force_source: >-2
+  {{ postgresql_container_image_tag | default(false, true) | bool }}
+postgresql_container_image: >-2
+  {{
+    ([
+      postgresql_container_image_registry | default([], true),
+      postgresql_container_image_namespace | default([], true),
+      postgresql_container_image_name
+    ] | flatten | join('/'))
+    + ':' + postgresql_container_image_tag | default(
+      postgresql_version + (
+        ((postgresql_container_image_flavour is string)
+          and (postgresql_container_image_flavour | length > 0))
+        | ternary(
+          '_' + postgresql_container_image_flavour | default('', true),
+          '',
+        )
+      ),
+      true
+    )
+  }}
+
+postgresql_container_name: "postgresql-{{ postgresql_major_version }}"
+postgresql_container_env: ~
+postgresql_container_user: >-2
+  {{ postgresql_user_id }}:{{ postgresql_user_group_id }}
+postgresql_container_ports: ~
+postgresql_container_labels: ~
+postgresql_container_networks: ~
+postgresql_container_recreate: ~
+postgresql_container_etc_hosts: ~
+postgresql_container_restart_policy: "on-failure"
+postgresql_container_state: >-2
+  {{ (postgresql_state == 'present') | ternary('started', 'absent') }}
+postgresql_container_volumes: ~
+postgresql_container_unix_socket_path: >-2
+  {{ postgresql_config_unix_socket_directories | first }}
+postgresql_container_base_volumes:
+  - "{{ postgresql_container_passwd_file }}:/etc/passwd:ro"
+  - "{{ postgresql_data_path }}:{{ postgresql_container_data_dir }}:Z"
+postgresql_container_config_volumes:
+  - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro"
+  - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro"
+postgresql_container_unix_socket_volumes:
+  - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
+postgresql_container_initdb_volumes: >-2
+  {{ postgresql_container_base_volumes
+    + postgresql_container_unix_socket_volumes
+    + (postgresql_container_volumes | default([], true)) }}
+postgresql_container_merged_volumes: >-2
+  {{ postgresql_container_base_volumes
+    + postgresql_container_config_volumes
+    + (postgresql_container_unix_socket_volumes if postgresql_config_connect_socket else [])
+    + (postgresql_container_volumes | default([], true)) }}
+postgresql_systemd_tmpfile_socket_correction_unit_name: >-2
+  {{ postgresql_container_unix_socket_path | split('/') | reject('eq', '') | join('-') }}
+
+# (Memory) performance tuning
+postgresql_container_memory: ~
+postgresql_container_memory_reservation: ~
+postgresql_container_shm_size: ~
+postgresql_container_oom_kill: ~
+postgresql_container_oom_score_adj: ~
+postgresql_container_ulimits: ~
+
+postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd"
+postgresql_container_data_dir: "/var/lib/postgresql/data"

roles/postgresql/defaults/main/main.yml

@@ -0,0 +1,33 @@
+---
+postgresql_user: postgresql
+postgresql_version: >-2
+  {{ postgresql_versions[postgresql_major_version | string] }}
+postgresql_major_version: 16
+postgresql_versions:
+  "17": "17.2"
+  "16": "16.6"
+  "15": "15.10"
+  "14": "14.15"
+
+postgresql_config_path: >-2
+  /etc/postgresql/{{ postgresql_major_version }}
+postgresql_data_path: >-2
+  /var/lib/postgresql/{{ postgresql_major_version }}
+postgresql_pg_ident_conf_file: >-2
+  {{ postgresql_config_path }}/pg_ident.conf
+postgresql_pg_hba_conf_file: >-2
+  {{ postgresql_config_path }}/pg_hba.conf
+postgresql_admin_role: "postgres"
+postgresql_admin_role_contype: local
+postgresql_admin_role_method: peer
+postgresql_admin_local_user: >-2
+  {{ ansible_facts['user_id'] }}
+postgresql_admin_role_mapping_name: >-2
+  {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }}
+postgresql_admin_pg_ident_conf: "{{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}"
+postgresql_admin_pg_hba_conf_options: >-2
+  map={{ postgresql_admin_role_mapping_name }}
+postgresql_superuser_password: ~
+
+postgresql_state: present
+postgresql_deployment_method: docker

roles/postgresql/defaults/main/user.yml

@@ -0,0 +1,10 @@
+---
+postgresql_user_system: true
+postgresql_user_create_home: false
+postgresql_user_groups: ~
+postgresql_user_append: ~
+
+postgresql_user_id: >-2
+  {{ postgresql_user_info.uid | default(postgresql_user, true) }}
+postgresql_user_group_id: >-2
+  {{ postgresql_user_info.group | default(postgresql_user, true) }}

roles/postgresql/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+- name: Restart postgresql container '{{ postgresql_container_name }}' (docker)
+  community.docker.docker_container:
+    name: "{{ postgresql_container_name }}"
+    state: "{{ postgresql_container_state }}"
+    restart: true
+    comparisons:
+      '*': "ignore"
+  when:
+    - postgresql_deployment_method == 'docker'
+    - postgresql_container_state not in ['absent', 'stopped']
+  listen: postgresql_restart

roles/postgresql/meta/main.yml

@@ -0,0 +1,12 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: postgresql
+  description: >-2
+    PostgreSQL is the self-proclaimed 'worlds most advanced' open source relational database
+  galaxy_tags:
+    - postgresql
+    - postgres
+    - database
+    - docker

roles/postgresql/tasks/configure.yml

@@ -0,0 +1,60 @@
+---
+- name: Configure postgresql
+  block:
+    - name: Ensure postgresql superuser is set
+      community.postgresql.postgresql_user:
+        name: "{{ postgresql_admin_role }}"
+        password: "{{ postgresql_superuser_password }}"
+        login_host: "{{ postgresql_login_host }}"
+      register: postgresql_superuser_password_result
+      until: "postgresql_superuser_password_result is succeeded"
+      retries: 10
+      delay: 2
+
+    - name: Ensure postgresql configuration is set
+      community.postgresql.postgresql_set:
+        name: "{{ option.key }}"
+        value: "{{ pg_option_value }}"
+        login_host: "{{ postgresql_login_host }}"
+        login_port: "{{ postgresql_config_port }}"
+        login_password: "{{ postgresql_superuser_password }}"
+      loop: "{{ postgresql_merged_config | dict2items }}"
+      loop_control:
+        loop_var: option
+      vars:
+        pg_option_value: >-2
+          {{
+            (option.value | join(' '))
+            if (option.value is iterable
+              and option.value is not string
+              and option.value is not mapping)
+            else option.value
+          }}
+      register: postgresql_config_results
+
+    - name: Ensure postgresql configuration is reloaded
+      community.postgresql.postgresql_query:
+        db: "postgres"
+        query: "SELECT pg_reload_conf();"
+        login_host: "{{ postgresql_login_host }}"
+        login_port: "{{ postgresql_config_port }}"
+        login_password: "{{ postgresql_superuser_password }}"
+
+    - name: Ensure restart handler is fired if required
+      debug:
+        msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}"
+      when: result.changed
+      changed_when: "{{ result.restart_required }}"
+      notify: postgresql_restart
+      loop: "{{ postgresql_config_results.results }}"
+      loop_control:
+        loop_var: result
+        label: "{{ result.option.key }}"
+  when: postgresql_state == 'present'
+  vars:
+    postgresql_login_host: >-2
+      {{
+        (postgresql_config_unix_socket_directories | first)
+        if postgresql_config_connect_socket else 
+        (postgresql_container_info.container.NetworkSettings.IPAddress)
+      }}

roles/postgresql/tasks/deploy-docker.yml

@@ -0,0 +1,95 @@
+---
+- name: Ensure postgresql container image '{{ postgresql_container_image }}' is {{ postgresql_state }}
+  community.docker.docker_image:
+    name: "{{ postgresql_container_image }}"
+    state: "{{ postgresql_state }}"
+    source: "{{ postgresql_container_image_source }}"
+    force_source: "{{ postgresql_container_image_force_source }}"
+  register: postgresql_container_image_info
+  until: postgresql_container_image_info is success
+  retries: 5
+  delay: 4
+
+- name: Ensure /etc/passwd for container is {{ postgresql_state }}
+  ansible.builtin.template:
+    src: "postgresql-passwd.j2"
+    dest: "{{ postgresql_container_passwd_file }}"
+    owner: "{{ postgresql_user_id }}"
+    group: "{{ postgresql_user_group_id }}"
+    mode: "0640"
+  when: postgresql_state == 'present'
+
+- name: Ensure systemd unit to correct path permissions is {{ postgresql_state }}
+  ansible.builtin.copy:
+    dest: "/etc/systemd/system/{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
+    content: |+2
+      [Unit]
+      Description="Ensure permissions on {{ postgresql_container_unix_socket_path }}"
+      After=systemd-tmpfiles-setup.service
+      Before=docker.service
+      
+      [Service]
+      Type=exec
+      RemainAfterExit=yes
+      ExecStart=/bin/bash -c 'mkdir {{ postgresql_container_unix_socket_path }} ||:; chown {{ postgresql_user }}:{{ postgresql_user }} {{ postgresql_container_unix_socket_path }}'
+      
+      [Install]
+      WantedBy=multi-user.target
+  when:
+    - ansible_facts['service_mgr'] == 'systemd'
+    - postgresql_state == 'present'
+  register: postgresql_systemd_tmpfile_correction_unit_info
+
+- name: Ensure systemd is reloaded
+  ansible.builtin.systemd:
+    daemon_reload: true
+  when:
+    - postgresql_systemd_tmpfile_correction_unit_info.changed
+
+- name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
+  ansible.builtin.systemd:
+    name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
+    state: "{{ postgresql_container_state }}"
+  when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
+  ansible.builtin.systemd:
+    name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
+    enabled: "{{ postgresql_state == 'present' }}"
+  when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: Lookup {{ postgresql_data_path }}/global
+  ansible.builtin.stat:
+    path: "{{ postgresql_data_path }}/global"
+    get_checksum: false
+  register: postgresql_global_data_info
+
+- name: Initialize database if empty
+  ansible.builtin.include_tasks:
+    file: "initialize-docker.yml"
+  when:
+    - postgresql_state == 'present'
+    - not postgresql_global_data_info.stat.exists
+    - postgresql_global_data_info.stat.isdir is defined
+    - not postgresql_global_data_info.stat.isdir
+
+- name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }}
+  community.docker.docker_container:
+    name: "{{ postgresql_container_name }}"
+    image: "{{ postgresql_container_image }}"
+    env: "{{ postgresql_container_env | default(omit, true) }}"
+    user: "{{ postgresql_container_user | default(omit, true) }}"
+    ports: "{{ postgresql_container_ports | default(omit, true) }}"
+    labels: "{{ postgresql_container_labels | default(omit, true) }}"
+    volumes: "{{ postgresql_container_merged_volumes }}"
+    recreate: "{{ postgresql_container_recreate | default(omit, true) }}"
+    networks: "{{ postgresql_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}"
+    memory: "{{ postgresql_container_memory | default(omit, true) }}"
+    memory_reservation: "{{ postgresql_container_memory_reservation | default(omit, true) }}"
+    oom_killer: "{{ postgresql_container_oom_killer | default(omit, true) }}"
+    oom_score_adj: "{{ postgresql_container_oom_score_adj | default(omit, true) }}"
+    shm_size: "{{ postgresql_container_shm_size | default(omit, true) }}"
+    ulimits: "{{ postgresql_container_ulimits | default(omit, true) }}"
+    restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}"
+    state: "{{ postgresql_container_state }}"

roles/postgresql/tasks/initialize-docker.yml

@@ -0,0 +1,47 @@
+---
+- name: Ensure container '{{ postgresql_container_name }}' is {{ postgresql_container_state }} to initialise the database
+  community.docker.docker_container:
+    name: "{{ postgresql_container_name }}"
+    image: "{{ postgresql_container_image }}"
+    env: >-2
+      {{ postgresql_container_env | default({}, true)
+         | combine({'POSTGRES_PASSWORD': postgresql_superuser_password}) }}
+    user: "{{ postgresql_container_user | default(omit, true) }}"
+    ports: "{{ postgresql_container_ports | default(omit, true) }}"
+    labels: "{{ postgresql_container_labels | default(omit, true) }}"
+    volumes: "{{ postgresql_container_initdb_volumes }}"
+    recreate: "{{ postgresql_container_recreate | default(omit, true) }}"
+    networks: "{{ postgresql_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}"
+    memory: "{{ postgresql_container_memory | default(omit, true) }}"
+    memory_reservation: "{{ postgresql_container_memory_reservation | default(omit, true) }}"
+    oom_killer: "{{ postgresql_container_oom_killer | default(omit, true) }}"
+    oom_score_adj: "{{ postgresql_container_oom_score_adj | default(omit, true) }}"
+    shm_size: "{{ postgresql_container_shm_size | default(omit, true) }}"
+    ulimits: "{{ postgresql_container_ulimits | default(omit, true) }}"
+    restart_policy: "{{ postgresql_container_restart_policy | default(omit, true) }}"
+    state: "{{ postgresql_container_state }}"
+  register: postgresql_container_info
+
+- name: Wait for container startup
+  block:
+    - name: Wait for container startup (socket)
+      ansible.builtin.wait_for:
+        path: "{{ postgresql_config_unix_socket_directories | first  }}/.s.PGSQL.{{ postgresql_config_port }}"
+      when: "postgresql_config_connect_socket | bool"
+    - name: Wait for container startup (port)
+      ansible.builtin.wait_for:
+        host: >-2
+          {{ (pg_addresses == '*') | ternary(
+                 omit,
+                 postgresql_config_listen_addresses | first
+             ) }}
+        port: "{{ postgresql_config_port }}"
+      when: "not postgresql_config_connect_socket | bool"
+      vars:
+        pg_addresses: "{{ postgresql_config_listen_addresses | join(',') }}"
+
+- name: Ensure init container '{{ postgresql_container_name }}' is removed
+  community.docker.docker_container:
+    name: "{{ postgresql_container_name }}"
+    state: absent

roles/postgresql/tasks/main.yml

@@ -0,0 +1,72 @@
+---
+- name: Ensure state is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Invalid state '{{ postgresql_state }}'! Supported
+      states are {{ postgresql_states | join(', ') }}.
+  when: postgresql_state not in postgresql_states
+
+- name: Ensure deployment method is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported deployment method '{{ postgresql_deployment_method }}!
+      Supported deployment methods are {{ postgresql_deployment_methods | join(', ') }}.
+  when: postgresql_deployment_method not in postgresql_deployment_methods
+
+- name: Ensure postgresql user '{{ postgresql_user }}' is {{ postgresql_state }}
+  ansible.builtin.user:
+    name: "{{ postgresql_user }}"
+    state: "{{ postgresql_state }}"
+    system: "{{ postgresql_user_system | default(omit, true) }}"
+    create_home: "{{ postgresql_user_create_home | default(omit, true) }}"
+    groups: "{{ postgresql_user_groups | default(omit, true) }}"
+    append: "{{ postgresql_user_append | default(omit, true) }}"
+  register: postgresql_user_info
+
+- name: Ensure directories are {{ postgresql_state }}
+  ansible.builtin.file:
+    path: "{{ path.name }}"
+    state: "{{ (postgresql_state == 'present') | ternary('directory', 'absent') }}"
+    owner: "{{ path.owner | default(postgresql_user_id, true) }}"
+    group: "{{ path.group | default(postgresql_user_group_id, true) }}"
+    mode: "{{ path.mode | default('0755', true) }}"
+  loop:
+    - name: "{{ postgresql_config_path }}"
+    - name: "{{ postgresql_data_path }}"
+      mode: "0700"
+  loop_control:
+    loop_var: path
+    label: "{{ path.name }}"
+
+- name: Check for existing PG_VERSION file
+  ansible.builtin.stat:
+    path: "{{ postgresql_data_path }}/PG_VERSION"
+  register: postgresql_data_dir_version_info
+
+- name: Read existing PG_VERSION file
+  ansible.builtin.slurp:
+    path: "{{ postgresql_data_path }}/PG_VERSION"
+  register: postgresql_data_dir_version_content
+  when:
+    - postgresql_data_dir_version_info.stat.exists
+
+- name: Prevent major version changes
+  ansible.builtin.fail:
+    msg: >-2
+      Mismatched postgresql version for the data directory!
+      Aborting...
+  when:
+    - postgresql_data_dir_version_info.stat.exists
+    - "(postgresql_data_dir_version_content.content | b64decode | int) != (postgresql_major_version | int)"
+
+- name: Prepare authentication and authorization for database admin role
+  ansible.builtin.include_tasks:
+    file: "prepare.yml"
+
+- name: Deploy postgresql using {{ postgresql_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ postgresql_deployment_method }}.yml"
+
+- name: Configure postgresql
+  ansible.builtin.include_tasks:
+    file: "configure.yml"

roles/postgresql/tasks/prepare.yml

@@ -0,0 +1,35 @@
+---
+- name: Ensure postgresql config files are {{ postgresql_state }}
+  ansible.builtin.lineinfile:
+    path: "{{ file.name }}"
+    insertafter: "{{ file.insert_after | default(omit) }}"
+    insertbefore: "{{ file.insert_before | default(omit) }}"
+    line: "{{ file.line }}"
+    owner: "{{ postgresql_user_id }}"
+    group: "{{ postgresql_user_group_id }}"
+    create: true
+  loop_control:
+    loop_var: file
+    label: "{{ file.name }}"
+  loop:
+    - name: "{{ postgresql_pg_hba_conf_file }}"
+      insert_before: "BOF"
+      line: "# Ansible managed"
+    - name: "{{ postgresql_pg_ident_conf_file }}"
+      insert_before: "BOF"
+      line: "# Ansible managed"
+    - name: "{{ postgresql_pg_ident_conf_file }}"
+      insert_after: "# Ansible managed"
+      line: "{{ postgresql_admin_pg_ident_conf }}"
+  when: postgresql_state == 'present'
+  notify: postgresql_restart
+
+- name: Configure permissions for postgresql admin role
+  community.postgresql.postgresql_pg_hba:
+    dest: "{{ postgresql_pg_hba_conf_file }}"
+    contype: "{{ postgresql_admin_role_contype }}"
+    users: "{{ postgresql_admin_role }}"
+    method: "{{ postgresql_admin_role_method }}"
+    options: "{{ postgresql_admin_pg_hba_conf_options }}"
+  when: postgresql_state == 'present'
+  notify: postgresql_restart

roles/postgresql/templates/postgresql-passwd.j2

@@ -0,0 +1,19 @@
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
+_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
+nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
+postgres:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash

roles/postgresql/vars/main.yml

@@ -0,0 +1,6 @@
+---
+postgresql_states:
+  - present
+  - absent
+postgresql_deployment_methods:
+  - docker

roles/redis/README.md

@@ -0,0 +1,47 @@
+# `finallycoffee.databases.redis` ansible role
+
+Redis is the self-proclaimed world's fastest data platform for caching,
+vector search and NoSQL databases. Since version 7.2.4, it is no longer
+considered "Free and open source software" (FOSS), with redis switching
+their license to the "Serverside public license" (SSPL).
+
+Setting the `redis_version` to higher than `7.2.4` means you will deploy
+the SSPL-licensed version to redis.
+
+## Configuration
+
+All container-related options to the `docker_container` ansible module
+are available under the `redis_container_*` namespace, for example use
+`redis_container_ports: [ '127.0.0.1:6379:6370/tcp' ]` to map the
+containers port 6379 to the docker host.
+
+Redis-related config options are either available in the `redis_config_*`
+namespace or can be specified by setting them as a dictionary in
+`redis_config`
+
+### Authentication and authorization
+
+Redis ACL can be specified as an array in the `redis_config_user` variable
+ - see [the redis documentation](https://github.com/redis/redis/blob/unstable/redis.conf#L869)
+for the format. Per default, the `default` user is able to connect without
+any password. To require a password and use a different user, override
+the variable, for example `redis_config_user: [ 'username on +@all -DEBUG ~* >secret' ]`.
+
+## Redis on a unix socket
+
+To make redis available on a unix socket, a directory must be supplied in which the
+socket lives:
+```yaml
+redis_container_socket: /var/run/redis.sock
+redis_container_volumes:
+  - "/path/to/socket/on/host/redis.sock:{{ redis_container_socket }}:z"
+redis_config_unixsocket: "{{ redis_container_socket }}"
+```
+
+## Container specific information
+
+Redis publishes their official container image in both a debian-based and an
+alpine-based variant. Which image should be used can be configured in
+`redis_container_image_flavour`, which defaults to `alpine`, which is smaller
+in size but also includes less related / debugging tools. To use the debian-
+based image, unset the flavour using `redis_container_image_flavour: ~`.

roles/redis/defaults/main/config.yml

@@ -0,0 +1,41 @@
+---
+redis_config_bind:
+  - "127.0.0.1"
+  - "-::1"
+redis_config_protected_mode: true
+redis_config_port: 6379
+redis_config_unixsocket: ~
+redis_config_unixsocketperm: '700'
+redis_config_user:
+  - "default on +@all -DEBUG ~* nopass"
+redis_config_databases: 16
+redis_config_supervised: false
+redis_config_daemonize: false
+redis_config_dbfilename: dump.rdb
+redis_config_dir: "{{ redis_data_path }}"
+redis_config_save: "3600 1 300 100 60 10000"
+redis_config_appendfsync: everysec
+
+redis_base_config:
+  bind: "{{ redis_config_bind | join(' ') }}"
+  "protected-mode": "{{ redis_config_protected_mode | bool | ternary('yes', 'no') }}"
+  port: "{{ redis_config_port }}"
+  user: "{{ redis_config_user }}"
+  databases: "{{ redis_config_databases }}"
+  daemonize: "{{ redis_config_daemonize | bool | ternary('yes', 'no') }}"
+  supervised: "{{ redis_config_supervised | bool | ternary('yes', 'no') }}"
+  save: "{{ redis_config_save }}"
+  dbfilename: "{{ redis_config_dbfilename }}"
+  dir: "{{ redis_config_dir }}"
+  appendfsync: "{{ redis_config_appendfsync }}"
+
+redis_config: ~
+redis_merged_config: >-2
+  {{ redis_base_config
+  | combine(({
+      'unixsocket': redis_config_unixsocket,
+      'unixsocketperm': redis_config_unixsocketperm,
+    })
+    if (redis_config_unixsocket | default(false, true)) else {},
+    recursive=True)
+  | combine(redis_config | default({}, true), recursive=True) }}

roles/redis/defaults/main/container.yml

@@ -0,0 +1,49 @@
+---
+redis_container_image_registry: docker.io
+redis_container_image_namespace: ~
+redis_container_image_name: redis
+redis_container_image_tag: ~
+redis_container_image_flavour: alpine
+redis_container_image_source: pull
+redis_container_image_force_source: >-2
+  {{ redis_container_image_tag | default(false, true) | bool }}
+redis_container_image: >-2
+  {{
+    ([
+      redis_container_image_registry | default([], true),
+      redis_container_image_namespace | default([], true),
+      redis_container_image_name,
+    ] | flatten | join('/'))
+    + ':' +
+    (redis_container_image_tag | default(
+      redis_version + (
+        ((redis_container_image_flavour is string)
+            and (redis_container_image_flavour | length > 0))
+        | ternary('-' + (redis_container_image_flavour | default('')), '')
+      ),
+      true,
+    ))
+  }}
+
+redis_container_name: "redis{{ redis_instance_suffix }}"
+redis_container_env: ~
+redis_container_user: >-2
+  {{ redis_run_user_id }}:{{ redis_run_group_id }}
+redis_container_ports: ~
+redis_container_labels: ~
+redis_container_volumes: ~
+redis_container_merged_volumes: >-2
+  {{ redis_container_base_volumes
+  + redis_container_volumes | default([], true) }}
+redis_container_command:
+  - "redis-server"
+  - "{{ redis_config_file }}"
+redis_container_networks: ~
+redis_container_etc_hosts: ~
+redis_container_dns_servers: ~
+redis_container_restart_policy: "unless-stopped"
+redis_container_state: >-2
+  {{ (redis_state == 'present') | ternary('started', 'absent') }}
+redis_container_base_volumes:
+  - "{{ redis_config_file }}:{{ redis_config_file }}:ro"
+  - "{{ redis_data_path }}:{{ redis_data_path }}:rw"

roles/redis/defaults/main/main.yml

@@ -0,0 +1,15 @@
+---
+redis_version: "7.2.4"
+redis_state: "present"
+redis_instance: ~
+redis_instance_suffix: >-2
+  {{ ((redis_instance is string) and (redis_instance | length > 0))
+    | ternary('-' + (redis_instance | default('', true)), '') }}
+redis_user: >-2
+  redis{{ redis_instance_suffix }}
+
+redis_config_path: "/etc/redis"
+redis_config_file: >-2
+  {{ redis_config_path }}/redis{{ redis_instance_suffix }}.conf
+redis_data_path: "/var/lib/redis{{ redis_instance_suffix }}"
+redis_deployment_method: docker

roles/redis/defaults/main/user.yml

@@ -0,0 +1,10 @@
+---
+redis_run_user_id: >-2
+  {{ redis_user_info.uid | default(redis_user, true) }}
+redis_run_group_id: >-2
+  {{ redis_user_info.group | default(redis_user, true) }}
+redis_user_system: true
+redis_user_create_home: false
+redis_user_groups: ~
+redis_user_append_groups: >-2
+  {{ redis_user_groups | default(true, false) | bool }}

roles/redis/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Ensure redis container '{{ redis_container_name }}' is restarted
+  community.docker.docker_container:
+    name: "{{ redis_container_name }}"
+    state: "{{ redis_container_state }}"
+    restart: true
+  listen: redis-restart
+  when:
+    - redis_deployment_method == 'docker'
+    - redis_state == 'present'
+  ignore_errors: "{{ ansible_check_mode }}"

roles/redis/meta/main.yml

@@ -0,0 +1,10 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: redis
+  description: >-2
+    Deploy and configure redis, a fast caching, vector-search and NoSQL database.
+  galaxy_tags:
+    - redis
+    - docker

roles/redis/tasks/deploy-docker.yml

@@ -0,0 +1,27 @@
+---
+- name: Ensure container image '{{ redis_container_image }}' is {{ redis_state }}
+  community.docker.docker_image:
+    name: "{{ redis_container_image }}"
+    state: "{{ redis_state }}"
+    source: "{{ redis_container_image_source }}"
+    force_source: "{{ redis_container_image_force_source }}"
+  register: redis_container_image_info
+  until: redis_container_image_info is success
+  retries: 5
+  delay: 3
+
+- name: Ensure container '{{ redis_container_name }}' is {{ redis_container_state }}
+  community.docker.docker_container:
+    name: "{{ redis_container_name }}"
+    image: "{{ redis_container_image }}"
+    env: "{{ redis_container_env | default(omit, true) }}"
+    user: "{{ redis_container_user }}"
+    ports: "{{ redis_container_ports | default(omit, true) }}"
+    labels: "{{ redis_container_labels | default(omit, true) }}"
+    command: "{{ redis_container_command }}"
+    volumes: "{{ redis_container_merged_volumes }}"
+    networks: "{{ redis_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ redis_container_etc_hosts | default(omit, true) }}"
+    dns_servers: "{{ redis_container_dns_servers | default(omit, true) }}"
+    restart_policy: "{{ redis_container_restart_policy | default(omit, true) }}"
+    state: "{{ redis_container_state }}"

roles/redis/tasks/main.yml

@@ -0,0 +1,68 @@
+---
+- name: Ensure state is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported state '{{ redis_state }}'.
+      Supported states are {{ redis_states | join(', ') }}
+  when: redis_state not in redis_states
+
+- name: Ensure deployment method is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported deployment method '{{ redis_deployment_method }}'!
+      Supported methods are {{ redis_deployment_method | join(', ') }}
+  when: redis_deployment_method not in redis_deployment_methods
+
+- name: Ensure redis user '{{ redis_user }}' is {{ redis_state }}
+  ansible.builtin.user:
+    name: "{{ redis_user }}"
+    state: "{{ redis_state }}"
+    system: "{{ redis_user_system }}"
+    create_home: "{{ redis_user_create_home }}"
+    groups: "{{ redis_user_groups | default(omit, true) }}"
+    append: "{{ redis_user_append_groups | default(omit, true) }}"
+  register: redis_user_info
+
+- name: Ensure redis config file '{{ redis_config_file }}' is {{ redis_state }}
+  ansible.builtin.file:
+    path: "{{ redis_config_file }}"
+    state: "{{ redis_state }}"
+  when: redis_state == 'absent'
+
+- name: Ensure redis host directories are {{ redis_state }}
+  ansible.builtin.file:
+    path: "{{ path.name }}"
+    state: >-2
+      {{ (redis_state == 'present') | ternary('directory', 'absent') }}
+    owner: "{{ path.owner | default(redis_run_user_id) }}"
+    group: "{{ path.group | default(redis_run_group_id) }}"
+    mode: "{{ path.mode | default('0755') }}"
+  loop:
+    - name: "{{ redis_config_path }}"
+    - name: "{{ redis_data_path }}"
+  loop_control:
+    loop_var: "path"
+    label: "{{ path.name }}"
+
+- name: Ensure redis config file '{{ redis_config_file }}' is {{ redis_state }}
+  ansible.builtin.copy:
+    content: |+2
+      {% for tuple in (redis_merged_config | dict2items) %}
+      {% if tuple.value is string  or tuple.value is number %}
+      {{ tuple.key }} {{ tuple.value }}
+      {% else %}
+      {% for value in tuple.value %}
+      {{ tuple.key }} {{ value }}
+      {% endfor %}
+      {% endif %}
+      {% endfor %}
+    dest: "{{ redis_config_file }}"
+    owner: "{{ redis_run_user_id }}"
+    group: "{{ redis_run_group_id }}"
+    mode: "0640"
+  when: redis_state == 'present'
+  notify: redis-restart
+
+- name: Deploy redis using {{ redis_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ redis_deployment_method }}.yml"

roles/redis/vars/main.yml

@@ -0,0 +1,6 @@
+---
+redis_states:
+  - present
+  - absent
+redis_deployment_methods:
+  - docker

roles/valkey/README.md

@@ -0,0 +1,13 @@
+# `finallycoffee.databases.valkey` ansible role
+
+Valkey is an open source (BSD 3 licensed), high-performance in-memory key/value
+data store, ideal for workloads like caching or message queues. It has been
+forked from redis 7.2.4 before redis license was changed to SSPL.
+
+Valkey offers compatibility to redis and can be used as a drop-in replacement
+for redis.
+
+## Configuration
+
+For the configuration, see the [`redis` role configuration](../redis/README.md#configuration),
+and swap the `redis_` prefix of all variables for the `valkey_` prefix.

roles/valkey/defaults/main/config.yml

@@ -0,0 +1,41 @@
+---
+valkey_config_bind:
+  - "127.0.0.1"
+  - "-::1"
+valkey_config_protected_mode: true
+valkey_config_port: 6379
+valkey_config_unixsocket: ~
+valkey_config_unixsocketperm: '700'
+valkey_config_user:
+  - "default on +@all -DEBUG ~* nopass"
+valkey_config_databases: 16
+valkey_config_supervised: false
+valkey_config_daemonize: false
+valkey_config_dbfilename: dump.rdb
+valkey_config_dir: "{{ valkey_data_path }}"
+valkey_config_save: "3600 1 300 100 60 10000"
+valkey_config_appendfsync: everysec
+
+valkey_base_config:
+  bind: "{{ valkey_config_bind | join(' ') }}"
+  "protected-mode": "{{ valkey_config_protected_mode | bool | ternary('yes', 'no') }}"
+  port: "{{ valkey_config_port }}"
+  user: "{{ valkey_config_user }}"
+  databases: "{{ valkey_config_databases }}"
+  daemonize: "{{ valkey_config_daemonize | bool | ternary('yes', 'no') }}"
+  supervised: "{{ valkey_config_supervised | bool | ternary('yes', 'no') }}"
+  save: "{{ valkey_config_save }}"
+  dbfilename: "{{ valkey_config_dbfilename }}"
+  dir: "{{ valkey_config_dir }}"
+  appendfsync: "{{ valkey_config_appendfsync }}"
+
+valkey_config: ~
+valkey_merged_config: >-2
+  {{ valkey_base_config
+  | combine(({
+      'unixsocket': valkey_config_unixsocket,
+      'unixsocketperm': valkey_config_unixsocketperm,
+    })
+    if (valkey_config_unixsocket | default(false, true)) else {},
+    recursive=True)
+  | combine(valkey_config | default({}, true), recursive=True) }}

roles/valkey/defaults/main/container.yml

@@ -0,0 +1,49 @@
+---
+valkey_container_image_registry: docker.io
+valkey_container_image_namespace: valkey
+valkey_container_image_name: valkey
+valkey_container_image_tag: ~
+valkey_container_image_flavour: alpine
+valkey_container_image_source: pull
+valkey_container_image_force_source: >-2
+  {{ valkey_container_image_tag | default(false, true) | bool }}
+valkey_container_image: >-2
+  {{
+    ([
+      valkey_container_image_registry | default([], true),
+      valkey_container_image_namespace | default([], true),
+      valkey_container_image_name,
+    ] | flatten | join('/'))
+    + ':' +
+    (valkey_container_image_tag | default(
+      valkey_version + (
+        ((valkey_container_image_flavour is string)
+            and (valkey_container_image_flavour | length > 0))
+        | ternary('-' + (valkey_container_image_flavour | default('')), '')
+      ),
+      true,
+    ))
+  }}
+
+valkey_container_name: "valkey{{ valkey_instance_suffix }}"
+valkey_container_env: ~
+valkey_container_user: >-2
+  {{ valkey_run_user_id }}:{{ valkey_run_group_id }}
+valkey_container_ports: ~
+valkey_container_labels: ~
+valkey_container_volumes: ~
+valkey_container_merged_volumes: >-2
+  {{ valkey_container_base_volumes
+  + valkey_container_volumes | default([], true) }}
+valkey_container_command:
+  - "valkey-server"
+  - "{{ valkey_config_file }}"
+valkey_container_networks: ~
+valkey_container_etc_hosts: ~
+valkey_container_dns_servers: ~
+valkey_container_restart_policy: "unless-stopped"
+valkey_container_state: >-2
+  {{ (valkey_state == 'present') | ternary('started', 'absent') }}
+valkey_container_base_volumes:
+  - "{{ valkey_config_file }}:{{ valkey_config_file }}:ro"
+  - "{{ valkey_data_path }}:{{ valkey_data_path }}:rw"

roles/valkey/defaults/main/main.yml

@@ -0,0 +1,15 @@
+---
+valkey_version: "8.0.1"
+valkey_state: "present"
+valkey_instance: ~
+valkey_instance_suffix: >-2
+  {{ ((valkey_instance is string) and (valkey_instance | length > 0))
+    | ternary('-' + (valkey_instance | default('', true)), '') }}
+valkey_user: >-2
+  valkey{{ valkey_instance_suffix }}
+
+valkey_config_path: "/etc/valkey"
+valkey_config_file: >-2
+  {{ valkey_config_path }}/valkey{{ valkey_instance_suffix }}.conf
+valkey_data_path: "/var/lib/valkey{{ valkey_instance_suffix }}"
+valkey_deployment_method: docker

roles/valkey/defaults/main/user.yml

@@ -0,0 +1,10 @@
+---
+valkey_run_user_id: >-2
+  {{ valkey_user_info.uid | default(valkey_user, true) }}
+valkey_run_group_id: >-2
+  {{ valkey_user_info.group | default(valkey_user, true) }}
+valkey_user_system: true
+valkey_user_create_home: false
+valkey_user_groups: ~
+valkey_user_append_groups: >-2
+  {{ valkey_user_groups | default(true, false) | bool }}

roles/valkey/handlers/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Ensure valkey container '{{ valkey_container_name }}' is restarted
+  community.docker.docker_container:
+    name: "{{ valkey_container_name }}"
+    state: "{{ valkey_container_state }}"
+    restart: true
+  listen: valkey-restart
+  when:
+    - valkey_deployment_method == 'docker'
+    - valkey_state == 'present'
+  ignore_errors: "{{ ansible_check_mode }}"

roles/valkey/meta/main.yml

@@ -0,0 +1,11 @@
+---
+allow_duplicates: true
+dependencies: []
+galaxy_info:
+  role_name: valkey
+  description: >-2
+    An open source, in-memory datastore under BSD 3 license
+  galaxy_tags:
+    - valkey
+    - redis
+    - docker

roles/valkey/tasks/deploy-docker.yml

@@ -0,0 +1,27 @@
+---
+- name: Ensure container image '{{ valkey_container_image }}' is {{ valkey_state }}
+  community.docker.docker_image:
+    name: "{{ valkey_container_image }}"
+    state: "{{ valkey_state }}"
+    source: "{{ valkey_container_image_source }}"
+    force_source: "{{ valkey_container_image_force_source }}"
+  register: valkey_container_image_info
+  until: valkey_container_image_info is success
+  retries: 5
+  delay: 3
+
+- name: Ensure container '{{ valkey_container_name }}' is {{ valkey_container_state }}
+  community.docker.docker_container:
+    name: "{{ valkey_container_name }}"
+    image: "{{ valkey_container_image }}"
+    env: "{{ valkey_container_env | default(omit, true) }}"
+    user: "{{ valkey_container_user }}"
+    ports: "{{ valkey_container_ports | default(omit, true) }}"
+    labels: "{{ valkey_container_labels | default(omit, true) }}"
+    command: "{{ valkey_container_command }}"
+    volumes: "{{ valkey_container_merged_volumes }}"
+    networks: "{{ valkey_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ valkey_container_etc_hosts | default(omit, true) }}"
+    dns_servers: "{{ valkey_container_dns_servers | default(omit, true) }}"
+    restart_policy: "{{ valkey_container_restart_policy | default(omit, true) }}"
+    state: "{{ valkey_container_state }}"

roles/valkey/tasks/main.yml

@@ -0,0 +1,68 @@
+---
+- name: Ensure state is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported state '{{ valkey_state }}'.
+      Supported states are {{ valkey_states | join(', ') }}
+  when: valkey_state not in valkey_states
+
+- name: Ensure deployment method is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unsupported deployment method '{{ valkey_deployment_method }}'!
+      Supported methods are {{ valkey_deployment_method | join(', ') }}
+  when: valkey_deployment_method not in valkey_deployment_methods
+
+- name: Ensure valkey user '{{ valkey_user }}' is {{ valkey_state }}
+  ansible.builtin.user:
+    name: "{{ valkey_user }}"
+    state: "{{ valkey_state }}"
+    system: "{{ valkey_user_system }}"
+    create_home: "{{ valkey_user_create_home }}"
+    groups: "{{ valkey_user_groups | default(omit, true) }}"
+    append: "{{ valkey_user_append_groups | default(omit, true) }}"
+  register: valkey_user_info
+
+- name: Ensure valkey config file '{{ valkey_config_file }}' is {{ valkey_state }}
+  ansible.builtin.file:
+    path: "{{ valkey_config_file }}"
+    state: "{{ valkey_state }}"
+  when: valkey_state == 'absent'
+
+- name: Ensure valkey host directories are {{ valkey_state }}
+  ansible.builtin.file:
+    path: "{{ path.name }}"
+    state: >-2
+      {{ (valkey_state == 'present') | ternary('directory', 'absent') }}
+    owner: "{{ path.owner | default(valkey_run_user_id) }}"
+    group: "{{ path.group | default(valkey_run_group_id) }}"
+    mode: "{{ path.mode | default('0755') }}"
+  loop:
+    - name: "{{ valkey_config_path }}"
+    - name: "{{ valkey_data_path }}"
+  loop_control:
+    loop_var: "path"
+    label: "{{ path.name }}"
+
+- name: Ensure valkey config file '{{ valkey_config_file }}' is {{ valkey_state }}
+  ansible.builtin.copy:
+    content: |+2
+      {% for tuple in (valkey_merged_config | dict2items) %}
+      {% if tuple.value is string  or tuple.value is number %}
+      {{ tuple.key }} {{ tuple.value }}
+      {% else %}
+      {% for value in tuple.value %}
+      {{ tuple.key }} {{ value }}
+      {% endfor %}
+      {% endif %}
+      {% endfor %}
+    dest: "{{ valkey_config_file }}"
+    owner: "{{ valkey_run_user_id }}"
+    group: "{{ valkey_run_group_id }}"
+    mode: "0640"
+  when: valkey_state == 'present'
+  notify: valkey-restart
+
+- name: Deploy valkey using {{ valkey_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ valkey_deployment_method }}.yml"

roles/valkey/vars/main.yml

@@ -0,0 +1,6 @@
+---
+valkey_states:
+  - present
+  - absent
+valkey_deployment_methods:
+  - docker