feat(postgresql): add ansible role for postgresql deployment

roles/postgresql/defaults/main/container.yml

@@ -39,14 +39,27 @@ postgresql_container_restart_policy: "on-failure"
 postgresql_container_state: >-2
   {{ (postgresql_state == 'present') | ternary('started', 'absent') }}
 postgresql_container_volumes: ~
+postgresql_container_unix_socket_path: >-2
+  {{ postgresql_config_unix_socket_directories | first }}
 postgresql_container_base_volumes:
-  - "{{ postgresql_data_path }}:{{ postgresql_container_data_dir }}:z"
+  - "{{ postgresql_container_passwd_file }}:/etc/passwd:ro"
+  - "{{ postgresql_data_path }}:{{ postgresql_container_data_dir }}:Z"
+postgresql_container_config_volumes:
   - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro"
   - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro"
-  - "{{ postgresql_container_passwd_file }}:/etc/passwd:ro"
+postgresql_container_unix_socket_volumes:
+  - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
+postgresql_container_initdb_volumes: >-2
+  {{ postgresql_container_base_volumes
+    + postgresql_container_unix_socket_volumes
+    + (postgresql_container_volumes | default([], true)) }}
 postgresql_container_merged_volumes: >-2
   {{ postgresql_container_base_volumes
+    + postgresql_container_config_volumes
+    + (postgresql_container_unix_socket_volumes if postgresql_config_connect_socket else [])
     + (postgresql_container_volumes | default([], true)) }}
+postgresql_systemd_tmpfile_socket_correction_unit_name: >-2
+  {{ postgresql_container_unix_socket_path | split('/') | reject('eq', '') | join('-') }}
 
 # (Memory) performance tuning
 postgresql_container_memory: ~

roles/postgresql/tasks/deploy-docker.yml

@@ -19,6 +19,44 @@
     mode: "0640"
   when: postgresql_state == 'present'
 
+- name: Ensure systemd unit to correct path permissions is {{ postgresql_state }}
+  ansible.builtin.copy:
+    dest: "/etc/systemd/system/{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
+    content: |+2
+      [Unit]
+      Description="Ensure permissions on {{ postgresql_container_unix_socket_path }}"
+      After=systemd-tmpfiles-setup.service
+      Before=docker.service
+      
+      [Service]
+      Type=exec
+      RemainAfterExit=yes
+      ExecStart=/bin/bash -c 'mkdir {{ postgresql_container_unix_socket_path }} ||:; chown {{ postgresql_user }}:{{ postgresql_user }} {{ postgresql_container_unix_socket_path }}'
+      
+      [Install]
+      WantedBy=multi-user.target
+  when:
+    - ansible_facts['service_mgr'] == 'systemd'
+    - postgresql_state == 'present'
+
+- name: Ensure systemd is reloaded
+  ansible.builtin.systemd:
+    daemon_reload: true
+  when:
+    - postgresql_systemd_tmpfile_correction_unit.changed
+
+- name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
+  ansible.builtin.systemd:
+    name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
+    state: "{{ postgresql_container_state }}"
+  when: ansible_facts['service_mgr'] == 'systemd'
+
+- name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
+  ansible.builtin.systemd:
+    name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
+    enabled: "{{ postgresql_state == 'present' }}"
+  when: ansible_facts['service_mgr'] == 'systemd'
+
 - name: Initialize database if empty
   ansible.builtin.include_tasks:
     file: "initialize-docker.yml"

roles/postgresql/tasks/initialize-docker.yml

@@ -9,7 +9,7 @@
     user: "{{ postgresql_container_user | default(omit, true) }}"
     ports: "{{ postgresql_container_ports | default(omit, true) }}"
     labels: "{{ postgresql_container_labels | default(omit, true) }}"
-    volumes: "{{ postgresql_container_merged_volumes }}"
+    volumes: "{{ postgresql_container_initdb_volumes }}"
     recreate: "{{ postgresql_container_recreate | default(omit, true) }}"
     networks: "{{ postgresql_container_networks | default(omit, true) }}"
     etc_hosts: "{{ postgresql_container_etc_hosts | default(omit, true) }}"

roles/postgresql/tasks/main.yml

@@ -56,7 +56,7 @@
       Aborting...
   when:
     - postgresql_data_dir_version_info.stat.exists
-    - "(postgresql_data_dir_version_content | b64decode | int) != (postgresql_major_version | int)"
+    - "(postgresql_data_dir_version_content.content | b64decode | int) != (postgresql_major_version | int)"
 
 - name: Prepare authentication and authorization for database admin role
   ansible.builtin.include_tasks: