update(valkey): bump version from 8.1.2

galaxy.yml

@@ -1,12 +1,15 @@
 namespace: finallycoffee
 name: databases
-version: 0.1.1
+version: 0.1.4
 readme: README.md
 authors:
 - transcaffeine <transcaffeine@finally.coffee>
 description: Collection for deploying and configuring databases
 dependencies:
-  "community.docker": "^3.0.0"
+  "community.docker": "^4.0.0"
+  "community.general": "^10.6.0"
+  "community.postgresql": "^3.9.0"
+  "containers.podman": "^1.16.0"
 license_file: LICENSE.md
 build_ignore:
 - '*.tar.gz'

playbooks/postgresql_client.yml

@@ -0,0 +1,24 @@
+---
+- import_playbook: finallycoffee.databases.postgresql_user
+  vars:
+    postgresql_users:
+      - name: "{{ postgresql_client_username }}"
+        password: "{{ postgresql_client_password }}"
+- import_playbook: finallycoffee.databases.postgresql_database
+  vars:
+    postgresql_databases:
+      - name: "{{ postgresql_client_database }}"
+        owner: "{{ postgresql_client_username }}"
+        encoding: "{{ postgresql_client_database_encoding | default('UTF8', true) }}"
+        lc_ctype: "{{ postgresql_client_database_lc_ctype | default('en_US.UTF-8', true) }}"
+        lc_collate: "{{ postgresql_client_database_lc_collate | default('en_US.UTF-8', true) }}"
+- import_playbook: finallycoffee.databases.postgresql_host_based_authentication
+  vars:
+    postgresql_authentications:
+      - users: "{{ postgresql_client_username }}"
+        databases: "{{ postgresql_client_database }}"
+        contype: "{{ postgresql_client_database_contype | default('local') }}"
+        method: "{{ postgresql_client_database_auth_method | default('md5') }}"
+        options: "{{ postgresql_client_options | default(false, true) }}"
+        address: "{{ postgresql_client_address | default(false, true) }}"
+        netmask: "{{ postgresql_client_netmask | default(false, true) }}"

playbooks/postgresql_clients.yml

@@ -0,0 +1,4 @@
+---
+- import_playbook: finallycoffee.databases.postgresql_user
+- import_playbook: finallycoffee.databases.postgresql_database
+- import_playbook: finallycoffee.databases.postgresql_host_based_authentication

playbooks/postgresql_database.yml

@@ -0,0 +1,26 @@
+---
+- name: Configure postgresql databases
+  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
+  become: "{{ postgresql_become | default(false, true) }}"
+  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
+  tasks:
+    - name: Configure individual postgresql database
+      community.postgresql.postgresql_db:
+        name: "{{ postgresql_database.name }}"
+        owner: "{{ postgresql_database.owner | default(omit) }}"
+        state: "{{ postgresql_database_state }}"
+        template: "{{ postgresql_database.template | default(omit, true) }}"
+        encoding: "{{ postgresql_database.encoding | default(omit, true) }}"
+        lc_ctype: "{{ postgresql_database.lc_ctype | default(omit, true) }}"
+        lc_collate: "{{ postgresql_database.lc_collate | default(omit, true) }}"
+        login_host: "{{ postgresql_connection_host | default(omit, true) }}"
+        login_port: "{{ postgresql_connection_port | default(omit, true) }}"
+        login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}"
+        login_user: "{{ postgresql_connection_user | default(omit, true) }}"
+        login_password: "{{ postgresql_connection_password | default(omit, true) }}"
+      vars:
+        postgresql_database_state: "{{ postgresql_database.state | default('present', true) }}"
+      loop: "{{ postgresql_databases | default([]) }}"
+      loop_control:
+        loop_var: postgresql_database
+        label: "{{ postgresql_database.name }}"

playbooks/postgresql_host_based_authentication.yml

@@ -0,0 +1,23 @@
+---
+- name: Configure postgresql host based authentications
+  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
+  become: "{{ postgresql_become | default(false, true) }}"
+  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
+  tasks:
+    - name: Configure individual postgresql host based authentication
+      community.postgresql.postgresql_pg_hba:
+        dest: "{{ postgresql_pg_hba_conf_file }}"
+        users: "{{ postgresql_auth.users | default(omit) }}"
+        databases: "{{ postgresql_auth.databases | default(omit) }}"
+        contype: "{{ postgresql_auth.contype }}"
+        state: "{{ postgresql_auth_state }}"
+        method: "{{ postgresql_auth.method | default(omit, true) }}"
+        options: "{{ postgresql_auth.options | default(omit, true) }}"
+        address: "{{ postgresql_auth.address | default(omit, true) }}"
+        netmask: "{{ postgresql_auth.netmask | default(omit, true) }}"
+      vars:
+        postgresql_auth_state: "{{ postgresql_auth.state | default('present', true) }}"
+      loop: "{{ postgresql_authentications | default([]) }}"
+      loop_control:
+        loop_var: postgresql_auth
+        label: "{{ postgresql_auth.users }}@{{ postgresql_auth.databases }}"

playbooks/postgresql_user.yml

@@ -0,0 +1,24 @@
+---
+- name: Configure postgresql users
+  hosts: "{{ postgresql_hosts | default('postgresql', true) }}"
+  become: "{{ postgresql_become | default(false, true) }}"
+  gather_facts: "{{ postgresql_gather_facts | default(false, true) }}"
+  tasks:
+    - name: Configure individual postgresql user
+      community.postgresql.postgresql_user:
+        name: "{{ postgresql_user.name }}"
+        state: "{{ postgresql_user_state }}"
+        password: "{{ postgresql_user_password }}"
+        login_host: "{{ postgresql_connection_host | default(omit, true) }}"
+        login_port: "{{ postgresql_connection_port | default(omit, true) }}"
+        login_unix_socket: "{{ postgresql_connection_unix_socket | default(omit, true) }}"
+        login_user: "{{ postgresql_connection_user | default(omit, true) }}"
+        login_password: "{{ postgresql_connection_password | default(omit, true) }}"
+      vars:
+        postgresql_user_state: "{{ postgresql_user.state | default('present', true) }}"
+        postgresql_user_password: >-2
+          {{ (postgresql_user_state != 'absent') | ternary(postgresql_user.password, omit) }}
+      loop: "{{ postgresql_users | default([]) }}"
+      loop_control:
+        loop_var: postgresql_user
+        label: "{{ postgresql_user.name }}"

roles/elasticsearch/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
-elasticsearch_version: "8.17.0"
+elasticsearch_version: "9.0.2"
 elasticsearch_state: present
 
 elasticsearch_base_path: /opt/elasticsearch

roles/mariadb/defaults/main.yml

@@ -1,9 +1,10 @@
 ---
-mariadb_version: "10.11.10"
+mariadb_version: "10.11.11"
 mariadb_base_path: /var/lib/mariadb
 mariadb_data_path: >-2
   {{ mariadb_base_path }}/{{ mariadb_version | split('.') | first }}
 mariadb_state: present
+mariadb_deployment_method: docker
 
 mariadb_root_password: ~
 mariadb_database: ~

roles/mariadb/tasks/deploy-docker.yml

@@ -0,0 +1,20 @@
+---
+- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
+  community.docker.docker_image:
+    name: "{{ mariadb_container_image }}"
+    state: "{{ mariadb_state }}"
+    source: "{{ mariadb_container_image_source }}"
+    force_source: "{{ mariadb_container_image_force_source }}"
+
+- name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
+  community.docker.docker_container:
+    name: "{{ mariadb_container_name }}"
+    image: "{{ mariadb_container_image }}"
+    env: "{{ mariadb_container_environment }}"
+    ports: "{{ mariadb_container_ports | default(omit, true) }}"
+    labels: "{{ mariadb_container_labels | default(omit, true) }}"
+    volumes: "{{ mariadb_container_volumes }}"
+    networks: "{{ mariadb_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
+    restart_policy: "{{ mariadb_container_restart_policy }}"
+    state: "{{ mariadb_container_state }}"

roles/mariadb/tasks/deploy-podman.yml

@@ -0,0 +1,20 @@
+---
+- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
+  containers.podman.podman_image:
+    name: "{{ mariadb_container_image }}"
+    state: "{{ mariadb_state }}"
+    pull: "{{ (mariadb_container_image_source == 'pull') | bool }}"
+    force: "{{ mariadb_container_image_force_source }}"
+
+- name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
+  containers.podman.podman_container:
+    name: "{{ mariadb_container_name }}"
+    image: "{{ mariadb_container_image }}"
+    env: "{{ mariadb_container_environment }}"
+    ports: "{{ mariadb_container_ports | default(omit, true) }}"
+    labels: "{{ mariadb_container_labels | default(omit, true) }}"
+    volumes: "{{ mariadb_container_volumes }}"
+    network: "{{ mariadb_container_networks | default(omit, true) }}"
+    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
+    restart_policy: "{{ mariadb_container_restart_policy }}"
+    state: "{{ mariadb_container_state }}"

roles/mariadb/tasks/main.yml

@@ -1,20 +1,19 @@
 ---
-- name: Ensure mariadb container image '{{ mariadb_container_image }}' is {{ mariadb_state }}
-  community.docker.docker_image:
-    name: "{{ mariadb_container_image }}"
-    state: "{{ mariadb_state }}"
-    source: "{{ mariadb_container_image_source }}"
-    force_source: "{{ mariadb_container_image_force_source }}"
+- name: Ensure mariadb state parameter is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unknown state '{{ mariadb_state }}'!
+      Supported states are {{ mariadb_states | join(', ') }}
+  when: mariadb_state not in mariadb_states
+
+- name: Ensure deployment method is valid
+  ansible.builtin.fail:
+    msg: >-2
+      Unknown deployment method '{{ mariadb_deployment_method }}'!
+      Supported deployment methods are {{ mariadb_deployment_methods | join(', ') }}
+  when: mariadb_deployment_method not in mariadb_deployment_methods
+
+- name: Ensure mariadb is deployed using {{ mariadb_deployment_method }}
+  ansible.builtin.include_tasks:
+    file: "deploy-{{ mariadb_deployment_method }}.yml"
 
-- name: Ensure mariadb container '{{ mariadb_container_name }}' is {{ mariadb_container_state }}
-  community.docker.docker_container:
-    name: "{{ mariadb_container_name }}"
-    image: "{{ mariadb_container_image }}"
-    env: "{{ mariadb_container_environment }}"
-    ports: "{{ mariadb_container_ports | default(omit, true) }}"
-    labels: "{{ mariadb_container_labels | default(omit, true) }}"
-    volumes: "{{ mariadb_container_volumes }}"
-    networks: "{{ mariadb_container_networks | default(omit, true) }}"
-    etc_hosts: "{{ mariadb_container_etc_hosts | default(omit, true) }}"
-    restart_policy: "{{ mariadb_container_restart_policy }}"
-    state: "{{ mariadb_container_state }}"

roles/mariadb/vars/main.yml

@@ -1,4 +1,10 @@
 ---
+mariadb_states:
+  - present
+  - absent
+mariadb_deployment_methods:
+  - docker
+  - podman
 
 mariadb_container_database_environment:
   MARIADB_DATABASE: "{{ mariadb_database }}"

roles/postgresql/README.md

@@ -2,3 +2,26 @@
 
 PostgreSQL is the self proclaimed "world's most advanced" open source relational
 database. This ansible role can deploy and configure postgresql.
+
+By default, the role configures the remote's effective ansible user with
+peer authentication for the (postgresql) role `postgres` on all databases (with all grants).
+
+## Required configuration
+
+Set `postgresql_superuser_password` to your superusers desired password.
+
+## Optional configuration
+
+Set `postgresql_major_version` to your desired postgresql major version,
+for supported major versions see [`defaults/main/main.yml`](defaults/main/main.yml#L6).
+
+This role can be executed multiple times with different
+`postgresql_major_version` values to provide new database versions for up-to-
+date applications and older versions for software which does not yet support
+them. Container name and host mounts encode the major version to prevent
+accidental usage of the 'wrong' `PGDATA` directory.
+
+## Requirements
+
+- `psycopg2` (pip) package
+- `docker` (pip) package

roles/postgresql/defaults/main/config.yml

@@ -1,14 +1,15 @@
 ---
 postgresql_config_connect_socket: true
+postgresql_config_unix_socket: "/var/run/postgresql"
 postgresql_config_unix_socket_directories:
-  - "/var/run/postgresql"
+  - "{{ postgresql_config_unix_socket }}"
 postgresql_config_listen_addresses:
   - '*'
 postgresql_config_port: 5432
 
 postgresql_base_config:
   listen_addresses: "{{ postgresql_config_listen_addresses }}"
-  connect_socket: "{{ postgresql_config_connect_socket }}"
+  unix_socket_directories: "{{ postgresql_config_unix_socket_directories }}"
   port: "{{ postgresql_config_port }}"
 postgresql_merged_config: >-2
   {{ postgresql_base_config | combine(

roles/postgresql/defaults/main/container.yml

@@ -18,7 +18,7 @@ postgresql_container_image: >-2
         ((postgresql_container_image_flavour is string)
           and (postgresql_container_image_flavour | length > 0))
         | ternary(
-          '_' + postgresql_container_image_flavour | default('', true),
+          '-' + postgresql_container_image_flavour | default('', true),
           '',
         )
       ),
@@ -48,7 +48,7 @@ postgresql_container_config_volumes:
   - "{{ postgresql_pg_hba_conf_file }}:{{ postgresql_container_data_dir }}/pg_hba.conf:ro"
   - "{{ postgresql_pg_ident_conf_file }}:{{ postgresql_container_data_dir }}/pg_ident.conf:ro"
 postgresql_container_unix_socket_volumes:
-  - "{{ postgresql_container_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
+  - "{{ postgresql_unix_socket_path }}:{{ postgresql_container_unix_socket_path }}:rw,rshared"
 postgresql_container_initdb_volumes: >-2
   {{ postgresql_container_base_volumes
     + postgresql_container_unix_socket_volumes
@@ -69,5 +69,7 @@ postgresql_container_oom_kill: ~
 postgresql_container_oom_score_adj: ~
 postgresql_container_ulimits: ~
 
+postgresql_container_user_name: "postgres"
+postgresql_unix_socket_path: "{{ postgresql_config_unix_socket }}"
 postgresql_container_passwd_file: "{{ postgresql_config_path }}/passwd"
 postgresql_container_data_dir: "/var/lib/postgresql/data"

roles/postgresql/defaults/main/main.yml

@@ -17,15 +17,14 @@ postgresql_pg_ident_conf_file: >-2
   {{ postgresql_config_path }}/pg_ident.conf
 postgresql_pg_hba_conf_file: >-2
   {{ postgresql_config_path }}/pg_hba.conf
-postgresql_admin_role: "{{ postgresql_user }}"
+postgresql_admin_role: "postgres"
 postgresql_admin_role_contype: local
 postgresql_admin_role_method: peer
 postgresql_admin_local_user: >-2
   {{ ansible_facts['user_id'] }}
 postgresql_admin_role_mapping_name: >-2
   {{ postgresql_admin_local_user }}_{{ postgresql_admin_role }}
-postgresql_admin_pg_ident_conf: >-2
-  {{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}
+postgresql_admin_pg_ident_conf: "{{ postgresql_admin_role_mapping_name }}\t{{ postgresql_admin_local_user }}\t{{ postgresql_admin_role }}"
 postgresql_admin_pg_hba_conf_options: >-2
   map={{ postgresql_admin_role_mapping_name }}
 postgresql_superuser_password: ~

roles/postgresql/tasks/configure.yml

@@ -1,49 +1,66 @@
 ---
-- name: Ensure postgresql superuser is set
-  community.postgresql.postgresql_user:
-    name: "{{ postgresql_admin_role }}"
-    password: "{{ postgresql_superuser_password }}"
-    login_host: >-2
+- name: Configure postgresql
+  block:
+    - name: Ensure postgresql superuser is set
+      community.postgresql.postgresql_user:
+        name: "{{ postgresql_admin_role }}"
+        password: "{{ postgresql_superuser_password }}"
+        login_host: "{{ postgresql_login_host }}"
+      register: postgresql_superuser_password_result
+      until: "postgresql_superuser_password_result is succeeded"
+      retries: 10
+      delay: 2
+
+    - name: Ensure postgresql configuration is set
+      community.postgresql.postgresql_set:
+        name: "{{ option.key }}"
+        value: "{{ pg_option_value }}"
+        login_host: "{{ postgresql_login_host }}"
+        login_port: "{{ postgresql_config_port }}"
+        login_password: "{{ postgresql_superuser_password }}"
+      loop: "{{ postgresql_merged_config | dict2items }}"
+      loop_control:
+        loop_var: option
+      vars:
+        pg_option_value: >-2
+          {{
+            (option.value | join(' '))
+            if (option.value is iterable
+              and option.value is not string
+              and option.value is not mapping)
+            else option.value
+          }}
+      register: postgresql_config_results
+
+    - name: Ensure postgresql configuration is reloaded
+      community.postgresql.postgresql_query:
+        db: "postgres"
+        query: "SELECT pg_reload_conf();"
+        login_host: "{{ postgresql_login_host }}"
+        login_port: "{{ postgresql_config_port }}"
+        login_password: "{{ postgresql_superuser_password }}"
+
+    - name: Ensure restart handler is fired if required
+      debug:
+        msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}"
+      when: result.changed
+      changed_when: "{{ result.restart_required }}"
+      notify: postgresql_restart
+      loop: "{{ postgresql_config_results.results }}"
+      loop_control:
+        loop_var: result
+        label: "{{ result.option.key }}"
+  when: postgresql_state == 'present'
+  vars:
+    postgresql_login_host: >-2
       {{
-        (postgresql_config_unix_socket_directories | first)
+        (
+          (postgresql_deployment_method in ['docker'])
+          | ternary(
+            postgresql_unix_socket_path,
+            (postgresql_config_unix_socket_directories | first)
+          )
+        )
         if postgresql_config_connect_socket else 
         (postgresql_container_info.container.NetworkSettings.IPAddress)
       }}
-  register: postgresql_superuser_password_result
-  until: "postgresql_superuser_password_result is succeeded"
-  retries: 10
-  delay: 2
-
-- name: Ensure postgresql configuration is set
-  community.postgresql.postgresql_set:
-    name: "{{ option.key }}"
-    value: "{{ option.value }}"
-    login_host: >-2
-      {{
-        (postgresql_config_unix_socket_directories | first)
-        if postgresql_config_connect_socket else 
-        (postgresql_container_info.container.NetworkSettings.IPAddress)
-      }}
-    login_port: "{{ postgresql_config_port }}"
-    login_password: #TODO
-  loop: "{{ postgresql_merged_options | dict2items }}"
-  loop_control:
-    loop_var: option
-
-- name: Ensure postgresql configuration is reloaded
-  community.postgresql.postgresql_query:
-    query: "SELECT pg_reload_conf();"
-    login_host: #TODO
-    login_port: #TODO
-    login_password: #TODO
-
-- name: Ensure restart handler is fired if required
-  debug:
-    msg: "{{ result.option.key }} changed! Restart required: {{ result.restart_required }}"
-  when: result.changed
-  changed_when: "{{ result.restart_required }}"
-  notify: postgresql_restart
-  loop: "{{ postgresql_config_results }}"
-  loop_control:
-    loop_var: result
-    label: "{{ result.option.name }}"

roles/postgresql/tasks/deploy-docker.yml

@@ -38,31 +38,42 @@
   when:
     - ansible_facts['service_mgr'] == 'systemd'
     - postgresql_state == 'present'
+  register: postgresql_systemd_tmpfile_correction_unit_info
 
 - name: Ensure systemd is reloaded
   ansible.builtin.systemd:
     daemon_reload: true
   when:
-    - postgresql_systemd_tmpfile_correction_unit.changed
+    - postgresql_systemd_tmpfile_correction_unit_info.changed
 
 - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
   ansible.builtin.systemd:
     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
     state: "{{ postgresql_container_state }}"
   when: ansible_facts['service_mgr'] == 'systemd'
+  ignore_errors: "{{ ansible_check_mode }}"
 
 - name: Ensure systemd unit {{ postgresql_systemd_tmpfile_socket_correction_unit_name }} is {{ postgresql_container_state }}
   ansible.builtin.systemd:
     name: "{{ postgresql_systemd_tmpfile_socket_correction_unit_name }}.service"
     enabled: "{{ postgresql_state == 'present' }}"
   when: ansible_facts['service_mgr'] == 'systemd'
+  ignore_errors: "{{ ansible_check_mode }}"
+
+- name: Lookup {{ postgresql_data_path }}/global
+  ansible.builtin.stat:
+    path: "{{ postgresql_data_path }}/global"
+    get_checksum: false
+  register: postgresql_global_data_info
 
 - name: Initialize database if empty
   ansible.builtin.include_tasks:
     file: "initialize-docker.yml"
   when:
     - postgresql_state == 'present'
-    # TODO: determine if initialization is needed
+    - not postgresql_global_data_info.stat.exists
+    - postgresql_global_data_info.stat.isdir is defined
+    - not postgresql_global_data_info.stat.isdir
 
 - name: Ensure postgresql container '{{ postgresql_container_name }}' is {{ postgresql_container_state }}
   community.docker.docker_container:

roles/postgresql/tasks/initialize-docker.yml

@@ -27,7 +27,7 @@
   block:
     - name: Wait for container startup (socket)
       ansible.builtin.wait_for:
-        path: "{{ postgresql_config_unix_socket_directories | first  }}.s.PGSQL.{{ postgresql_config_port }}"
+        path: "{{ postgresql_config_unix_socket_directories | first  }}/.s.PGSQL.{{ postgresql_config_port }}"
       when: "postgresql_config_connect_socket | bool"
     - name: Wait for container startup (port)
       ansible.builtin.wait_for:
@@ -45,4 +45,3 @@
   community.docker.docker_container:
     name: "{{ postgresql_container_name }}"
     state: absent
-

roles/postgresql/tasks/main.yml

@@ -33,6 +33,7 @@
   loop:
     - name: "{{ postgresql_config_path }}"
     - name: "{{ postgresql_data_path }}"
+      mode: "0700"
   loop_control:
     loop_var: path
     label: "{{ path.name }}"
@@ -65,3 +66,7 @@
 - name: Deploy postgresql using {{ postgresql_deployment_method }}
   ansible.builtin.include_tasks:
     file: "deploy-{{ postgresql_deployment_method }}.yml"
+
+- name: Configure postgresql
+  ansible.builtin.include_tasks:
+    file: "configure.yml"

roles/postgresql/tasks/prepare.yml

@@ -20,8 +20,9 @@
       line: "# Ansible managed"
     - name: "{{ postgresql_pg_ident_conf_file }}"
       insert_after: "# Ansible managed"
-      line: "{{ ansible_user }}_{{ postgresql_admin_role }}\t{{ ansible_user }}\t{{ postgresql_admin_role }}"
+      line: "{{ postgresql_admin_pg_ident_conf }}"
   when: postgresql_state == 'present'
+  notify: postgresql_restart
 
 - name: Configure permissions for postgresql admin role
   community.postgresql.postgresql_pg_hba:
@@ -29,5 +30,6 @@
     contype: "{{ postgresql_admin_role_contype }}"
     users: "{{ postgresql_admin_role }}"
     method: "{{ postgresql_admin_role_method }}"
-    options: "map={{ ansible_user }}_{{ postgresql_admin_role }}"
+    options: "{{ postgresql_admin_pg_hba_conf_options }}"
   when: postgresql_state == 'present'
+  notify: postgresql_restart

roles/postgresql/templates/postgresql-passwd.j2

@@ -16,4 +16,4 @@ list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
 irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
 _apt:x:42:65534::/nonexistent:/usr/sbin/nologin
 nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
-postgres:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash
+{{ postgresql_container_user_name }}:x:{{ postgresql_user_id }}:{{ postgresql_user_group_id }}::/var/lib/postgresql:/bin/bash

roles/valkey/defaults/main/main.yml

@@ -1,5 +1,5 @@
 ---
-valkey_version: "8.0.1"
+valkey_version: "8.1.2"
 valkey_state: "present"
 valkey_instance: ~
 valkey_instance_suffix: >-2
@@ -9,6 +9,8 @@ valkey_user: >-2
   valkey{{ valkey_instance_suffix }}
 
 valkey_config_path: "/etc/valkey"
+valkey_config_path_owner: "root"
+valkey_config_path_group: "root"
 valkey_config_file: >-2
   {{ valkey_config_path }}/valkey{{ valkey_instance_suffix }}.conf
 valkey_data_path: "/var/lib/valkey{{ valkey_instance_suffix }}"

roles/valkey/tasks/main.yml

@@ -39,6 +39,8 @@
     mode: "{{ path.mode | default('0755') }}"
   loop:
     - name: "{{ valkey_config_path }}"
+      owner: "{{ valkey_config_path_owner }}"
+      group: "{{ valkey_config_path_group }}"
     - name: "{{ valkey_data_path }}"
   loop_control:
     loop_var: "path"