From b95ae569c7dd7a2e0f12a3805ff16b9c8e8fdeb5 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Mon, 16 Oct 2023 23:39:06 +0200
Subject: [PATCH] Copy letsencrypt certificates to the postgres directory.

---
 server/postgres.yaml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/server/postgres.yaml b/server/postgres.yaml
index bd403f1..23e5340 100644
--- a/server/postgres.yaml
+++ b/server/postgres.yaml
@@ -26,6 +26,26 @@
   with_items:
     - pg_hba.conf
     - postgresql.conf
+- name: Ensure a directory for private files exists
+  file:
+    path: "/etc/postgresql/15/main/private"
+    state: directory
+    mode: "0700"
+    owner: postgres
+    group: postgres
+  become: true
+- name: Copy certificates
+  copy:
+    src: "/etc/letsencrypt/live/postgres/{{ item }}"
+    dest: "/etc/postgresql/15/main/private"
+    mode: "0600"
+    owner: postgres
+    group: postgres
+    remote_src: true
+  become: true
+  with_items:
+    - fullchain.pem
+    - privkey.pem
 - name: Restart postgres
   service:
     name: postgresql
-- 
2.39.5