eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/ansible/roles/postgresql
History
Erich Blume b7ccca87f3 Secure password management via 1Password CLI in ansible 
- All passwords fetched from 1Password at runtime using `op` CLI
- pg_hba.conf uses scram-sha-256 everywhere (no trust mode)
- initdb uses --pwfile for secure superuser password bootstrap
- All password-handling tasks use no_log: true
- Add borgmatic user with pg_read_all_data for backup dumps
- Remove pg-setup mise task (no longer needed)
- Miniflux fetches password directly from 1Password

Requires: `op signin` before running ansible

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-16 08:06:29 -08:00
..
defaults Secure password management via 1Password CLI in ansible 2026-01-16 08:06:29 -08:00
handlers Add PostgreSQL and Miniflux services to tailnet 2026-01-16 07:26:59 -08:00
tasks Secure password management via 1Password CLI in ansible 2026-01-16 08:06:29 -08:00
templates Secure password management via 1Password CLI in ansible 2026-01-16 08:06:29 -08:00