pgadmin4: Add role to install and configure pgadmin4

roles/pgadmin4/defaults/main.yml

@@ -0,0 +1,10 @@
+---
+
+pgadmin4_user: pgadmin4
+pgadmin4_db_database: pgadmin4
+pgadmin4_db_user: pgadmin4
+pgadmin4_db_password: xxxxx
+pgadmin4_conf_dir: /etc/pgadmin
+
+pgadmin4_initial_user_email: admin@admin.com
+pgadmin4_initial_user_password: admin42

roles/pgadmin4/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Restart pgadmin4
+  ansible.builtin.service:
+    name: pgadmin4
+    state: restarted

roles/pgadmin4/meta/main.yml

@@ -0,0 +1,11 @@
+---
+
+galaxy_info:
+  author: Thomas Basler
+  description: Install PgAdmin4
+  license: None
+  platforms:
+    - name: Debian
+  min_ansible_version: "2.4"
+
+dependencies: []

roles/pgadmin4/tasks/main.yml

@@ -0,0 +1,119 @@
+---
+
+- name: PgAdmin 4 | add GPG signing key
+  become: true
+  ansible.builtin.apt_key:
+    url: "https://www.pgadmin.org/static/packages_pgadmin_org.pub"
+    state: present
+    validate_certs: true
+  tags: install
+
+- name: PgAdmin 4 | add official repository
+  become: true
+  ansible.builtin.apt_repository:
+    repo: "deb https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt/bookworm pgadmin4 main"
+    state: present
+    filename: pgadmin4
+    update_cache: true
+  tags: install
+
+- name: PgAdmin 4 | establish dependencies
+  become: true
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+  tags: install
+  loop: ["pgadmin4-server", "uwsgi-core", "uwsgi-plugin-python3", "python3-pexpect"]
+
+- name: PgAdmin 4 | Configure PostgreSQL database
+  community.general.postgresql_db:
+    name: "{{ pgadmin4_db_database }}"
+    template: template0
+    encoding: utf8
+  become: true
+  become_user: postgres
+  register: pgadmin4_db
+
+- name: PgAdmin 4 | Configure PostgreSQL user
+  community.general.postgresql_user:
+    db: "{{ pgadmin4_db_database }}"
+    name: "{{ pgadmin4_db_user }}"
+    password: "{{ pgadmin4_db_password }}"
+  become: true
+  become_user: postgres
+
+- name: PgAdmin 4 | Configure PostgreSQL user privileges
+  community.postgresql.postgresql_privs:
+    database: "{{ pgadmin4_db_database }}"
+    state: present
+    privs: ALL
+    type: database
+    role: "{{ pgadmin4_db_user }}"
+  become: true
+  become_user: postgres
+
+- name: PgAdmin 4 | GRANT ALL PRIVILEGES ON SCHEMA public TO {{ pgadmin4_db_user }}
+  community.postgresql.postgresql_privs:
+    db: "{{ pgadmin4_db_database }}"
+    privs: ALL
+    type: schema
+    objs: public
+    role: "{{ pgadmin4_db_user }}"
+  become: true
+  become_user: postgres
+
+- name: Create user
+  ansible.builtin.user:
+    name: "{{ pgadmin4_user }}"
+    comment: "pgAdmin 4"
+    createhome: false
+    system: true
+    shell: "/sbin/nologin"
+
+- name: PgAdmin 4 | create config directory
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: "02775"
+    owner: "root"
+    group: "root"
+  with_items:
+    - "{{ pgadmin4_conf_dir }}"
+
+- name: PgAdmin 4 | install config file
+  ansible.builtin.template:
+    src: config_system.py.j2
+    dest: "{{ pgadmin4_conf_dir }}/config_system.py"
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Restart pgadmin4
+
+- name: PgAdmin 4 | install systemd unit file
+  ansible.builtin.template:
+    src: pgadmin4.service.j2
+    dest: "/etc/systemd/system/pgadmin4.service"
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Restart pgadmin4
+
+- name: PgAdmin 4 | enable service
+  ansible.builtin.service:
+    name: pgadmin4
+    enabled: true
+
+- name: PgAdmin 4 | setup pgadmin # noqa: no-handler
+  ansible.builtin.expect:
+    command: /bin/bash -c "/usr/pgadmin4/venv/bin/python3 /usr/pgadmin4/web/setup.py setup-db"
+    chdir: /usr/pgadmin4/web/
+    echo: true
+    timeout: 300
+    responses:
+      'Email\ address:': "{{ pgadmin4_initial_user_email | trim }}"
+      'Password:': "{{ pgadmin4_initial_user_password | trim }}"
+      'Retype\ password:': "{{ pgadmin4_initial_user_password | trim }}"
+      'Do\ you\ wish\ to\ continue\ \(y/n\)\?': "y"
+      'Would\ you\ like\ to\ continue\ \(y/n\)\?': "y"
+  when: pgadmin4_db.changed
+  notify: Restart pgadmin4

roles/pgadmin4/templates/config_system.py.j2

@@ -0,0 +1,4 @@
+LOG_FILE = '/var/log/pgadmin/pgadmin4.log'
+CONFIG_DATABASE_URI = 'postgresql://{{ pgadmin4_db_user }}:{{ pgadmin4_db_password }}@localhost:5432/{{ pgadmin4_db_database }}'
+SESSION_DB_PATH = '/var/lib/pgadmin/sessions'
+STORAGE_DIR = '/var/lib/pgadmin/storage'

roles/pgadmin4/templates/pgadmin4.service.j2

@@ -0,0 +1,29 @@
+[Unit]
+Description = PgAdmin4 uwsgi Service
+After = network.target network-online.target
+Wants = network-online.target
+
+[Service]
+User={{ pgadmin4_user }}
+StateDirectory=pgadmin
+RuntimeDirectory=pgadmin4
+LogsDirectory=pgadmin
+ExecStart=uwsgi \
+      --socket /run/pgadmin4/pgadmin4.sock --chmod-socket=666 \
+      --plugin python3 \
+      -H /usr/pgadmin4/venv \
+      --processes 1 \
+      --threads 25 \
+      --chdir /usr/pgadmin4/web/ \
+      --manage-script-name \
+      --mount /pgadmin4=pgAdmin4:app
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStop=/bin/kill -INT $MAINPID
+Restart=always
+Type=notify
+StandardError=syslog
+NotifyAccess=all
+KillSignal=SIGQUIT
+
+[Install]
+WantedBy = multi-user.target