fix: block

staaldraad · staaldraad · commit ae9ceaefe448 · 2025-12-15T14:29:02.000+01:00
diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml
@@ -175,18 +175,20 @@
         group: 'postgres'
         src: 'files/postgresql_config/conf.d/read_replica.conf'
 
-    - name: Check if psql_version is psql_15
-      set_fact:
-        is_psql_15: "{{ psql_version in ['psql_15'] }}"
-
-    - name: create placeholder pam config
-      file:
-        path: '/etc/pam.d/postgresql'
-        state: touch
-        owner: postgres
-        group: postgres
-        mode: 0664
-      when: not is_psql_15
+    - name: configure pam
+      block:
+        - name: Check if psql_version is psql_15
+          ansible.builtin.set_fact:
+            is_psql_15: "{{ psql_version in ['psql_15'] }}"
+
+        - name: create placeholder pam config
+          file:
+            path: '/etc/pam.d/postgresql'
+            state: touch
+            owner: postgres
+            group: postgres
+            mode: 0664
+          when: not is_psql_15
 
 # Install extensions before init
 - name: Install Postgres extensions
diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml
@@ -155,24 +155,26 @@
         path: '/var/lib/postgresql/.nix-profile/bin/'
       register: 'nix_links'
 
-    - name: Check if psql_version is psql_15
-      set_fact:
-        is_psql_15: "{{ psql_version == 'psql_15' }}"
-
-    - name: Install gatekeeper if not pg15
-      when:
-        - stage2_nix
-        - not is_psql_15
+    - name: setup gatekeeper
       block:
-        - name: Install gatekeeper from nix binary cache
-          become: yes
-          shell: |
-            sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#gatekeeper"
+        - name: Check if psql_version is psql_15
+          ansible.builtin.set_fact:
+            is_psql_15: "{{ psql_version == 'psql_15' }}"
 
-        - name: Create symbolic link for linux-pam to find pam_jit_pg.so
-          become: yes
-          shell: |
-            sudo ln -s /var/lib/postgresql/.nix-profile/lib/security/pam_jit_pg.so $(find /nix/store -type d -path "/nix/store/*-linux-pam-*/lib/security" -print -quit)/pam_jit_pg.so
+        - name: Install gatekeeper if not pg15
+          when:
+            - stage2_nix
+            - not is_psql_15
+          block:
+            - name: Install gatekeeper from nix binary cache
+              become: yes
+              shell: |
+                sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#gatekeeper"
+
+            - name: Create symbolic link for linux-pam to find pam_jit_pg.so
+              become: yes
+              shell: |
+                sudo ln -s /var/lib/postgresql/.nix-profile/lib/security/pam_jit_pg.so $(find /nix/store -type d -path "/nix/store/*-linux-pam-*/lib/security" -print -quit)/pam_jit_pg.so
 
     - name: Create symlinks for Nix files into /usr/lib/postgresql/bin
       ansible.builtin.file:
