postgres: Install SSL certs before starting postgres

Signed-off-by: Florian Pritz <bluewind@xinu.at>

roles/postgres/tasks/main.yml

@@ -22,19 +22,6 @@
   notify:
     - restart postgres
 
-- name: start and enable postgres
-  service: name=postgresql enabled=yes state=started
-
-- name: set postgres user password
-  postgresql_user: name=postgres password={{ vault_postgres_users.postgres }} encrypted=yes
-  become: yes
-  become_user: postgres
-  become_method: su
-
-- name: install postgres cert renewal hook
-  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postgres owner=root group=root mode=0755
-  when: postgres_ssl == 'on'
-
 - name: install postgres certificate
   copy: src=/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem dest={{ postgres_ssl_cert_file }}
         remote_src=true owner=postgres group=postgres mode=0400
@@ -50,6 +37,19 @@
         remote_src=true owner=postgres group=postgres mode=0400
   when: postgres_ssl == 'on'
 
+- name: start and enable postgres
+  service: name=postgresql enabled=yes state=started
+
+- name: set postgres user password
+  postgresql_user: name=postgres password={{ vault_postgres_users.postgres }} encrypted=yes
+  become: yes
+  become_user: postgres
+  become_method: su
+
+- name: install postgres cert renewal hook
+  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/postgres owner=root group=root mode=0755
+  when: postgres_ssl == 'on'
+
 - name: open firewall holes to known postgresql ipv4 clients
   firewalld: permanent=true state=enabled immediate=yes
     rich_rule="rule family=ipv4 source address={{item}} port protocol=tcp port=5432 accept"