chore: write version file pam_jit_pg (#2024)

* chore: write version file pam_jit_pg

Write a version file for pam_jit_pg so that salt doesn't try overwrite
when applying to an image that already has the library installed.
Salt knows to check the version and only update if salt specifies a
different version should be used.

* chore: dynamic get installed gk version

Author: staaldraad

ansible/tasks/stage2-setup-postgres.yml

@@ -5,7 +5,7 @@
         is_psql_oriole: "{{ psql_version in ['psql_orioledb-17'] }}"
         is_psql_17: "{{ psql_version in ['psql_17'] }}"
         is_psql_15: "{{ psql_version in ['psql_15'] }}"
-    
+
     - name: Execute tasks when (is_psql_oriole or is_psql_17) and stage2_nix
       become: true
       when:
@@ -83,7 +83,7 @@
             state: present
           when: is_psql_oriole and stage2_nix
           become: yes
-    
+
         - name: Add ORIOLEDB_ENABLED environment variable
           ansible.builtin.lineinfile:
             line: 'ORIOLEDB_ENABLED=true'
@@ -176,6 +176,18 @@
               shell: |
                 sudo ln -s /var/lib/postgresql/.nix-profile/lib/security/pam_jit_pg.so $(find /nix/store -type d -path "/nix/store/*-linux-pam-*/lib/security" -print -quit)/pam_jit_pg.so
 
+            - name: Get gatekeeper version
+              ansible.builtin.shell: |
+                sudo -u postgres bash -c "/nix/var/nix/profiles/default/bin/nix-store -q --requisites ~/.nix-profile | awk -F- '/gatekeeper/{print \$NF}'"
+              register: gatekeeper_version
+
+            - name: Write version file
+              ansible.builtin.copy:
+                dest: "/root/pam_jit_pg-version"
+                group: "root"
+                owner: "root"
+                content: "{{ gatekeeper_version.stdout }}"
+
     - name: Create symlinks for Nix files into /usr/lib/postgresql/bin
       ansible.builtin.file:
         group: 'postgres'