define profile::postgresql::base_pg_hba_rules ( Optional[String] $pg_path = undef, String $pg_user = "postgres", String $pg_group = "postgres", ) { unless empty($pg_path) { concat { "$pg_path/pg_hba.conf": owner => $pg_user, group => $pg_group, mode => '0640', warn => true, require => File[$pg_path], } Postgresql::Server::Pg_hba_rule { target => "$pg_path/pg_hba.conf", postgresql_version => "10", } } postgresql::server::pg_hba_rule { "$title - local access as postgres user": description => 'Allow local access to postgres user', type => 'local', database => 'all', user => $pg_user, auth_method => 'ident', order => "00-01", } postgresql::server::pg_hba_rule { "$title - localhost access as postgres user": description => 'Allow localhost access to postgres user', type => 'host', database => 'all', user => $pg_user, address => "127.0.0.1/32", auth_method => 'md5', order => "00-02", } postgresql::server::pg_hba_rule { "$title - localhost ip6 access as postgres user": description => 'Allow localhost access to postgres user', type => 'host', database => 'all', user => $pg_user, address => "::1/128", auth_method => 'md5', order => "00-03", } postgresql::server::pg_hba_rule { "$title - deny access to postgresql user": description => 'Deny remote access to postgres user', type => 'host', database => 'all', user => $pg_user, address => "0.0.0.0/0", auth_method => 'reject', order => "00-04", } postgresql::server::pg_hba_rule { "$title - local access": description => 'Allow local access with password', type => 'local', database => 'all', user => 'all', auth_method => 'md5', order => "10-01", } postgresql::server::pg_hba_rule { "$title - local access with same name": description => 'Allow local access with same name', type => 'local', database => 'all', user => 'all', auth_method => 'ident', order => "10-02", } }