class profile::postgresql { $password_seed = lookup("base_installation::puppet_pass_seed") class { '::postgresql::globals': encoding => 'UTF-8', locale => 'en_US.UTF-8', pg_hba_conf_defaults => false, } # FIXME: get it from the postgresql module? $pg_user = "postgres" class { '::postgresql::client': } # FIXME: postgresql module is buggy and doesn't create dir? file { "/var/lib/postgres": ensure => directory, owner => $pg_user, group => $pg_user, before => File["/var/lib/postgres/data"], require => Package["postgresql-server"], } class { '::postgresql::server': postgres_password => generate_password(24, $password_seed, "postgres"), listen_addresses => "*", } postgresql::server::pg_hba_rule { 'local access as postgres user': description => 'Allow local access to postgres user', type => 'local', database => 'all', user => $pg_user, auth_method => 'ident', order => "00-01", } postgresql::server::pg_hba_rule { 'localhost access as postgres user': description => 'Allow localhost access to postgres user', type => 'host', database => 'all', user => $pg_user, address => "127.0.0.1/32", auth_method => 'md5', order => "00-02", } postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': description => 'Allow localhost access to postgres user', type => 'host', database => 'all', user => $pg_user, address => "::1/128", auth_method => 'md5', order => "00-03", } postgresql::server::pg_hba_rule { 'deny access to postgresql user': description => 'Deny remote access to postgres user', type => 'host', database => 'all', user => $pg_user, address => "0.0.0.0/0", auth_method => 'reject', order => "00-04", } postgresql::server::pg_hba_rule { 'local access': description => 'Allow local access with password', type => 'local', database => 'all', user => 'all', auth_method => 'md5', order => "10-01", } postgresql::server::pg_hba_rule { 'local access with same name': description => 'Allow local access with same name', type => 'local', database => 'all', user => 'all', auth_method => 'ident', order => "10-02", } }