- $password_seed = lookup("base_installation::puppet_pass_seed")
-
- ensure_resource("file", "/var/lib/postgres/data/certs", {
- ensure => directory,
- mode => "0700",
- owner => $::profile::postgresql::pg_user,
- group => $::profile::postgresql::pg_user,
- require => File["/var/lib/postgres"],
- })
-
- ensure_resource("file", "/var/lib/postgres/data/certs/cert.pem", {
- source => "file:///etc/letsencrypt/live/$letsencrypt_host/cert.pem",
- mode => "0600",
- links => "follow",
- owner => $::profile::postgresql::pg_user,
- group => $::profile::postgresql::pg_user,
- require => [Letsencrypt::Certonly[$letsencrypt_host], File["/var/lib/postgres/data/certs"]]
- })
-
- ensure_resource("file", "/var/lib/postgres/data/certs/privkey.pem", {
- source => "file:///etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
- mode => "0600",
- links => "follow",
- owner => $::profile::postgresql::pg_user,
- group => $::profile::postgresql::pg_user,
- require => [Letsencrypt::Certonly[$letsencrypt_host], File["/var/lib/postgres/data/certs"]]
- })
-
- ensure_resource("postgresql::server::config_entry", "wal_level", {
- value => "logical",
- })
-
- ensure_resource("postgresql::server::config_entry", "ssl", {
- value => "on",
+ profile::postgresql::ssl { "/var/lib/postgres":
+ cert => "/etc/letsencrypt/live/$letsencrypt_host/cert.pem",
+ key => "/etc/letsencrypt/live/$letsencrypt_host/privkey.pem",