+ file { "/var/lib/postgres/data/certs":
+ ensure => directory,
+ mode => "0700",
+ owner => $::profile::postgresql::pg_user,
+ group => $::profile::postgresql::pg_user,
+ require => File["/var/lib/postgres"],
+ }
+
+ file { "/var/lib/postgres/data/certs/cert.pem":
+ source => "file:///etc/letsencrypt/live/$cf_front_app_host/cert.pem",
+ mode => "0600",
+ links => "follow",
+ owner => $::profile::postgresql::pg_user,
+ group => $::profile::postgresql::pg_user,
+ require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]]
+ }
+
+ file { "/var/lib/postgres/data/certs/privkey.pem":
+ source => "file:///etc/letsencrypt/live/$cf_front_app_host/privkey.pem",
+ mode => "0600",
+ links => "follow",
+ owner => $::profile::postgresql::pg_user,
+ group => $::profile::postgresql::pg_user,
+ require => [Letsencrypt::Certonly[$cf_front_app_host], File["/var/lib/postgres/data/certs"]]
+ }
+
+ postgresql::server::config_entry { "wal_level":
+ value => "logical",
+ }
+
+ postgresql::server::config_entry { "ssl":
+ value => "on",
+ require => Letsencrypt::Certonly[$cf_front_app_host],
+ }
+
+ postgresql::server::config_entry { "ssl_cert_file":
+ value => "/var/lib/postgres/data/certs/cert.pem",
+ require => Letsencrypt::Certonly[$cf_front_app_host],
+ }
+
+ postgresql::server::config_entry { "ssl_key_file":
+ value => "/var/lib/postgres/data/certs/privkey.pem",
+ require => Letsencrypt::Certonly[$cf_front_app_host],
+ }
+