X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprofile%2Fmanifests%2Fpostgresql.pp;h=2cd1bcc652052beaf6e3e2fa121b50acd45a3c62;hb=98311fc2ea91cc2a5f00e9fa85a30f50fde77e79;hp=50e510e3950c68bfa71efcb3064ac950ec3e3e15;hpb=ee0a29d96bbc401d97819e5723a083d33c32bb17;p=perso%2FImmae%2FProjets%2FPuppet.git

diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
index 50e510e..2cd1bcc 100644
--- a/modules/profile/manifests/postgresql.pp
+++ b/modules/profile/manifests/postgresql.pp
@@ -1,5 +1,5 @@
 class profile::postgresql {
-  $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
+  $password_seed = lookup("base_installation::puppet_pass_seed")
 
   class { '::postgresql::globals':
     encoding             => 'UTF-8',
@@ -22,7 +22,8 @@ class profile::postgresql {
   }
 
   class { '::postgresql::server':
-    postgres_password => generate_password(24, $password_seed, "postgres")
+    postgres_password => generate_password(24, $password_seed, "postgres"),
+    listen_addresses  => "*",
   }
 
   postgresql::server::pg_hba_rule { 'local access as postgres user':
@@ -31,7 +32,25 @@ class profile::postgresql {
     database    => 'all',
     user        => $pg_user,
     auth_method => 'ident',
-    order       => "a1",
+    order       => "00-01",
+  }
+  postgresql::server::pg_hba_rule { 'localhost access as postgres user':
+    description => 'Allow localhost access to postgres user',
+    type        => 'host',
+    database    => 'all',
+    user        => $pg_user,
+    address     => "127.0.0.1/32",
+    auth_method => 'md5',
+    order       => "00-02",
+  }
+  postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
+    description => 'Allow localhost access to postgres user',
+    type        => 'host',
+    database    => 'all',
+    user        => $pg_user,
+    address     => "::1/128",
+    auth_method => 'md5',
+    order       => "00-03",
   }
   postgresql::server::pg_hba_rule { 'deny access to postgresql user':
     description => 'Deny remote access to postgres user',
@@ -40,7 +59,7 @@ class profile::postgresql {
     user        => $pg_user,
     address     => "0.0.0.0/0",
     auth_method => 'reject',
-    order       => "a2",
+    order       => "00-04",
   }
 
   postgresql::server::pg_hba_rule { 'local access':
@@ -49,7 +68,7 @@ class profile::postgresql {
     database    => 'all',
     user        => 'all',
     auth_method => 'md5',
-    order       => "b1",
+    order       => "10-01",
   }
 
   postgresql::server::pg_hba_rule { 'local access with same name':
@@ -58,7 +77,7 @@ class profile::postgresql {
     database    => 'all',
     user        => 'all',
     auth_method => 'ident',
-    order       => "b2",
+    order       => "10-02",
   }
 
 }