[submodule "modules/pacman"]
path = modules/pacman
url = git://git.immae.eu/github/aboe76/puppet-pacman
+[submodule "modules/postgresql"]
+ path = modules/postgresql
+ url = git://git.immae.eu/github/puppetlabs/puppetlabs-postgresql.git
[submodule "python/ovh"]
path = python/ovh
url = git://git.immae.eu/github/ovh/python-ovh
--- /dev/null
+class profile::postgresql {
+ $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
+
+ class { '::postgresql::globals':
+ encoding => 'UTF-8',
+ locale => 'en_US.UTF-8',
+ pg_hba_conf_defaults => false,
+ }
+
+ # FIXME: get it from the postgresql module?
+ $pg_user = "postgres"
+
+ class { '::postgresql::client': }
+
+ # FIXME: postgresql module is buggy and doesn't create dir?
+ file { "/var/lib/postgres":
+ ensure => directory,
+ owner => $pg_user,
+ group => $pg_user,
+ before => File["/var/lib/postgres/data"],
+ require => Package["postgresql-server"],
+ }
+
+ class { '::postgresql::server':
+ postgres_password => generate_password(24, $password_seed, "postgres")
+ }
+
+ postgresql::server::pg_hba_rule { 'local access as postgres user':
+ description => 'Allow local access to postgres user',
+ type => 'local',
+ database => 'all',
+ user => $pg_user,
+ auth_method => 'ident',
+ order => "a1",
+ }
+ postgresql::server::pg_hba_rule { 'deny access to postgresql user':
+ description => 'Deny remote access to postgres user',
+ type => 'host',
+ database => 'all',
+ user => $pg_user,
+ address => "0.0.0.0/0",
+ auth_method => 'reject',
+ order => "a2",
+ }
+
+ postgresql::server::pg_hba_rule { 'local access':
+ description => 'Allow local access with password',
+ type => 'local',
+ database => 'all',
+ user => 'all',
+ auth_method => 'md5',
+ order => "b1",
+ }
+
+ postgresql::server::pg_hba_rule { 'local access with same name':
+ description => 'Allow local access with same name',
+ type => 'local',
+ database => 'all',
+ user => 'all',
+ auth_method => 'ident',
+ order => "b2",
+ }
+
+}
+
--- /dev/null
+class role::cryptoportfolio {
+ include "base_installation"
+
+ include "profile::postgresql"
+
+ $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
+
+ postgresql::server::db { 'cryptoportfolio':
+ user => 'cryptoportfolio',
+ password => postgresql_password('cryptoportfolio', generate_password(24, $password_seed, "postgres_cryptoportfolio")),
+ }
+
+ ensure_packages("go")
+}