diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-03-13 15:00:26 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-03-13 22:52:09 +0100 |
commit | a386ce060c4c49d772bd4d03d6586012a266317e (patch) | |
tree | 5342c1ba851c73d5f8406a345b7fdddd8d8ea547 | |
parent | a045b9dc12f71c286d4afcb196705f430b6731f5 (diff) | |
download | Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.tar.gz Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.tar.zst Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.zip |
Reorder pg_hba rules
-rw-r--r-- | modules/profile/manifests/postgresql.pp | 12 | ||||
-rw-r--r-- | modules/role/manifests/cryptoportfolio.pp | 6 |
2 files changed, 9 insertions, 9 deletions
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 9d875c9..2cd1bcc 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp | |||
@@ -32,7 +32,7 @@ class profile::postgresql { | |||
32 | database => 'all', | 32 | database => 'all', |
33 | user => $pg_user, | 33 | user => $pg_user, |
34 | auth_method => 'ident', | 34 | auth_method => 'ident', |
35 | order => "a1", | 35 | order => "00-01", |
36 | } | 36 | } |
37 | postgresql::server::pg_hba_rule { 'localhost access as postgres user': | 37 | postgresql::server::pg_hba_rule { 'localhost access as postgres user': |
38 | description => 'Allow localhost access to postgres user', | 38 | description => 'Allow localhost access to postgres user', |
@@ -41,7 +41,7 @@ class profile::postgresql { | |||
41 | user => $pg_user, | 41 | user => $pg_user, |
42 | address => "127.0.0.1/32", | 42 | address => "127.0.0.1/32", |
43 | auth_method => 'md5', | 43 | auth_method => 'md5', |
44 | order => "a2", | 44 | order => "00-02", |
45 | } | 45 | } |
46 | postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': | 46 | postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': |
47 | description => 'Allow localhost access to postgres user', | 47 | description => 'Allow localhost access to postgres user', |
@@ -50,7 +50,7 @@ class profile::postgresql { | |||
50 | user => $pg_user, | 50 | user => $pg_user, |
51 | address => "::1/128", | 51 | address => "::1/128", |
52 | auth_method => 'md5', | 52 | auth_method => 'md5', |
53 | order => "a3", | 53 | order => "00-03", |
54 | } | 54 | } |
55 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': | 55 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': |
56 | description => 'Deny remote access to postgres user', | 56 | description => 'Deny remote access to postgres user', |
@@ -59,7 +59,7 @@ class profile::postgresql { | |||
59 | user => $pg_user, | 59 | user => $pg_user, |
60 | address => "0.0.0.0/0", | 60 | address => "0.0.0.0/0", |
61 | auth_method => 'reject', | 61 | auth_method => 'reject', |
62 | order => "a4", | 62 | order => "00-04", |
63 | } | 63 | } |
64 | 64 | ||
65 | postgresql::server::pg_hba_rule { 'local access': | 65 | postgresql::server::pg_hba_rule { 'local access': |
@@ -68,7 +68,7 @@ class profile::postgresql { | |||
68 | database => 'all', | 68 | database => 'all', |
69 | user => 'all', | 69 | user => 'all', |
70 | auth_method => 'md5', | 70 | auth_method => 'md5', |
71 | order => "b1", | 71 | order => "10-01", |
72 | } | 72 | } |
73 | 73 | ||
74 | postgresql::server::pg_hba_rule { 'local access with same name': | 74 | postgresql::server::pg_hba_rule { 'local access with same name': |
@@ -77,7 +77,7 @@ class profile::postgresql { | |||
77 | database => 'all', | 77 | database => 'all', |
78 | user => 'all', | 78 | user => 'all', |
79 | auth_method => 'ident', | 79 | auth_method => 'ident', |
80 | order => "b2", | 80 | order => "10-02", |
81 | } | 81 | } |
82 | 82 | ||
83 | } | 83 | } |
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index 5b64787..503620b 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp | |||
@@ -136,7 +136,7 @@ class role::cryptoportfolio ( | |||
136 | user => $pg_user, | 136 | user => $pg_user, |
137 | address => '127.0.0.1/32', | 137 | address => '127.0.0.1/32', |
138 | auth_method => 'md5', | 138 | auth_method => 'md5', |
139 | order => "b0", | 139 | order => "05-01", |
140 | } | 140 | } |
141 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': | 141 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': |
142 | type => 'host', | 142 | type => 'host', |
@@ -144,7 +144,7 @@ class role::cryptoportfolio ( | |||
144 | user => $pg_user, | 144 | user => $pg_user, |
145 | address => '::1/128', | 145 | address => '::1/128', |
146 | auth_method => 'md5', | 146 | auth_method => 'md5', |
147 | order => "b0", | 147 | order => "05-01", |
148 | } | 148 | } |
149 | 149 | ||
150 | postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu': | 150 | postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu': |
@@ -153,7 +153,7 @@ class role::cryptoportfolio ( | |||
153 | user => $pg_user_replication, | 153 | user => $pg_user_replication, |
154 | address => 'immae.eu', | 154 | address => 'immae.eu', |
155 | auth_method => 'md5', | 155 | auth_method => 'md5', |
156 | order => "b0", | 156 | order => "05-01", |
157 | } | 157 | } |
158 | 158 | ||
159 | class { 'apache::mod::headers': } | 159 | class { 'apache::mod::headers': } |