aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2018-03-13 15:00:26 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2018-03-13 22:52:09 +0100
commita386ce060c4c49d772bd4d03d6586012a266317e (patch)
tree5342c1ba851c73d5f8406a345b7fdddd8d8ea547
parenta045b9dc12f71c286d4afcb196705f430b6731f5 (diff)
downloadPuppet-a386ce060c4c49d772bd4d03d6586012a266317e.tar.gz
Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.tar.zst
Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.zip
Reorder pg_hba rules
-rw-r--r--modules/profile/manifests/postgresql.pp12
-rw-r--r--modules/role/manifests/cryptoportfolio.pp6
2 files changed, 9 insertions, 9 deletions
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
index 9d875c9..2cd1bcc 100644
--- a/modules/profile/manifests/postgresql.pp
+++ b/modules/profile/manifests/postgresql.pp
@@ -32,7 +32,7 @@ class profile::postgresql {
32 database => 'all', 32 database => 'all',
33 user => $pg_user, 33 user => $pg_user,
34 auth_method => 'ident', 34 auth_method => 'ident',
35 order => "a1", 35 order => "00-01",
36 } 36 }
37 postgresql::server::pg_hba_rule { 'localhost access as postgres user': 37 postgresql::server::pg_hba_rule { 'localhost access as postgres user':
38 description => 'Allow localhost access to postgres user', 38 description => 'Allow localhost access to postgres user',
@@ -41,7 +41,7 @@ class profile::postgresql {
41 user => $pg_user, 41 user => $pg_user,
42 address => "127.0.0.1/32", 42 address => "127.0.0.1/32",
43 auth_method => 'md5', 43 auth_method => 'md5',
44 order => "a2", 44 order => "00-02",
45 } 45 }
46 postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': 46 postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user':
47 description => 'Allow localhost access to postgres user', 47 description => 'Allow localhost access to postgres user',
@@ -50,7 +50,7 @@ class profile::postgresql {
50 user => $pg_user, 50 user => $pg_user,
51 address => "::1/128", 51 address => "::1/128",
52 auth_method => 'md5', 52 auth_method => 'md5',
53 order => "a3", 53 order => "00-03",
54 } 54 }
55 postgresql::server::pg_hba_rule { 'deny access to postgresql user': 55 postgresql::server::pg_hba_rule { 'deny access to postgresql user':
56 description => 'Deny remote access to postgres user', 56 description => 'Deny remote access to postgres user',
@@ -59,7 +59,7 @@ class profile::postgresql {
59 user => $pg_user, 59 user => $pg_user,
60 address => "0.0.0.0/0", 60 address => "0.0.0.0/0",
61 auth_method => 'reject', 61 auth_method => 'reject',
62 order => "a4", 62 order => "00-04",
63 } 63 }
64 64
65 postgresql::server::pg_hba_rule { 'local access': 65 postgresql::server::pg_hba_rule { 'local access':
@@ -68,7 +68,7 @@ class profile::postgresql {
68 database => 'all', 68 database => 'all',
69 user => 'all', 69 user => 'all',
70 auth_method => 'md5', 70 auth_method => 'md5',
71 order => "b1", 71 order => "10-01",
72 } 72 }
73 73
74 postgresql::server::pg_hba_rule { 'local access with same name': 74 postgresql::server::pg_hba_rule { 'local access with same name':
@@ -77,7 +77,7 @@ class profile::postgresql {
77 database => 'all', 77 database => 'all',
78 user => 'all', 78 user => 'all',
79 auth_method => 'ident', 79 auth_method => 'ident',
80 order => "b2", 80 order => "10-02",
81 } 81 }
82 82
83} 83}
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index 5b64787..503620b 100644
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -136,7 +136,7 @@ class role::cryptoportfolio (
136 user => $pg_user, 136 user => $pg_user,
137 address => '127.0.0.1/32', 137 address => '127.0.0.1/32',
138 auth_method => 'md5', 138 auth_method => 'md5',
139 order => "b0", 139 order => "05-01",
140 } 140 }
141 postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': 141 postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user':
142 type => 'host', 142 type => 'host',
@@ -144,7 +144,7 @@ class role::cryptoportfolio (
144 user => $pg_user, 144 user => $pg_user,
145 address => '::1/128', 145 address => '::1/128',
146 auth_method => 'md5', 146 auth_method => 'md5',
147 order => "b0", 147 order => "05-01",
148 } 148 }
149 149
150 postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu': 150 postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu':
@@ -153,7 +153,7 @@ class role::cryptoportfolio (
153 user => $pg_user_replication, 153 user => $pg_user_replication,
154 address => 'immae.eu', 154 address => 'immae.eu',
155 auth_method => 'md5', 155 auth_method => 'md5',
156 order => "b0", 156 order => "05-01",
157 } 157 }
158 158
159 class { 'apache::mod::headers': } 159 class { 'apache::mod::headers': }