aboutsummaryrefslogtreecommitdiff
path: root/modules/profile/manifests
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2018-02-17 19:31:35 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2018-02-18 01:12:24 +0100
commit57ae81eaeb85a2892f1afe07ea5be1917f64d065 (patch)
tree5551bf297aa0ae8978bda4720197c70abcee0314 /modules/profile/manifests
parent28f9451daeac73f91b031470060c883008b4a363 (diff)
downloadPuppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.tar.gz
Puppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.tar.zst
Puppet-57ae81eaeb85a2892f1afe07ea5be1917f64d065.zip
Add postgresql module and cryptoportfolio role
Diffstat (limited to 'modules/profile/manifests')
-rw-r--r--modules/profile/manifests/postgresql.pp65
1 files changed, 65 insertions, 0 deletions
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp
new file mode 100644
index 0000000..50e510e
--- /dev/null
+++ b/modules/profile/manifests/postgresql.pp
@@ -0,0 +1,65 @@
1class profile::postgresql {
2 $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
3
4 class { '::postgresql::globals':
5 encoding => 'UTF-8',
6 locale => 'en_US.UTF-8',
7 pg_hba_conf_defaults => false,
8 }
9
10 # FIXME: get it from the postgresql module?
11 $pg_user = "postgres"
12
13 class { '::postgresql::client': }
14
15 # FIXME: postgresql module is buggy and doesn't create dir?
16 file { "/var/lib/postgres":
17 ensure => directory,
18 owner => $pg_user,
19 group => $pg_user,
20 before => File["/var/lib/postgres/data"],
21 require => Package["postgresql-server"],
22 }
23
24 class { '::postgresql::server':
25 postgres_password => generate_password(24, $password_seed, "postgres")
26 }
27
28 postgresql::server::pg_hba_rule { 'local access as postgres user':
29 description => 'Allow local access to postgres user',
30 type => 'local',
31 database => 'all',
32 user => $pg_user,
33 auth_method => 'ident',
34 order => "a1",
35 }
36 postgresql::server::pg_hba_rule { 'deny access to postgresql user':
37 description => 'Deny remote access to postgres user',
38 type => 'host',
39 database => 'all',
40 user => $pg_user,
41 address => "0.0.0.0/0",
42 auth_method => 'reject',
43 order => "a2",
44 }
45
46 postgresql::server::pg_hba_rule { 'local access':
47 description => 'Allow local access with password',
48 type => 'local',
49 database => 'all',
50 user => 'all',
51 auth_method => 'md5',
52 order => "b1",
53 }
54
55 postgresql::server::pg_hba_rule { 'local access with same name':
56 description => 'Allow local access with same name',
57 type => 'local',
58 database => 'all',
59 user => 'all',
60 auth_method => 'ident',
61 order => "b2",
62 }
63
64}
65