Add cryptoportfolio postgresql backup

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-05-13 16:54:03 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-05-14 00:36:43 +0200
commit: 6d1c9c43fb2133689d814cfc84a4942ceec5c1c7 (patch)
tree: fbbaec6a735433be8d1da2c949df9ea50fe97539 /modules/role/templates
parent: a859ab30660104d25485824afa1c23de454bb5ed (diff)
download: Puppet-6d1c9c43fb2133689d814cfc84a4942ceec5c1c7.tar.gz
Puppet-6d1c9c43fb2133689d814cfc84a4942ceec5c1c7.tar.zst
Puppet-6d1c9c43fb2133689d814cfc84a4942ceec5c1c7.zip
3 files changed, 45 insertions, 0 deletions
diff --git a/modules/role/templates/cryptoportfolio/pam_ldap_postgresql.conf.erb b/modules/role/templates/cryptoportfolio/pam_ldap_postgresql.conf.erb
new file mode 100644
index 0000000..f3d9674
--- /dev/null
+++ b/modules/role/templates/cryptoportfolio/pam_ldap_postgresql.conf.erb
@@ -0,0 +1,6 @@
+host <%= @ldap_server %>
+base <%= @ldap_base %>
+binddn <%= @ldap_dn %>
+bindpw <%= @ldap_password %>
+pam_login_attribute <%= @ldap_attribute %>
diff --git a/modules/role/templates/cryptoportfolio/postgresql_backup.conf.erb b/modules/role/templates/cryptoportfolio/postgresql_backup.conf.erb
new file mode 100644
index 0000000..860089b
--- /dev/null
+++ b/modules/role/templates/cryptoportfolio/postgresql_backup.conf.erb
@@ -0,0 +1,5 @@
+listen_addresses= ''
+unix_socket_directories = '<%= @pg_path %>'
+data_directory = '<%= @pg_path %>'
+wal_level = logical
diff --git a/modules/role/templates/cryptoportfolio/postgresql_backup@.service.erb b/modules/role/templates/cryptoportfolio/postgresql_backup@.service.erb
new file mode 100644
index 0000000..245a1cb
--- /dev/null
+++ b/modules/role/templates/cryptoportfolio/postgresql_backup@.service.erb
@@ -0,0 +1,34 @@
+[Unit]
+Description=PostgreSQL database server
+After=network.target
+[Service]
+Type=forking
+TimeoutSec=120
+User=postgres
+Group=postgres
+Environment=PGROOT=<%= @mountpoint %>/%i/postgresql
+SyslogIdentifier=postgres
+PIDFile=<%= @mountpoint %>/%i/postgresql/postmaster.pid
+RuntimeDirectory=postgresql
+RuntimeDirectoryMode=755
+ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}
+ExecStart= /usr/bin/pg_ctl -s -D ${PGROOT} start -w -t 120
+ExecReload=/usr/bin/pg_ctl -s -D ${PGROOT} reload
+ExecStop=  /usr/bin/pg_ctl -s -D ${PGROOT} stop -m fast
+# Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in
+# killing Postgres, so adjust it downward
+OOMScoreAdjust=-200
+# Additional security-related features
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=full
+NoNewPrivileges=true
+[Install]
+WantedBy=multi-user.target
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-05-13 16:54:03 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-05-14 00:36:43 +0200
commit	6d1c9c43fb2133689d814cfc84a4942ceec5c1c7 (patch)
tree	fbbaec6a735433be8d1da2c949df9ea50fe97539 /modules/role/templates
parent	a859ab30660104d25485824afa1c23de454bb5ed (diff)
download	Puppet-6d1c9c43fb2133689d814cfc84a4942ceec5c1c7.tar.gz Puppet-6d1c9c43fb2133689d814cfc84a4942ceec5c1c7.tar.zst Puppet-6d1c9c43fb2133689d814cfc84a4942ceec5c1c7.zip

diff --git a/modules/role/templates/cryptoportfolio/pam_ldap_postgresql.conf.erb b/modules/role/templates/cryptoportfolio/pam_ldap_postgresql.conf.erb new file mode 100644 index 0000000..f3d9674 --- /dev/null +++ b/modules/role/templates/cryptoportfolio/pam_ldap_postgresql.conf.erb
@@ -0,0 +1,6 @@
	1	host <%= @ldap_server %>
	2
	3	base <%= @ldap_base %>
	4	binddn <%= @ldap_dn %>
	5	bindpw <%= @ldap_password %>
	6	pam_login_attribute <%= @ldap_attribute %>


diff --git a/modules/role/templates/cryptoportfolio/postgresql_backup.conf.erb b/modules/role/templates/cryptoportfolio/postgresql_backup.conf.erb new file mode 100644 index 0000000..860089b --- /dev/null +++ b/modules/role/templates/cryptoportfolio/postgresql_backup.conf.erb
@@ -0,0 +1,5 @@
	1	listen_addresses= ''
	2	unix_socket_directories = '<%= @pg_path %>'
	3	data_directory = '<%= @pg_path %>'
	4	wal_level = logical
	5


diff --git a/modules/role/templates/cryptoportfolio/postgresql_backup@.service.erb b/modules/role/templates/cryptoportfolio/postgresql_backup@.service.erb new file mode 100644 index 0000000..245a1cb --- /dev/null +++ b/modules/role/templates/cryptoportfolio/postgresql_backup@.service.erb
@@ -0,0 +1,34 @@
	1	[Unit]
	2	Description=PostgreSQL database server
	3	After=network.target
	4
	5	[Service]
	6	Type=forking
	7	TimeoutSec=120
	8	User=postgres
	9	Group=postgres
	10
	11	Environment=PGROOT=<%= @mountpoint %>/%i/postgresql
	12
	13	SyslogIdentifier=postgres
	14	PIDFile=<%= @mountpoint %>/%i/postgresql/postmaster.pid
	15	RuntimeDirectory=postgresql
	16	RuntimeDirectoryMode=755
	17
	18	ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}
	19	ExecStart= /usr/bin/pg_ctl -s -D ${PGROOT} start -w -t 120
	20	ExecReload=/usr/bin/pg_ctl -s -D ${PGROOT} reload
	21	ExecStop= /usr/bin/pg_ctl -s -D ${PGROOT} stop -m fast
	22
	23	# Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in
	24	# killing Postgres, so adjust it downward
	25	OOMScoreAdjust=-200
	26
	27	# Additional security-related features
	28	PrivateTmp=true
	29	ProtectHome=true
	30	ProtectSystem=full
	31	NoNewPrivileges=true
	32
	33	[Install]
	34	WantedBy=multi-user.target