diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-03-13 15:00:26 +0100 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-03-13 22:52:09 +0100 |
| commit | a386ce060c4c49d772bd4d03d6586012a266317e (patch) | |
| tree | 5342c1ba851c73d5f8406a345b7fdddd8d8ea547 /modules | |
| parent | a045b9dc12f71c286d4afcb196705f430b6731f5 (diff) | |
| download | Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.tar.gz Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.tar.zst Puppet-a386ce060c4c49d772bd4d03d6586012a266317e.zip | |
Reorder pg_hba rules
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/profile/manifests/postgresql.pp | 12 | ||||
| -rw-r--r-- | modules/role/manifests/cryptoportfolio.pp | 6 |
2 files changed, 9 insertions, 9 deletions
diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 9d875c9..2cd1bcc 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp | |||
| @@ -32,7 +32,7 @@ class profile::postgresql { | |||
| 32 | database => 'all', | 32 | database => 'all', |
| 33 | user => $pg_user, | 33 | user => $pg_user, |
| 34 | auth_method => 'ident', | 34 | auth_method => 'ident', |
| 35 | order => "a1", | 35 | order => "00-01", |
| 36 | } | 36 | } |
| 37 | postgresql::server::pg_hba_rule { 'localhost access as postgres user': | 37 | postgresql::server::pg_hba_rule { 'localhost access as postgres user': |
| 38 | description => 'Allow localhost access to postgres user', | 38 | description => 'Allow localhost access to postgres user', |
| @@ -41,7 +41,7 @@ class profile::postgresql { | |||
| 41 | user => $pg_user, | 41 | user => $pg_user, |
| 42 | address => "127.0.0.1/32", | 42 | address => "127.0.0.1/32", |
| 43 | auth_method => 'md5', | 43 | auth_method => 'md5', |
| 44 | order => "a2", | 44 | order => "00-02", |
| 45 | } | 45 | } |
| 46 | postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': | 46 | postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': |
| 47 | description => 'Allow localhost access to postgres user', | 47 | description => 'Allow localhost access to postgres user', |
| @@ -50,7 +50,7 @@ class profile::postgresql { | |||
| 50 | user => $pg_user, | 50 | user => $pg_user, |
| 51 | address => "::1/128", | 51 | address => "::1/128", |
| 52 | auth_method => 'md5', | 52 | auth_method => 'md5', |
| 53 | order => "a3", | 53 | order => "00-03", |
| 54 | } | 54 | } |
| 55 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': | 55 | postgresql::server::pg_hba_rule { 'deny access to postgresql user': |
| 56 | description => 'Deny remote access to postgres user', | 56 | description => 'Deny remote access to postgres user', |
| @@ -59,7 +59,7 @@ class profile::postgresql { | |||
| 59 | user => $pg_user, | 59 | user => $pg_user, |
| 60 | address => "0.0.0.0/0", | 60 | address => "0.0.0.0/0", |
| 61 | auth_method => 'reject', | 61 | auth_method => 'reject', |
| 62 | order => "a4", | 62 | order => "00-04", |
| 63 | } | 63 | } |
| 64 | 64 | ||
| 65 | postgresql::server::pg_hba_rule { 'local access': | 65 | postgresql::server::pg_hba_rule { 'local access': |
| @@ -68,7 +68,7 @@ class profile::postgresql { | |||
| 68 | database => 'all', | 68 | database => 'all', |
| 69 | user => 'all', | 69 | user => 'all', |
| 70 | auth_method => 'md5', | 70 | auth_method => 'md5', |
| 71 | order => "b1", | 71 | order => "10-01", |
| 72 | } | 72 | } |
| 73 | 73 | ||
| 74 | postgresql::server::pg_hba_rule { 'local access with same name': | 74 | postgresql::server::pg_hba_rule { 'local access with same name': |
| @@ -77,7 +77,7 @@ class profile::postgresql { | |||
| 77 | database => 'all', | 77 | database => 'all', |
| 78 | user => 'all', | 78 | user => 'all', |
| 79 | auth_method => 'ident', | 79 | auth_method => 'ident', |
| 80 | order => "b2", | 80 | order => "10-02", |
| 81 | } | 81 | } |
| 82 | 82 | ||
| 83 | } | 83 | } |
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index 5b64787..503620b 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp | |||
| @@ -136,7 +136,7 @@ class role::cryptoportfolio ( | |||
| 136 | user => $pg_user, | 136 | user => $pg_user, |
| 137 | address => '127.0.0.1/32', | 137 | address => '127.0.0.1/32', |
| 138 | auth_method => 'md5', | 138 | auth_method => 'md5', |
| 139 | order => "b0", | 139 | order => "05-01", |
| 140 | } | 140 | } |
| 141 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': | 141 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': |
| 142 | type => 'host', | 142 | type => 'host', |
| @@ -144,7 +144,7 @@ class role::cryptoportfolio ( | |||
| 144 | user => $pg_user, | 144 | user => $pg_user, |
| 145 | address => '::1/128', | 145 | address => '::1/128', |
| 146 | auth_method => 'md5', | 146 | auth_method => 'md5', |
| 147 | order => "b0", | 147 | order => "05-01", |
| 148 | } | 148 | } |
| 149 | 149 | ||
| 150 | postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu': | 150 | postgresql::server::pg_hba_rule { 'allow TCP access to replication user from immae.eu': |
| @@ -153,7 +153,7 @@ class role::cryptoportfolio ( | |||
| 153 | user => $pg_user_replication, | 153 | user => $pg_user_replication, |
| 154 | address => 'immae.eu', | 154 | address => 'immae.eu', |
| 155 | auth_method => 'md5', | 155 | auth_method => 'md5', |
| 156 | order => "b0", | 156 | order => "05-01", |
| 157 | } | 157 | } |
| 158 | 158 | ||
| 159 | class { 'apache::mod::headers': } | 159 | class { 'apache::mod::headers': } |