From c53ac3f84852a42aa8b7341ee7fe0a629d2e3579 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Wed, 27 Jun 2018 20:45:15 +0200
Subject: Refactor postgresql configuration

---
 modules/profile/templates/postgresql/pam_ldap_postgresql.conf.erb | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 modules/profile/templates/postgresql/pam_ldap_postgresql.conf.erb

(limited to 'modules/profile/templates')

diff --git a/modules/profile/templates/postgresql/pam_ldap_postgresql.conf.erb b/modules/profile/templates/postgresql/pam_ldap_postgresql.conf.erb
new file mode 100644
index 0000000..f3d9674
--- /dev/null
+++ b/modules/profile/templates/postgresql/pam_ldap_postgresql.conf.erb
@@ -0,0 +1,6 @@
+host <%= @ldap_server %>
+
+base <%= @ldap_base %>
+binddn <%= @ldap_dn %>
+bindpw <%= @ldap_password %>
+pam_login_attribute <%= @ldap_attribute %>
-- 
cgit v1.2.3


From d2f031ece106ed2dc37283b194edfa94718a6306 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Wed, 27 Jun 2018 21:52:02 +0200
Subject: Refactor backup postgresql

---
 .../postgresql/pam_ldap_pgbouncer.conf.erb         |  7 +++++
 .../postgresql/postgresql_backup@.service.erb      | 34 ++++++++++++++++++++++
 .../postgresql_master/pam_ldap_postgresql.conf.erb |  6 ----
 3 files changed, 41 insertions(+), 6 deletions(-)
 create mode 100644 modules/profile/templates/postgresql/pam_ldap_pgbouncer.conf.erb
 create mode 100644 modules/profile/templates/postgresql/postgresql_backup@.service.erb
 delete mode 100644 modules/profile/templates/postgresql_master/pam_ldap_postgresql.conf.erb

(limited to 'modules/profile/templates')

diff --git a/modules/profile/templates/postgresql/pam_ldap_pgbouncer.conf.erb b/modules/profile/templates/postgresql/pam_ldap_pgbouncer.conf.erb
new file mode 100644
index 0000000..12fa9bb
--- /dev/null
+++ b/modules/profile/templates/postgresql/pam_ldap_pgbouncer.conf.erb
@@ -0,0 +1,7 @@
+host <%= @ldap_server %>
+
+base <%= @ldap_base %>
+binddn <%= @ldap_dn %>
+bindpw <%= @ldap_password %>
+pam_login_attribute <%= @ldap_attribute %>
+pam_filter <%= @ldap_filter %>
diff --git a/modules/profile/templates/postgresql/postgresql_backup@.service.erb b/modules/profile/templates/postgresql/postgresql_backup@.service.erb
new file mode 100644
index 0000000..74f5a98
--- /dev/null
+++ b/modules/profile/templates/postgresql/postgresql_backup@.service.erb
@@ -0,0 +1,34 @@
+[Unit]
+Description=PostgreSQL database server
+After=network.target
+
+[Service]
+Type=forking
+TimeoutSec=120
+User=postgres
+Group=postgres
+
+Environment=PGROOT=<%= @base_path %>/%i/postgresql
+
+SyslogIdentifier=postgres
+PIDFile=<%= @base_path %>/%i/postgresql/postmaster.pid
+RuntimeDirectory=postgresql
+RuntimeDirectoryMode=755
+
+ExecStartPre=/usr/bin/postgresql-check-db-dir ${PGROOT}
+ExecStart= /usr/bin/pg_ctl -s -D ${PGROOT} start -w -t 120
+ExecReload=/usr/bin/pg_ctl -s -D ${PGROOT} reload
+ExecStop=  /usr/bin/pg_ctl -s -D ${PGROOT} stop -m fast
+
+# Due to PostgreSQL's use of shared memory, OOM killer is often overzealous in
+# killing Postgres, so adjust it downward
+OOMScoreAdjust=-200
+
+# Additional security-related features
+PrivateTmp=true
+ProtectHome=true
+ProtectSystem=full
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/modules/profile/templates/postgresql_master/pam_ldap_postgresql.conf.erb b/modules/profile/templates/postgresql_master/pam_ldap_postgresql.conf.erb
deleted file mode 100644
index f3d9674..0000000
--- a/modules/profile/templates/postgresql_master/pam_ldap_postgresql.conf.erb
+++ /dev/null
@@ -1,6 +0,0 @@
-host <%= @ldap_server %>
-
-base <%= @ldap_base %>
-binddn <%= @ldap_dn %>
-bindpw <%= @ldap_password %>
-pam_login_attribute <%= @ldap_attribute %>
-- 
cgit v1.2.3