From 57ae81eaeb85a2892f1afe07ea5be1917f64d065 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 17 Feb 2018 19:31:35 +0100 Subject: Add postgresql module and cryptoportfolio role --- modules/profile/manifests/postgresql.pp | 65 +++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 modules/profile/manifests/postgresql.pp (limited to 'modules/profile') diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp new file mode 100644 index 0000000..50e510e --- /dev/null +++ b/modules/profile/manifests/postgresql.pp @@ -0,0 +1,65 @@ +class profile::postgresql { + $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } + + class { '::postgresql::globals': + encoding => 'UTF-8', + locale => 'en_US.UTF-8', + pg_hba_conf_defaults => false, + } + + # FIXME: get it from the postgresql module? + $pg_user = "postgres" + + class { '::postgresql::client': } + + # FIXME: postgresql module is buggy and doesn't create dir? + file { "/var/lib/postgres": + ensure => directory, + owner => $pg_user, + group => $pg_user, + before => File["/var/lib/postgres/data"], + require => Package["postgresql-server"], + } + + class { '::postgresql::server': + postgres_password => generate_password(24, $password_seed, "postgres") + } + + postgresql::server::pg_hba_rule { 'local access as postgres user': + description => 'Allow local access to postgres user', + type => 'local', + database => 'all', + user => $pg_user, + auth_method => 'ident', + order => "a1", + } + postgresql::server::pg_hba_rule { 'deny access to postgresql user': + description => 'Deny remote access to postgres user', + type => 'host', + database => 'all', + user => $pg_user, + address => "0.0.0.0/0", + auth_method => 'reject', + order => "a2", + } + + postgresql::server::pg_hba_rule { 'local access': + description => 'Allow local access with password', + type => 'local', + database => 'all', + user => 'all', + auth_method => 'md5', + order => "b1", + } + + postgresql::server::pg_hba_rule { 'local access with same name': + description => 'Allow local access with same name', + type => 'local', + database => 'all', + user => 'all', + auth_method => 'ident', + order => "b2", + } + +} + -- cgit v1.2.3