From 57ae81eaeb85a2892f1afe07ea5be1917f64d065 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 17 Feb 2018 19:31:35 +0100 Subject: Add postgresql module and cryptoportfolio role --- modules/postgresql | 1 + modules/profile/manifests/postgresql.pp | 65 +++++++++++++++++++++++++++++++ modules/role/manifests/cryptoportfolio.pp | 14 +++++++ 3 files changed, 80 insertions(+) create mode 160000 modules/postgresql create mode 100644 modules/profile/manifests/postgresql.pp create mode 100644 modules/role/manifests/cryptoportfolio.pp (limited to 'modules') diff --git a/modules/postgresql b/modules/postgresql new file mode 160000 index 0000000..52ea030 --- /dev/null +++ b/modules/postgresql @@ -0,0 +1 @@ +Subproject commit 52ea030ad94397ba0d066c36c3028a255341f9fd diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp new file mode 100644 index 0000000..50e510e --- /dev/null +++ b/modules/profile/manifests/postgresql.pp @@ -0,0 +1,65 @@ +class profile::postgresql { + $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } + + class { '::postgresql::globals': + encoding => 'UTF-8', + locale => 'en_US.UTF-8', + pg_hba_conf_defaults => false, + } + + # FIXME: get it from the postgresql module? + $pg_user = "postgres" + + class { '::postgresql::client': } + + # FIXME: postgresql module is buggy and doesn't create dir? + file { "/var/lib/postgres": + ensure => directory, + owner => $pg_user, + group => $pg_user, + before => File["/var/lib/postgres/data"], + require => Package["postgresql-server"], + } + + class { '::postgresql::server': + postgres_password => generate_password(24, $password_seed, "postgres") + } + + postgresql::server::pg_hba_rule { 'local access as postgres user': + description => 'Allow local access to postgres user', + type => 'local', + database => 'all', + user => $pg_user, + auth_method => 'ident', + order => "a1", + } + postgresql::server::pg_hba_rule { 'deny access to postgresql user': + description => 'Deny remote access to postgres user', + type => 'host', + database => 'all', + user => $pg_user, + address => "0.0.0.0/0", + auth_method => 'reject', + order => "a2", + } + + postgresql::server::pg_hba_rule { 'local access': + description => 'Allow local access with password', + type => 'local', + database => 'all', + user => 'all', + auth_method => 'md5', + order => "b1", + } + + postgresql::server::pg_hba_rule { 'local access with same name': + description => 'Allow local access with same name', + type => 'local', + database => 'all', + user => 'all', + auth_method => 'ident', + order => "b2", + } + +} + diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp new file mode 100644 index 0000000..2755fee --- /dev/null +++ b/modules/role/manifests/cryptoportfolio.pp @@ -0,0 +1,14 @@ +class role::cryptoportfolio { + include "base_installation" + + include "profile::postgresql" + + $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } + + postgresql::server::db { 'cryptoportfolio': + user => 'cryptoportfolio', + password => postgresql_password('cryptoportfolio', generate_password(24, $password_seed, "postgres_cryptoportfolio")), + } + + ensure_packages("go") +} -- cgit v1.2.3