configure hba rules separately

2 files changed, 17 insertions, 3 deletions

diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml
index 850a633..fb026c1 100644
--- a/ansible/roles/postgres/tasks/main.yml
+++ b/ansible/roles/postgres/tasks/main.yml
@@ -49,10 +49,10 @@
     insertafter: "# Put your actual configuration here"
     marker: "# {mark} ANSIBLE MANAGED HBA CONF BLOCK"
     block: |
-      {% for db in postgres_databases %}
-      host    {{ db.name }}    {{ db.owner }}    all    scram-sha-256
+      {% for rule in postgres_hba_rules %}
+      {{ rule.conn_type }}    {{ rule.database }}    {{ rule.user }}    {{ rule.address }}    {{ rule.method }}
       {% endfor %}
-  loop: "{{ postgres_databases }}"
+  loop: "{{ postgres_hba_rules }}"
   notify:
     - Reload the postgres service
   tags:
diff --git a/ansible/roles/postgres/vars/main/main.yml b/ansible/roles/postgres/vars/main/main.yml
index f532863..3df9432 100644
--- a/ansible/roles/postgres/vars/main/main.yml
+++ b/ansible/roles/postgres/vars/main/main.yml
@@ -13,6 +13,20 @@ postgres_users:
       - pg_read_all_data
 
 
+postgres_hba_rules:
+  - conn_type: host
+    database: pinnwand
+    user: pinnwand
+    address: all
+    method: scram-sha-256
+
+  - conn_type: host
+    database: all
+    user: blackbox
+    address: all
+    method: scram-sha-256
+
+
 postgres_databases:
   - name: pinnwand
     owner: pinnwand