diff options
| -rw-r--r-- | ansible/roles/postgres/tasks/main.yml | 6 | ||||
| -rw-r--r-- | ansible/roles/postgres/vars/main/main.yml | 14 |
2 files changed, 17 insertions, 3 deletions
diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml index 850a633..fb026c1 100644 --- a/ansible/roles/postgres/tasks/main.yml +++ b/ansible/roles/postgres/tasks/main.yml @@ -49,10 +49,10 @@ insertafter: "# Put your actual configuration here" marker: "# {mark} ANSIBLE MANAGED HBA CONF BLOCK" block: | - {% for db in postgres_databases %} - host {{ db.name }} {{ db.owner }} all scram-sha-256 + {% for rule in postgres_hba_rules %} + {{ rule.conn_type }} {{ rule.database }} {{ rule.user }} {{ rule.address }} {{ rule.method }} {% endfor %} - loop: "{{ postgres_databases }}" + loop: "{{ postgres_hba_rules }}" notify: - Reload the postgres service tags: diff --git a/ansible/roles/postgres/vars/main/main.yml b/ansible/roles/postgres/vars/main/main.yml index f532863..3df9432 100644 --- a/ansible/roles/postgres/vars/main/main.yml +++ b/ansible/roles/postgres/vars/main/main.yml @@ -13,6 +13,20 @@ postgres_users: - pg_read_all_data +postgres_hba_rules: + - conn_type: host + database: pinnwand + user: pinnwand + address: all + method: scram-sha-256 + + - conn_type: host + database: all + user: blackbox + address: all + method: scram-sha-256 + + postgres_databases: - name: pinnwand owner: pinnwand |