aboutsummaryrefslogtreecommitdiffstats
path: root/ansible/roles/postgres
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/roles/postgres')
-rw-r--r--ansible/roles/postgres/tasks/main.yml6
-rw-r--r--ansible/roles/postgres/vars/main/main.yml14
2 files changed, 17 insertions, 3 deletions
diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml
index 850a633..fb026c1 100644
--- a/ansible/roles/postgres/tasks/main.yml
+++ b/ansible/roles/postgres/tasks/main.yml
@@ -49,10 +49,10 @@
insertafter: "# Put your actual configuration here"
marker: "# {mark} ANSIBLE MANAGED HBA CONF BLOCK"
block: |
- {% for db in postgres_databases %}
- host {{ db.name }} {{ db.owner }} all scram-sha-256
+ {% for rule in postgres_hba_rules %}
+ {{ rule.conn_type }} {{ rule.database }} {{ rule.user }} {{ rule.address }} {{ rule.method }}
{% endfor %}
- loop: "{{ postgres_databases }}"
+ loop: "{{ postgres_hba_rules }}"
notify:
- Reload the postgres service
tags:
diff --git a/ansible/roles/postgres/vars/main/main.yml b/ansible/roles/postgres/vars/main/main.yml
index f532863..3df9432 100644
--- a/ansible/roles/postgres/vars/main/main.yml
+++ b/ansible/roles/postgres/vars/main/main.yml
@@ -13,6 +13,20 @@ postgres_users:
- pg_read_all_data
+postgres_hba_rules:
+ - conn_type: host
+ database: pinnwand
+ user: pinnwand
+ address: all
+ method: scram-sha-256
+
+ - conn_type: host
+ database: all
+ user: blackbox
+ address: all
+ method: scram-sha-256
+
+
postgres_databases:
- name: pinnwand
owner: pinnwand
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-20 06:54:33 +0000