- if $do_role {
- postgresql::server::role { $db_backup_role:
- password_hash => postgresql_password($db_backup_role, $db_backup_role_password),
- replication => true,
- }
- }
- if $do_hba {
- $backup_servers_addrs.each |String $address| {
- postgresql::server::pg_hba_rule { "debian_backup-${address}":
- description => 'Open up PostgreSQL for backups',
- type => 'hostssl',
- database => 'replication',
- user => $db_backup_role,
- address => $address,
- auth_method => 'md5',
- }
- }
- }
- ferm::rule { "dsa-postgres-${pg_port}":
- description => 'Allow postgress access from backup host',
- domain => '(ip ip6)',
- rule => "&SERVICE_RANGE(tcp, ${pg_port}, ( @ipfilter((${backup_servers_addrs_joined})) ))",
- }
+ if $do_role {
+ postgresql::server::role { $db_backup_role:
+ password_hash => postgresql_password($db_backup_role, $db_backup_role_password),
+ replication => true,
+ }
+ }
+ if $do_hba {
+ $backup_servers_addrs.each |String $address| {
+ postgresql::server::pg_hba_rule { "debian_backup-${address}":
+ description => 'Open up PostgreSQL for backups',
+ type => 'hostssl',
+ database => 'replication',
+ user => $db_backup_role,
+ address => $address,
+ auth_method => 'md5',
+ }
+ }
+ }