unique names

[mirror/dsa-puppet.git] / modules / postgres / manifests / cluster.pp

diff --git a/modules/postgres/manifests/cluster.pp b/modules/postgres/manifests/cluster.pp
index 424d354..970c1ba 100644 (file)
--- a/modules/postgres/manifests/cluster.pp
+++ b/modules/postgres/manifests/cluster.pp
@@ -50,6 +50,10 @@ define postgres::cluster(
     command     => "systemctl reload postgresql@${real_version}-${real_cluster}.service",
     refreshonly => true,
   }
+  ferm::rule::chain { "postgres::cluster::hba_entry::chain::pg-${real_port}":
+    description => "chain for pg${real_version}/${real_cluster}",
+    chain       => "pg-${real_port}",
+  }
   ferm::rule::simple { "postgres::cluster::hba_entry::${real_version}::${real_cluster}":
     description => "check access to pg${real_version}/${real_cluster}",
     port        => $real_port,
@@ -82,6 +86,15 @@ define postgres::cluster(
       order   => '00',
       content => template('postgres/cluster/pg_hba.conf-head.erb'),
     }
+    postgres::cluster::hba_entry { "postgres::cluster::${real_port}::local-connections":
+      pg_port         => $real_port,
+      connection_type => 'host',
+      database        => 'all',
+      user            => 'all',
+      address         => ['127.0.0.1', '::1'],
+      order           => '30',
+      firewall        => false,
+    }
     Concat::Fragment <| tag == "postgres::cluster::${real_version}::${real_cluster}::hba" |>
   }
 }