manage debsources access to its DB on bmdb1

[mirror/dsa-puppet.git] / modules / roles / manifests / debsources.pp

diff --git a/modules/roles/manifests/debsources.pp b/modules/roles/manifests/debsources.pp
index f3af3ca..60cb490 100644 (file)
--- a/modules/roles/manifests/debsources.pp
+++ b/modules/roles/manifests/debsources.pp
@@ -1,4 +1,11 @@
-class roles::debsources {
+# sources.debian.org role
+
+# @param db_address     hostname of the postgres server for this service
+# @param db_port        port of the postgres server for this service
+class roles::debsources (
+  String  $db_address,
+  Integer $db_port,
+) {
   include apache2
   include apache2::ssl
 
@@ -14,4 +21,21 @@ class roles::debsources {
     notify => Exec['service apache2 reload'],
     key    => true,
   }
+
+  @@postgres::cluster::hba_entry { 'debsources':
+    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port  => $db_port,
+    database => 'debsources',
+    user     => ['debsource_admin', 'debsource_updater'],
+    address  => $base::public_addresses,
+  }
+
+  @@postgres::cluster::hba_entry { 'debsources-guest':
+    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port  => $db_port,
+    database => 'debsources',
+    user     => ['guest'],
+    method   => 'trust',
+    address  => $base::public_addresses,
+  }
 }