#
class salsa::database inherits salsa {
-# XXX does not work just yet.
+ class { 'postgresql::globals':
+ version => '9.6',
+ }
+ class { 'postgresql::server':
+ listen_addresses => '*',
+ }
+ class { 'postgresql::server::contrib': }
-# include postgresql::server
-#
-# postgresql::server::db { $salsa::db_name:
-# user => $salsa::db_role,
-# password => postgresql_password($salsa::db_role, $salsa::db_password),
-# }
-#
-# postgresql::server::extension { 'pg_trgm':
-# database => $salsa::db_name,
-# }
+ postgresql::server::db { $salsa::db_name:
+ user => $salsa::db_role,
+ password => postgresql_password($salsa::db_role, $salsa::db_password),
+ }
-# so do things by hand for now
- ensure_packages ( "postgresql", { ensure => 'installed' })
- # create role, create db owned by role, add extension
+ postgresql::server::extension { 'pg_trgm':
+ database => $salsa::db_name,
+ require => Class['postgresql::server::contrib'],
+ }
- # XXX set up backups
- file { "/var/lib/postgresql/9.6/main/.nobackup":
- content => ""
+ $pg_config_options = {
+ 'track_counts' => 'yes',
+ 'archive_mode' => 'yes',
+ 'wal_level' => 'archive',
+ 'max_wal_senders' => '3',
+ 'archive_timeout' => '1h',
+ 'archive_command' => '/usr/local/bin/pg-backup-file main WAL %p',
+ 'ssl' => 'on',
+ 'ssl_cert_file' => '/etc/ssl/debian/certs/thishost-server.crt',
+ 'ssl_key_file' => '/etc/ssl/private/thishost-server.key',
+ }
+ $pg_config_options.each |String $key, String $value| {
+ postgresql_conf { $key:
+ value => $value,
+ target => $postgresql::params::postgresql_conf_path,
+ notify => Service['postgresqld'],
+ }
+ }
+
+ ferm::rule::simple { "pgport":
+ description => "check access to pg port",
+ port => $postgresql::params::port,
+ target => "pg-${postgresql::params::port}",
+ }
+ postgres::backup_cluster { $::hostname:
+ pg_version => $postgresql::params::version,
+ pg_port => $postgresql::params::port,
+ do_role => true,
+ do_hba => true,
}
}