X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fpostgres%2Fmanifests%2Fcluster.pp;h=970c1ba6901635de261595cd5b02a148d29a762d;hb=694793a4317a94b7dc1483f4a52d4b1868224ed6;hp=424d354584317739a5480ef8eb9761e3c1769fcb;hpb=483ee60efd32db8ba0777e569fd72592cfee7bf6;p=mirror%2Fdsa-puppet.git

diff --git a/modules/postgres/manifests/cluster.pp b/modules/postgres/manifests/cluster.pp
index 424d35458..970c1ba69 100644
--- a/modules/postgres/manifests/cluster.pp
+++ b/modules/postgres/manifests/cluster.pp
@@ -50,6 +50,10 @@ define postgres::cluster(
     command     => "systemctl reload postgresql@${real_version}-${real_cluster}.service",
     refreshonly => true,
   }
+  ferm::rule::chain { "postgres::cluster::hba_entry::chain::pg-${real_port}":
+    description => "chain for pg${real_version}/${real_cluster}",
+    chain       => "pg-${real_port}",
+  }
   ferm::rule::simple { "postgres::cluster::hba_entry::${real_version}::${real_cluster}":
     description => "check access to pg${real_version}/${real_cluster}",
     port        => $real_port,
@@ -82,6 +86,15 @@ define postgres::cluster(
       order   => '00',
       content => template('postgres/cluster/pg_hba.conf-head.erb'),
     }
+    postgres::cluster::hba_entry { "postgres::cluster::${real_port}::local-connections":
+      pg_port         => $real_port,
+      connection_type => 'host',
+      database        => 'all',
+      user            => 'all',
+      address         => ['127.0.0.1', '::1'],
+      order           => '30',
+      firewall        => false,
+    }
     Concat::Fragment <| tag == "postgres::cluster::${real_version}::${real_cluster}::hba" |>
   }
 }