X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fnm.pp;h=2bfb33730af624c989a7cb201d7ed46e212d0301;hb=7cf8c9b7d5e06b37a84700146b4e9ed71f2da575;hp=cceb28d1740fed66ef77f2fb21977e38d901fdf3;hpb=3324b4ae702172197fe7ad725a36f052f1e67c71;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/nm.pp b/modules/roles/manifests/nm.pp
index cceb28d17..2bfb33730 100644
--- a/modules/roles/manifests/nm.pp
+++ b/modules/roles/manifests/nm.pp
@@ -1,4 +1,11 @@
-class roles::nm {
+# nm.debian.org role
+#
+# @param db_address     hostname of the postgres server for this service
+# @param db_port        port of the postgres server for this service
+class roles::nm (
+  String  $db_address,
+  Integer $db_port,
+) {
   include apache2
   include roles::sso_rp
 
@@ -11,4 +18,16 @@ class roles::nm {
     owner => 'nm',
     group => 'nm',
   }
+
+  @@postgres::cluster::hba_entry { "nm-${::fqdn}":
+    tag      => "postgres::cluster::${db_port}::hba::${db_address}",
+    pg_port  => $db_port,
+    database => ['nm', 'contributors'],
+    user     => ['nm', 'nmweb'],
+    address  => $base::public_addresses,
+  }
+
+  dsa_systemd::linger { 'nm': }
+
+  include roles::postgresql::ftp_master_dak_replica::db_guest_access::ubc
 }