X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsalsa%2Fmanifests%2Fdatabase.pp;h=24647a3b1151046bfa41dfd6aa50b1f2d74be8c7;hb=7ca975698c14415282e911881890b3b7d8f8dc68;hp=e2793c1e2b71b404dd459364ceb2c161543ae756;hpb=e90ff033b42adf4dae4f40f79accb290469351c4;p=mirror%2Fdsa-puppet.git

diff --git a/modules/salsa/manifests/database.pp b/modules/salsa/manifests/database.pp
index e2793c1e2..24647a3b1 100644
--- a/modules/salsa/manifests/database.pp
+++ b/modules/salsa/manifests/database.pp
@@ -18,27 +18,33 @@ class salsa::database inherits salsa {
 		require => Class['postgresql::server::contrib'],
 	}
 
-	include postgres::backup_source
-	$datadir = assert_type(String[1], $postgresql::params::datadir)
-	warning("foo ")
-	file { "${datadir}/.nobackup":
-		content  => ""
+	$pg_config_options = {
+		'track_counts'  => 'yes',
+		'archive_mode' => 'yes',
+		'wal_level' => 'archive',
+		'max_wal_senders' => '3',
+		'archive_timeout' => '1h',
+		'archive_command' => '/usr/local/bin/pg-backup-file main WAL %p',
+		'ssl' => 'on',
+		'ssl_cert_file' => '/etc/ssl/debian/certs/thishost-server.crt',
+		'ssl_key_file' => '/etc/ssl/private/thishost-server.key',
 	}
-	if $::postgresql_key {
-		$ipaddr = assert_type(String[1], join(getfromhash($site::nodeinfo, 'ldap', 'ipHostNumber'), ","))
-
-		@@concat::fragment { "onion::balance::instance::dsa-snippet::$name::$fqdn":
-			target  => "/etc/dsa/postgresql-backup/sshkeys-sources",
-			content  => @("EOF"),
-					${::hostname} ${ipaddr} ${::postgresql_key}
-					| EOF
-			tag     => "postgresql::server::backup-source-sshkey",
+	$pg_config_options.each |String $key, String $value| {
+		postgresql_conf { $key:
+			value => $value,
+			target => $postgresql::params::postgresql_conf_path,
+			notify => Service['postgresqld'],
 		}
 	}
 
-	@ferm::rule { "dsa-postgres-${postgresql::params::port}":
-		description => 'Allow postgress access from backup host',
-		domain      => '(ip ip6)',
-		rule        => "&SERVICE_RANGE(tcp, ${postgresql::params::port}, ( @ipfilter(\$HOST_PGBACKUPHOST) ))",
+	include postgres::backup_source
+
+	postgres::backup_cluster { $::hostname:
+		pg_version => $postgresql::params::version,
+		pg_port => $postgresql::params::port,
+		do_role => true,
+		do_hba => true,
 	}
+
+	include postgres::backup_server::register_backup_clienthost
 }