X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fsalsa%2Fmanifests%2Fdatabase.pp;h=32a53a716fd4ff9669af4102fdac32d013612137;hb=2d1ec427e3c71ed97101e3dc53b8ece95624d67f;hp=97c5bc4d02943f1a57871b95bb6d2d7278b0dfa2;hpb=b75dd5fcce98ce6356eab26c66ecbc1472044783;p=mirror%2Fdsa-puppet.git

diff --git a/modules/salsa/manifests/database.pp b/modules/salsa/manifests/database.pp
index 97c5bc4d0..32a53a716 100644
--- a/modules/salsa/manifests/database.pp
+++ b/modules/salsa/manifests/database.pp
@@ -18,8 +18,34 @@ class salsa::database inherits salsa {
 		require => Class['postgresql::server::contrib'],
 	}
 
-	$datadir = assert_type(String[1], $postgresql::params::datadir)
-	file { "${datadir}/.nobackup":
-		content  => ""
+	$pg_config_options = {
+		'track_counts'  => 'yes',
+		'archive_mode' => 'yes',
+		'wal_level' => 'archive',
+		'max_wal_senders' => '3',
+		'archive_timeout' => '1h',
+		'archive_command' => '/usr/local/bin/pg-backup-file main WAL %p',
+		'ssl' => 'on',
+		'ssl_cert_file' => '/etc/ssl/debian/certs/thishost-server.crt',
+		'ssl_key_file' => '/etc/ssl/private/thishost-server.key',
+	}
+	$pg_config_options.each |String $key, String $value| {
+		postgresql_conf { $key:
+			value => $value,
+			target => $postgresql::params::postgresql_conf_path,
+			notify => Service['postgresqld'],
+		}
+	}
+
+	ferm::rule::simple { "pgport":
+		description => "check access to pg port",
+		port        => $postgresql::params::port,
+		target      => "pg-${postgresql::params::port}",
+	}
+	postgres::backup_cluster { $::hostname:
+		pg_version => $postgresql::params::version,
+		pg_port => $postgresql::params::port,
+		do_role => true,
+		do_hba => true,
 	}
 }