Create an empty pg-nnn chain in case nobody else puts anything there

diff --git a/modules/postgres/manifests/cluster.pp b/modules/postgres/manifests/cluster.pp
index 424d354..92f87d1 100644 (file)
--- a/modules/postgres/manifests/cluster.pp
+++ b/modules/postgres/manifests/cluster.pp
@@ -50,6 +50,10 @@ define postgres::cluster(
     command     => "systemctl reload postgresql@${real_version}-${real_cluster}.service",
     refreshonly => true,
   }
+  ferm::rule::chain { "postgres::cluster::hba_entry::chain::pg-${real_port}":
+    description => "chain for pg${real_version}/${real_cluster}",
+    chain       => "pg-${real_port}",
+  }
   ferm::rule::simple { "postgres::cluster::hba_entry::${real_version}::${real_cluster}":
     description => "check access to pg${real_version}/${real_cluster}",
     port        => $real_port,