From c8178a26d055a8bd41d12036d3378f9833a99aa8 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 29 Sep 2019 21:05:50 +0200
Subject: [PATCH] manage pg_hba on snapshotdb-manda-01

---
 data/nodes/snapshotdb-manda-01.debian.org.yaml |  3 +++
 modules/roles/manifests/snapshot_db.pp         | 15 +++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/data/nodes/snapshotdb-manda-01.debian.org.yaml b/data/nodes/snapshotdb-manda-01.debian.org.yaml
index b756c7bf2..a3bab216b 100644
--- a/data/nodes/snapshotdb-manda-01.debian.org.yaml
+++ b/data/nodes/snapshotdb-manda-01.debian.org.yaml
@@ -3,3 +3,6 @@ classes:
   - roles::postgresql::server
 
 postgres::backup_server::register_backup_clienthost::allow_read_hosts: ['sallinen']
+roles::postgresql::server::manage_clusters_hba: true
+roles::snapshot_db::db_port: 5442
+roles::snapshot_db::guest_addresses: ['185.17.185.176/28', '2001:1af8:4020:b030::/64'] # leaseweb
diff --git a/modules/roles/manifests/snapshot_db.pp b/modules/roles/manifests/snapshot_db.pp
index 93f71bdcd..5f045e858 100644
--- a/modules/roles/manifests/snapshot_db.pp
+++ b/modules/roles/manifests/snapshot_db.pp
@@ -1,5 +1,10 @@
 # db server providing (secondary) snapshot databases
+#
+# @param db_port          port of the snapshot cluster
+# @param guest_addresses  addresses to allow for the guest account
 class roles::snapshot_db (
+  Integer $db_port,
+  Array[Stdlib::IP::Address] $guest_addresses = ['127.0.0.1', '::1'],
 ) {
   $now = Timestamp()
   $date = $now.strftime('%F')
@@ -26,4 +31,14 @@ class roles::snapshot_db (
       | EOF
   }
 
+
+  postgres::cluster::hba_entry { 'snapshot-guest':
+    pg_port  => $db_port,
+    database => 'snapshot',
+    user     => 'guest',
+    address  => $guest_addresses,
+    method   => 'trust',
+  }
+
+
 }
-- 
2.20.1