From 409fef1150286af5754997f7ec996ce99ab1c9e6 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 29 Sep 2019 11:00:37 +0200
Subject: [PATCH] First attempt to configure pg_hba of the bacula cluster

We will want to split this and hardcode less in the future.
---
 .../nodes/postgresql-manda-01.debian.org.yaml |  1 +
 .../manifests/postgresql/cluster_bacula.pp    | 40 +++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 modules/roles/manifests/postgresql/cluster_bacula.pp

diff --git a/data/nodes/postgresql-manda-01.debian.org.yaml b/data/nodes/postgresql-manda-01.debian.org.yaml
index b640495d6..c1b01ac2b 100644
--- a/data/nodes/postgresql-manda-01.debian.org.yaml
+++ b/data/nodes/postgresql-manda-01.debian.org.yaml
@@ -1,3 +1,4 @@
 ---
 classes:
   - roles::postgresql::server
+  - roles::postgresql::cluster_bacula
diff --git a/modules/roles/manifests/postgresql/cluster_bacula.pp b/modules/roles/manifests/postgresql/cluster_bacula.pp
new file mode 100644
index 000000000..af277cc91
--- /dev/null
+++ b/modules/roles/manifests/postgresql/cluster_bacula.pp
@@ -0,0 +1,40 @@
+#
+# postgresql bacula cluster
+#
+class roles::postgresql::cluster_bacula {
+  $pg_port = 5432
+  $pg_cluster = 'bacula'
+  $pg_version = '11'
+
+  postgres::cluster { 'bacula':
+    pg_version => $pg_version,
+    pg_cluster => $pg_cluster,
+    pg_port    => $pg_port,
+    manage_hba => true,
+  }
+  postgres::cluster::hba_entry { 'bacula-dir':
+    pg_version => $pg_version,
+    pg_cluster => $pg_cluster,
+    pg_port    => $pg_port,
+    database   => 'bacula',
+    user       => ['bacula', 'bacula-dinis-reader', 'nagios'],
+    address    => ['82.195.75.77', '2001:41b8:202:deb::311:77'],
+  }
+  postgres::cluster::hba_entry { 'bacula-sd':
+    pg_version => $pg_version,
+    pg_cluster => $pg_cluster,
+    pg_port    => $pg_port,
+    database   => 'bacula',
+    user       => 'bacula-storace-reader',
+    address    => ['93.94.130.161', '2a02:158:380:280::161'],
+  }
+
+  postgres::cluster::hba_entry { 'replication':
+    pg_version => $pg_version,
+    pg_cluster => $pg_cluster,
+    pg_port    => $pg_port,
+    database   => 'replication',
+    user       => 'debian-backup',
+    address    => ['5.153.231.12', '2001:41c8:1000:21::21:12', '93.94.130.161', '2a02:158:380:280::161'],
+  }
+}
-- 
2.20.1