configure hba rules separately

python-discord · May 16, 2024 · f7f5e4d · f7f5e4d
1 parent 77c98f4
commit f7f5e4d
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/ansible/roles/postgres/tasks/main.yml b/ansible/roles/postgres/tasks/main.yml
@@ -49,10 +49,10 @@
     insertafter: "# Put your actual configuration here"
     marker: "# {mark} ANSIBLE MANAGED HBA CONF BLOCK"
     block: |
-      {% for db in postgres_databases %}
-      host    {{ db.name }}    {{ db.owner }}    all    scram-sha-256
+      {% for rule in postgres_hba_rules %}
+      {{ rule.conn_type }}    {{ rule.database }}    {{ rule.user }}    {{ rule.address }}    {{ rule.method }}
       {% endfor %}
-  loop: "{{ postgres_databases }}"
+  loop: "{{ postgres_hba_rules }}"
   notify:
     - Reload the postgres service
   tags:

diff --git a/ansible/roles/postgres/vars/main/main.yml b/ansible/roles/postgres/vars/main/main.yml
@@ -13,6 +13,20 @@ postgres_users:
       - pg_read_all_data
 
 
+postgres_hba_rules:
+  - conn_type: host
+    database: pinnwand
+    user: pinnwand
+    address: all
+    method: scram-sha-256
+
+  - conn_type: host
+    database: all
+    user: blackbox
+    address: all
+    method: scram-sha-256
+
+
 postgres_databases:
   - name: pinnwand
     owner: pinnwand