From 8d8f5da98b649b86866e3b257bf7e29e16991819 Mon Sep 17 00:00:00 2001
From: Paul Lecuq <paul@paulbsd.com>
Date: Wed, 27 Jul 2022 23:49:02 +0200
Subject: [PATCH] updated postgresql state

---
 states/postgresql/config.sls               | 20 ++++++++++++
 states/postgresql/databases.sls            |  3 +-
 states/postgresql/defaults.yaml            |  6 ++++
 states/postgresql/init.sls                 |  1 +
 states/postgresql/map.jinja                |  4 ++-
 states/postgresql/templates/pg_hba.conf.j2 | 36 ++++++++++++++++++++++
 states/postgresql/users.sls                |  2 +-
 7 files changed, 69 insertions(+), 3 deletions(-)
 create mode 100644 states/postgresql/config.sls
 create mode 100644 states/postgresql/templates/pg_hba.conf.j2

diff --git a/states/postgresql/config.sls b/states/postgresql/config.sls
new file mode 100644
index 0000000..e8425f8
--- /dev/null
+++ b/states/postgresql/config.sls
@@ -0,0 +1,20 @@
+---
+{%- from "postgresql/map.jinja" import postgresql with context %}
+postgresql-config-main:
+  file.keyvalue:
+    - name: {{ postgresql.configpath }}/postgresql.conf
+    - key_values: {{ postgresql.config.main }}
+    - separator: ' = '
+    - uncomment: '# '
+    - key_ignore_case: True
+    - append_if_not_found: True
+    - watch_in:
+      - service: postgresql-service
+
+postgresql-config-hba:
+  file.managed:
+    - name: {{ postgresql.configpath }}/pg_hba.conf
+    - source: salt://postgresql/templates/pg_hba.conf.j2
+    - template: jinja
+    - watch_in:
+      - service: postgresql-service
diff --git a/states/postgresql/databases.sls b/states/postgresql/databases.sls
index 3115829..c9e2481 100644
--- a/states/postgresql/databases.sls
+++ b/states/postgresql/databases.sls
@@ -7,9 +7,10 @@ postgresql-database-{{ database.name }}:
     - owner: {{ database.user }}
     - db_user: postgres
     - template: template0
-    - encoding: {{ database.encoding }}
+    - encoding: {{ database.encoding|default("UTF8") }}
     - lc_collate: {{ database.collate|default("en_US.UTF-8") }}
     - lc_ctype: {{ database.ctype|default("en_US.UTF-8") }}
+    - db_port: {{ postgresql.config.main.port|default(5432) }}
     - require:
       - postgres_user: postgresql-user-{{ database.user }}
 {% endfor %}
diff --git a/states/postgresql/defaults.yaml b/states/postgresql/defaults.yaml
index f1a9d07..23c1b14 100644
--- a/states/postgresql/defaults.yaml
+++ b/states/postgresql/defaults.yaml
@@ -11,4 +11,10 @@ postgresql:
   databases:
     - name: postgres
       user: postgres
+  configpath: /etc/postgresql/13/main
+  config:
+    main:
+      listen_addresses: "'*'"
+      port: 5433
+      max_connections: 100
   users: []
diff --git a/states/postgresql/init.sls b/states/postgresql/init.sls
index 816d696..8b71d44 100644
--- a/states/postgresql/init.sls
+++ b/states/postgresql/init.sls
@@ -1,6 +1,7 @@
 ---
 include:
   - .install
+  - .config
   - .service
   - .users
   - .databases
diff --git a/states/postgresql/map.jinja b/states/postgresql/map.jinja
index cc6d1c5..080abe7 100644
--- a/states/postgresql/map.jinja
+++ b/states/postgresql/map.jinja
@@ -2,4 +2,6 @@
 
 {%- set defaults = salt['grains.filter_by'](default_settings, default='postgresql') -%}
 
-{%- set postgresql = salt['pillar.get']('postgresql', default=defaults, merge=True) -%}
\ No newline at end of file
+{%- set postgresql = salt['pillar.get']('postgresql', default=defaults, merge=True) -%}
+
+{%- set net = salt['pillar.get']('net') -%}
\ No newline at end of file
diff --git a/states/postgresql/templates/pg_hba.conf.j2 b/states/postgresql/templates/pg_hba.conf.j2
new file mode 100644
index 0000000..9749d4c
--- /dev/null
+++ b/states/postgresql/templates/pg_hba.conf.j2
@@ -0,0 +1,36 @@
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
+{%- from "postgresql/map.jinja" import net with context %}
+
+### Replication via repmgr
+local   replication   repmgr                                              trust
+{%- for key, value in net.ipv4_networks.items() %}
+host    replication     repmgr          {{ value.ip }}/{{ value.mask }}   trust     # {{ key }}
+{%- endfor %}
+{%- for key, value in net.ipv6_networks.items() %}
+host    replication     repmgr          {{ value.ip }}/{{ value.mask }}   trust     # {{ key }}
+{%- endfor %}
+
+local   repmgr          repmgr                                            trust
+{%- for key, value in net.ipv4_networks.items() %}
+host    repmgr          repmgr          {{ value.ip }}/{{ value.mask }}   trust     # {{ key }}
+{%- endfor %}
+{%- for key, value in net.ipv6_networks.items() %}
+host    repmgr          repmgr          {{ value.ip }}/{{ value.mask }}   trust     # {{ key }}
+{%- endfor %}
+
+### Basic auth for users
+{%- for key, value in net.ipv4_networks.items() %}
+host    all             all             {{ value.ip }}/{{ value.mask }}   md5     # {{ key }}
+{%- endfor %}
+{%- for key, value in net.ipv6_networks.items() %}
+host    all             all             {{ value.ip }}/{{ value.mask }}   md5     # {{ key }}
+{%- endfor %}
+
+
+local   all             postgres                                          peer
+local   all             all                                               peer
+host    all             all             127.0.0.1/32                      md5
+host    all             all             ::1/128                           md5
+local   replication     all                                               peer
+host    replication     all             127.0.0.1/32                      md5
+host    replication     all             ::1/128                           md5
diff --git a/states/postgresql/users.sls b/states/postgresql/users.sls
index fdc6abd..ee659d1 100644
--- a/states/postgresql/users.sls
+++ b/states/postgresql/users.sls
@@ -9,5 +9,5 @@ postgresql-user-{{ user.name }}:
     {%- endif %}
     - login: {{ user.login|default(true) }}
     - superuser: {{ user.superuser|default(false) }}
-    - db_user: postgres
+    - db_port: {{ postgresql.config.main.port|default(5432) }}
 {% endfor %}