From fb78bacc12b204be6aab966a404eadb9403b9f7c Mon Sep 17 00:00:00 2001
From: Keith Whyte <keith@rhizomatica.org>
Date: Wed, 23 Jun 2021 00:06:19 +0200
Subject: [PATCH] Allow remote access to Postgres based on hiera param

Also always update the rhizomatica role password if it has changed
---
 modules/rhizo_base/manifests/postgresql.pp | 25 ++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/modules/rhizo_base/manifests/postgresql.pp b/modules/rhizo_base/manifests/postgresql.pp
index 0b90ba1..f14f86c 100644
--- a/modules/rhizo_base/manifests/postgresql.pp
+++ b/modules/rhizo_base/manifests/postgresql.pp
@@ -21,12 +21,27 @@ class rhizo_base::postgresql::common {
   $pgsql_user = $rhizo_base::pgsql_user
   $pgsql_pwd  = $rhizo_base::pgsql_pwd
   $pgsql_host = $rhizo_base::pgsql_host
-  
+
   postgresql::server::db { $pgsql_db:
       user     => $pgsql_user,
       password => postgresql_password($pgsql_user, $pgsql_pwd),
     }
 
+  postgresql::server::role { $pgsql_user:
+      password_hash  => postgresql_password($pgsql_user, $pgsql_pwd),
+      update_password => true
+    }
+
+  if (hiera('rhizo::remote_postgres', 0) == 1) {
+
+      postgresql::server::pg_hba_rule { 'Network remote access':
+          type => 'host',
+          database => $pgsql_db,
+          user => $pgsql_user,
+          address => '10.23.100.0/24',
+          auth_method => 'md5',
+      }
+  }
 }
 
 class rhizo_base::postgresql::ubuntu inherits rhizo_base::postgresql::common {
@@ -42,11 +57,17 @@ class rhizo_base::postgresql::ubuntu inherits rhizo_base::postgresql::common {
 
 class rhizo_base::postgresql::debian inherits rhizo_base::postgresql::common {
 
+  if (hiera('rhizo::remote_postgres', 0) == 1) {
+     $listen = '*'
+  } else {
+     $listen = 'localhost'
+  }
   class { 'postgresql::globals':
       manage_package_repo => true,
       version             => '9.6',
-    }-> 
+    }->
   class { 'postgresql::server':
+      listen_addresses  => $listen,
     }
 
 }