fix: review postgres on multiple iface

2025-11-11 11:11:47 +01:00
parent e692d4df98
commit 9f3e920d7d
5 changed files with 52 additions and 38 deletions
@@ -0,0 +1,28 @@
+# PostgreSQL Client Authentication Configuration File
+# { ansible_managed }
+# ============================================================================
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.
+
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+# "local" is for Unix domain socket connections only
+local   all             all                                     trust
+
+# IPv4 local connections:
+{% for source in postgres_firewall_allowed_sources %}
+{% if source.startswith('127.0.0.') %}
+host    all             all             {{ source }}            trust
+{% else %}
+host    all             all             {{ source }}            scram-sha-256
+{% endif %}
+{% endfor %}
+
+# IPv6 local connections:
+host    all             all             ::1/128                 trust
+
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+local   replication     all                                     trust
+host    replication     all             127.0.0.1/32            trust
+host    replication     all             ::1/128                 trust