29 lines
1.2 KiB
Django/Jinja
29 lines
1.2 KiB
Django/Jinja
# PostgreSQL Client Authentication Configuration File
|
|
# { ansible_managed }
|
|
# ============================================================================
|
|
# This file controls: which hosts are allowed to connect, how clients
|
|
# are authenticated, which PostgreSQL user names they can use, which
|
|
# databases they can access.
|
|
|
|
# TYPE DATABASE USER ADDRESS METHOD
|
|
# "local" is for Unix domain socket connections only
|
|
local all all trust
|
|
|
|
# IPv4 local connections:
|
|
{% for source in postgres_firewall_allowed_sources %}
|
|
{% if source.startswith('127.0.0.') %}
|
|
host all all {{ source }} trust
|
|
{% else %}
|
|
host all all {{ source }} scram-sha-256
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
# IPv6 local connections:
|
|
host all all ::1/128 trust
|
|
|
|
# Allow replication connections from localhost, by a user with the
|
|
# replication privilege.
|
|
local replication all trust
|
|
host replication all 127.0.0.1/32 trust
|
|
host replication all ::1/128 trust
|