From 2caf08d5dd9d82087c16390a34e8ab169be75369 Mon Sep 17 00:00:00 2001 From: "root@culturestrings" Date: Wed, 1 Jul 2020 08:57:05 +0000 Subject: networking: introduced $vpn_net4, $vpn_ipv5, $host_ipv4, $host_ipv6. --- public/fs/home/pgsql/data/pg_hba-conf.sh | 15 ++++++++++ public/fs/home/pgsql/data/pg_hba.conf | 16 ----------- public/fs/home/pgsql/data/pg_hba.conf.in | 16 +++++++++++ public/fs/home/pgsql/data/postgresql-conf.sh | 15 ++++++++++ public/fs/home/pgsql/data/postgresql.conf | 42 ---------------------------- public/fs/home/pgsql/data/postgresql.conf.in | 42 ++++++++++++++++++++++++++++ 6 files changed, 88 insertions(+), 58 deletions(-) create mode 100755 public/fs/home/pgsql/data/pg_hba-conf.sh delete mode 100644 public/fs/home/pgsql/data/pg_hba.conf create mode 100644 public/fs/home/pgsql/data/pg_hba.conf.in create mode 100755 public/fs/home/pgsql/data/postgresql-conf.sh delete mode 100644 public/fs/home/pgsql/data/postgresql.conf create mode 100644 public/fs/home/pgsql/data/postgresql.conf.in (limited to 'public/fs/home') diff --git a/public/fs/home/pgsql/data/pg_hba-conf.sh b/public/fs/home/pgsql/data/pg_hba-conf.sh new file mode 100755 index 0000000..a64b161 --- /dev/null +++ b/public/fs/home/pgsql/data/pg_hba-conf.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -eu + +sitezone="$1" + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +source /root/config/private/config/server.ports +source /root/config/private/config/hostinfo/${sitezone} + +sed -e 's/@vpn_net4@/'${vpn_net4}'/g' \ + -e 's/@vpn_ipv4@/'${vpn_ipv4}'/g' \ + "${cfg_srcdir}/pg_hba.conf.in" diff --git a/public/fs/home/pgsql/data/pg_hba.conf b/public/fs/home/pgsql/data/pg_hba.conf deleted file mode 100644 index 6abd582..0000000 --- a/public/fs/home/pgsql/data/pg_hba.conf +++ /dev/null @@ -1,16 +0,0 @@ -# PostgreSQL Client Authentication Configuration File -# =================================================== - -# local DATABASE USER METHOD [OPTIONS] -# host DATABASE USER ADDRESS METHOD [OPTIONS] -# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] -# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] - -local all all peer -host all all 127.0.0.1/32 scram-sha-256 -host all all 10.8.0.0/24 scram-sha-256 -host all all ::1/128 scram-sha-256 - -local replication all peer -host replication all 127.0.0.1/32 scram-sha-256 -host replication all ::1/128 scram-sha-256 diff --git a/public/fs/home/pgsql/data/pg_hba.conf.in b/public/fs/home/pgsql/data/pg_hba.conf.in new file mode 100644 index 0000000..07fef10 --- /dev/null +++ b/public/fs/home/pgsql/data/pg_hba.conf.in @@ -0,0 +1,16 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== + +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] + +local all all peer +host all all 127.0.0.1/32 scram-sha-256 +host all all @vpn_net4@/24 scram-sha-256 +host all all ::1/128 scram-sha-256 + +local replication all peer +host replication all 127.0.0.1/32 scram-sha-256 +host replication all ::1/128 scram-sha-256 diff --git a/public/fs/home/pgsql/data/postgresql-conf.sh b/public/fs/home/pgsql/data/postgresql-conf.sh new file mode 100755 index 0000000..2a6a6e1 --- /dev/null +++ b/public/fs/home/pgsql/data/postgresql-conf.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +set -eu + +sitezone="$1" + +cfg_script="$0" +cfg_srcdir=$(cd -- "${cfg_script%/*}/" ; pwd -P) + +source /root/config/private/config/server.ports +source /root/config/private/config/hostinfo/${sitezone} + +sed -e 's/@vpn_net4@/'${vpn_net4}'/g' \ + -e 's/@vpn_ipv4@/'${vpn_ipv4}'/g' \ + "${cfg_srcdir}/postgresql.conf.in" diff --git a/public/fs/home/pgsql/data/postgresql.conf b/public/fs/home/pgsql/data/postgresql.conf deleted file mode 100644 index 45d0eab..0000000 --- a/public/fs/home/pgsql/data/postgresql.conf +++ /dev/null @@ -1,42 +0,0 @@ -listen_addresses = 'localhost, 10.8.0.1' -port = 5432 -max_connections = 128 -superuser_reserved_connections = 16 - -password_encryption = scram-sha-256 -db_user_namespace = off -row_security = on - -shared_buffers = 256MB -huge_pages = on -temp_buffers = 8MB -max_prepared_transactions = 0 - -work_mem = 16MB -maintenance_work_mem = 512MB -replacement_sort_tuples = 150000 -autovacuum_work_mem = -1 -max_stack_depth = 4MB -dynamic_shared_memory_type = posix - -log_destination = 'stderr' -logging_collector = on - -log_directory = 'log' -log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' -log_file_mode = 0600 -log_truncate_on_rotation = off -log_rotation_age = 1d -log_rotation_size = 10MB -log_line_prefix = '%m %d %u [%p]' - -datestyle = 'iso, mdy' -intervalstyle = 'postgres' -timezone_abbreviations = 'Default' - -lc_messages = 'en_US.UTF-8' -lc_monetary = 'en_US.UTF-8' -lc_numeric = 'en_US.UTF-8' -lc_time = 'en_US.UTF-8' - -default_text_search_config = 'pg_catalog.english' diff --git a/public/fs/home/pgsql/data/postgresql.conf.in b/public/fs/home/pgsql/data/postgresql.conf.in new file mode 100644 index 0000000..42a1c26 --- /dev/null +++ b/public/fs/home/pgsql/data/postgresql.conf.in @@ -0,0 +1,42 @@ +listen_addresses = 'localhost, @vpn_ipv4@' +port = 5432 +max_connections = 128 +superuser_reserved_connections = 16 + +password_encryption = scram-sha-256 +db_user_namespace = off +row_security = on + +shared_buffers = 256MB +huge_pages = on +temp_buffers = 8MB +max_prepared_transactions = 0 + +work_mem = 16MB +maintenance_work_mem = 512MB +replacement_sort_tuples = 150000 +autovacuum_work_mem = -1 +max_stack_depth = 4MB +dynamic_shared_memory_type = posix + +log_destination = 'stderr' +logging_collector = on + +log_directory = 'log' +log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' +log_file_mode = 0600 +log_truncate_on_rotation = off +log_rotation_age = 1d +log_rotation_size = 10MB +log_line_prefix = '%m %d %u [%p]' + +datestyle = 'iso, mdy' +intervalstyle = 'postgres' +timezone_abbreviations = 'Default' + +lc_messages = 'en_US.UTF-8' +lc_monetary = 'en_US.UTF-8' +lc_numeric = 'en_US.UTF-8' +lc_time = 'en_US.UTF-8' + +default_text_search_config = 'pg_catalog.english' -- cgit v1.2.3