add unix socket for postgres

2025-08-08 10:17:01 +02:00 · 2025-08-08 10:17:01 +02:00 · 2289379ad5
commit 2289379ad5
parent 2054a68af0
9 changed files with 32 additions and 29 deletions
--- a/lib/data/templates/postgres/pg_hba.conf.erb
+++ b/lib/data/templates/postgres/pg_hba.conf.erb
@ -0,0 +1,3 @@
+local      all             all                                     peer
+#hostssl    all             all             0.0.0.0/0               scram-sha-256
+host       all             all             127.0.0.1/32            trust
--- a/lib/data/templates/postgres/postgres.service.erb
+++ b/lib/data/templates/postgres/postgres.service.erb
@ -0,0 +1,36 @@
+[Unit]
+Description=PostgreSQL <%= version %>
+After=network.target
+
+[Service]
+Type=notify
+#Type=simple
+
+User=postgres
+Group=services
+
+ExecStart=<%= postgres_bin %> -D <%= database_dir %>
+
+StandardOutput=journal
+StandardError=journal
+
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=mixed
+TimeoutSec=300
+Restart=on-failure
+NotifyAccess=all
+
+# Security
+#ProtectSystem=full
+#ProtectHome=true
+ReadWritePaths=<%= database_dir %>
+
+# PrivateTmp=true
+NoNewPrivileges=true
+
+# Resource Limits
+LimitNOFILE=65536
+
+[Install]
+WantedBy=multi-user.target
+
--- a/lib/data/templates/postgres/postgresql.conf.erb
+++ b/lib/data/templates/postgres/postgresql.conf.erb
@ -0,0 +1,57 @@
+
+#data_directory = '/var/lib/postgresql/15/main'
+#hba_file = '/etc/postgresql/15/main/pg_hba.conf'
+#ident_file = '/etc/postgresql/15/main/pg_ident.conf'
+
+
+#listen_addresses = 'localhost'
+listen_addresses = '*'
+port = 5432
+max_connections = 100
+#unix_socket_directories = '<%= unix_socket %>'
+unix_socket_directories = '/tmp'
+password_encryption = scram-sha-256
+
+### TODO Add support for ssl
+#ssl = on
+#
+##ssl_ca_file = ''
+#ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+##ssl_crl_file = ''
+##ssl_crl_dir = ''
+#ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
+
+
+#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
+#ssl_prefer_server_ciphers = on
+#ssl_ecdh_curve = 'prime256v1'
+#ssl_min_protocol_version = 'TLSv1.2'
+#ssl_max_protocol_version = ''
+#ssl_dh_params_file = ''
+#ssl_passphrase_command = ''
+#ssl_passphrase_command_supports_reload = off
+
+shared_buffers = 128MB
+dynamic_shared_memory_type = posix	# the default is usually the first option
+
+max_wal_size = 1GB
+min_wal_size = 80MB
+
+log_line_prefix = '%m [%p] %q%u@%d '
+log_timezone = 'Etc/UTC'
+
+
+#cluster_name = '15/main'
+
+datestyle = 'iso, mdy'
+timezone = 'Etc/UTC'
+lc_messages = 'C.UTF-8'
+lc_monetary = 'C.UTF-8'
+lc_numeric = 'C.UTF-8'
+lc_time = 'C.UTF-8'
+
+default_text_search_config = 'pg_catalog.english'
+
+# include files ending in '.conf' from
+# include_dir = 'conf.d'
+