Feat: Add Postgres-13/14/15

Signed-off-by: Mahdi Fooladgar (professormahi) <[email protected]>

roles/postgres_hardening/defaults/main.yml

@@ -21,4 +21,4 @@ log_disconnections: "on"
 log_duration: "on"
 log_hostname: "on"
 log_directory: pg_log
-log_line_prefix: "%t %u %d %h"
+log_line_prefix: "%t %u %d %h"

roles/postgres_hardening/tasks/hardening.yml

@@ -87,14 +87,6 @@
     group: "{{ postgres_group }}"
     mode: u=rw,g=r,o=
 
-- name: Manage permissions on /etc/postgresql/<version>/main/pg_hba.conf
-  ansible.builtin.file:
-    path: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
-    state: file
-    owner: "{{ postgres_user }}"
-    group: "{{ postgres_group }}"
-    mode: u=rw,g=,o=
-
 #################################
 # POSTGRES-11/12/16 #############
 #################################
@@ -125,6 +117,18 @@
       regexp: "#?log_line_prefix\\s?="
   notify: Restart postgres
 
+#################################
+# POSTGRES-13/14/15 #############
+#################################
+- name: Secure pg_hba.conf Configuration
+  ansible.builtin.template:
+    src: templates/pg_hba.conf
+    dest: /etc/postgresql/{{ postgres_version }}/main/pg_hba.conf
+    owner: "{{ postgres_user }}"
+    group: "{{ postgres_group }}"
+    mode: u=rw,g=,o=
+  notify: Restart postgres
+
 #################################
 # POSTGRES-20 ###################
 #################################

roles/postgres_hardening/templates/pg_hba.conf

@@ -0,0 +1,5 @@
+local   all             postgres                                peer
+local   all             all                                     peer
+hostssl all             all             127.0.0.1/32            scram-sha-256
+hostssl all             all             ::1/128                 scram-sha-256
+local   replication     all                                     peer