OP#228 add tls file control

2025-12-08 14:32:52 +01:00
parent 58e12e6714
commit 60d9d4b237
6 changed files with 54 additions and 3 deletions
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -22,5 +22,47 @@ class confdroid_postgresql::main::files (
      content  => template('confdroid_postgresql/postgresql.conf.erb'),
      notify   => Service[$pl_service],
    }
+    if $pl_ssl_enabled == true {
+      # manage tls certs
+      ## ca.crt
+      file { $pl_ca_crt_file:
+        ensure   => file,
+        owner    => 'postgres',
+        group    => 'postgres',
+        mode     => '0400',
+        selrange => s0,
+        selrole  => object_r,
+        seltype  => postgresql_db_t,
+        seluser  => unconfined_u,
+        content  => template($pl_ca_crt_erb),
+        notify   => Service[$pl_service],
+      }
+      ## server.crt
+      file { $pl_server_crt_file:
+        ensure   => file,
+        owner    => 'postgres',
+        group    => 'postgres',
+        mode     => '0400',
+        selrange => s0,
+        selrole  => object_r,
+        seltype  => postgresql_db_t,
+        seluser  => unconfined_u,
+        content  => template($pl_server_crt_erb),
+        notify   => Service[$pl_service],
+      }
+      ## server.key
+      file { $pl_server_key_file:
+        ensure   => file,
+        owner    => 'postgres',
+        group    => 'postgres',
+        mode     => '0400',
+        selrange => s0,
+        selrole  => object_r,
+        seltype  => postgresql_db_t,
+        seluser  => unconfined_u,
+        content  => template($pl_server_key_erb),
+        notify   => Service[$pl_service],
+      }
+    }
  }
 }