aboutsummaryrefslogtreecommitdiff
path: root/files
diff options
context:
space:
mode:
Diffstat (limited to 'files')
-rw-r--r--files/etc/pam.d/postgresql.postgresql_server2
-rw-r--r--files/var/db/postgres/data16/pg_hba.conf.postgresql_server5
-rw-r--r--files/var/db/postgres/data16/pg_ident.conf.postgresql_server3
-rw-r--r--files/var/db/postgres/data16/postgresql.conf.postgresql_server43
4 files changed, 53 insertions, 0 deletions
diff --git a/files/etc/pam.d/postgresql.postgresql_server b/files/etc/pam.d/postgresql.postgresql_server
new file mode 100644
index 0000000..8475a53
--- /dev/null
+++ b/files/etc/pam.d/postgresql.postgresql_server
@@ -0,0 +1,2 @@
+auth required /usr/local/lib/security/pam_krb5.so try_first_pass keytab=${postgres_keytab} no_ccache ignore_k5login no_update_user minimum_uid=0
+account required pam_permit.so
diff --git a/files/var/db/postgres/data16/pg_hba.conf.postgresql_server b/files/var/db/postgres/data16/pg_hba.conf.postgresql_server
new file mode 100644
index 0000000..0e98783
--- /dev/null
+++ b/files/var/db/postgres/data16/pg_hba.conf.postgresql_server
@@ -0,0 +1,5 @@
+# TYPE DATABASE USER ADDRESS METHOD
+local all postgres peer map=postgres
+local all all peer
+hostgssenc all all all gss include_realm=0 krb_realm=${realm}
+hostssl all all all pam
diff --git a/files/var/db/postgres/data16/pg_ident.conf.postgresql_server b/files/var/db/postgres/data16/pg_ident.conf.postgresql_server
new file mode 100644
index 0000000..1076453
--- /dev/null
+++ b/files/var/db/postgres/data16/pg_ident.conf.postgresql_server
@@ -0,0 +1,3 @@
+# MAPNAME SYSTEM-USERNAME PG-USERNAME
+postgres postgres postgres
+postgres root postgres
diff --git a/files/var/db/postgres/data16/postgresql.conf.postgresql_server b/files/var/db/postgres/data16/postgresql.conf.postgresql_server
new file mode 100644
index 0000000..e95104f
--- /dev/null
+++ b/files/var/db/postgres/data16/postgresql.conf.postgresql_server
@@ -0,0 +1,43 @@
+listen_addresses = '*'
+max_connections = ${postgres_max_connections}
+
+krb_server_keyfile = 'FILE:${postgres_keytab}'
+krb_caseins_users = on
+
+ssl = on
+ssl_ca_file = '${ca_cert}'
+ssl_cert_file = '${postgres_tls_cert}'
+ssl_key_file = '${postgres_tls_key}'
+ssl_min_protocol_version = 'TLSv1.3'
+
+shared_buffers = '${postgres_shared_buffers}B'
+temp_buffers = '${postgres_temp_buffers}B'
+work_mem = '${postgres_work_mem}B'
+maintenance_work_mem = '${postgres_maintenance_work_mem}B'
+dynamic_shared_memory_type = posix
+
+wal_sync_method = fdatasync
+full_page_writes = off
+wal_compression = off
+wal_init_zero = off
+wal_recycle = off
+max_wal_size = 1GB
+min_wal_size = 80MB
+
+effective_cache_size = '${postgres_effective_cache_size}B'
+
+log_destination = 'syslog'
+syslog_sequence_numbers = off
+
+log_min_messages = info
+log_min_error_statement = warning
+log_line_prefix = '[%p] %q%u@%d '
+log_timezone = 'US/Eastern'
+
+datestyle = 'iso, mdy'
+timezone = 'US/Eastern'
+lc_messages = 'en_US.UTF-8'
+lc_monetary = 'en_US.UTF-8'
+lc_numeric = 'en_US.UTF-8'
+lc_time = 'en_US.UTF-8'
+default_text_search_config = 'pg_catalog.english'
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-29 03:10:40 -0500