From 5ea5230644e663ffc58f802983ce424478485a9e Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Sun, 2 Oct 2022 13:18:47 +0200
Subject: [PATCH] add options to restrict source ips in pg_hba.conf

---
 defaults/main.yml        | 1 +
 templates/pg_hba.conf.j2 | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 39beaf7..3cde4aa 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -6,5 +6,6 @@ postgresql:
   max_connections: 100
   shared_buffers: 128MB
   allowed_hosts: {}
+  listen_addresses: 'localhost'
   dbs: {}
   users: {}
diff --git a/templates/pg_hba.conf.j2 b/templates/pg_hba.conf.j2
index a1f9ddf..c657f2d 100644
--- a/templates/pg_hba.conf.j2
+++ b/templates/pg_hba.conf.j2
@@ -1,7 +1,7 @@
 {% for group in postgresql.allowed_hosts %}
 # {{ group }}
 {% for item in postgresql.allowed_hosts[group] %}
-{{ item.type | default('host') }}	{{ item.database | default('all') }}	{{ item.user | default('all') }}	{{ item.auth | default('md5') }}
+{{ item.type | default('host') }}	{{ item.database | default('all') }}	{{ item.user | default('all') }}	{{ item.source_net | default('all') }}	{{ item.auth | default('md5') }}
 {% endfor %}