From 69fbca96ab24541d41948e7be73dd6eed310da83 Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Thu, 19 Jan 2023 15:09:19 +0100
Subject: [PATCH] fix hba generation

---
 defaults/main.yml        |  7 +++++++
 templates/pg_hba.conf.j2 | 17 +++++++++--------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 39beaf7..218d078 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,3 +8,10 @@ postgresql:
   allowed_hosts: {}
   dbs: {}
   users: {}
+
+default_allowed_hosts:
+  type: 'host'
+  database: 'all'
+  user: 'all'
+  source_net: 'all'
+  auth: 'md5'
diff --git a/templates/pg_hba.conf.j2 b/templates/pg_hba.conf.j2
index c657f2d..0bcff02 100644
--- a/templates/pg_hba.conf.j2
+++ b/templates/pg_hba.conf.j2
@@ -1,13 +1,14 @@
-{% for group in postgresql.allowed_hosts %}
-# {{ group }}
-{% for item in postgresql.allowed_hosts[group] %}
-{{ item.type | default('host') }}	{{ item.database | default('all') }}	{{ item.user | default('all') }}	{{ item.source_net | default('all') }}	{{ item.auth | default('md5') }}
-{% endfor %}
-
-
-{% endfor %}
+# {{ ansible_managed }}
 
+# admin and local access
 local	all	postgres	peer
 local	all	all		peer
 host	all	all		127.0.0.1/32	md5
 host	all	all		::1/128		md5
+
+{% for rulename in postgresql.allowed_hosts %}
+{% set item = default_allowed_hosts|combine(postgresql.allowed_hosts[rulename]) %}
+# Rule "{{ rulename }}"
+{{ item.type }}	{{ item.database }}	{{ item.user }}	{{ item.source_net }}	{{ item.auth }}
+
+{% endfor %}