- sudo service postfix restart
- }
-rule_postgresql_configure () {
- # DOC: http://wiki.postgresql.org/wiki/Shared_Database_Hosting
- rule apt_get_install postgresql-9.1
- rule adduser postgres \
- --disabled-login \
- --disabled-password \
- --group \
- --home /home/postgresql \
- --shell /bin/false \
- --system
- rule adduser postgres-data \
- --disabled-login \
- --disabled-password \
- --group \
- --home /home/postgresql/data \
- --no-create-home \
- --shell /bin/false \
- --system
- sudo usermod --home /home/postgresql postgres
- sudo adduser postgres postgres-data
- sudo rm -rf \
- /etc/postgresql
- sudo install -d -m 750 -o postgres -g postgres \
- /home/postgresql \
- /home/postgresql/etc \
- /etc/postgresql \
- /etc/postgresql/9.1 \
- /etc/postgresql/9.1/main
- sudo ln -fns \
- /etc/postgresql \
- /home/postgresql/etc/postgresql
- sudo install -d -m 751 -o postgres -g postgres \
- /home/postgresql/log \
- /home/postgresql/log/9.1
- sudo service tmpfs restart
- if sudo test ! -d /home/postgresql/data
- then
- sudo install -d -m 750 -o postgres -g postgres \
- /home/postgresql/data
- (
- cd /
- sudo -u postgres pg_createcluster \
- --datadir=/home/postgresql/data \
- --logfile=/home/postgresql/log/9.1/main \
- --socketdir=/run/postgresql/sock \
- --start 9.1 main
- )
- fi
- sudo install -m 770 -o postgres -g postgres /dev/stdin \
- /etc/postgresql/9.1/main/pg_hba.conf <<-EOF
- local all postgres peer
- local all all peer
- EOF
- sudo install -m 660 -o postgres -g postgres \
- "$tool"/etc/postgresql/9.1/main/postgresql.conf \
- /etc/postgresql/9.1/main/postgresql.conf
- sudo insserv -r postgresql
- sudo chmod ugo-x /etc/init.d/postgresql
- case $(sudo sv status postgres || true) in
- (''|run:*|*"s, normally up;"*)
- sudo sv restart postgres
- (
- cd /
- case $(sudo inotifywait -e create -- /run/postgresql/sock/) in
- ("/run/postgresql/sock/ CREATE .s.PGSQL."*)
- # NOTE:
- # - supprime l'accès au schéma public depuis public,
- # de sorte à ce que les différents utilisateurices
- # ne voient pas leurs bases de données entre-elleux ;
- # - ajoute le support de PL/PGSQL.
- sudo -u postgres psql template1 -f - <<-EOF
- REVOKE ALL ON DATABASE template1 FROM public;
- REVOKE ALL ON SCHEMA public FROM public;
- GRANT ALL ON SCHEMA public TO postgres;
- CREATE LANGUAGE plpgsql;
- EOF
- # NOTE:
- # - supprime l'accès à la liste des bases données
- # et utilisateurices depuis public.
- sudo -u postgres psql template1 -f - <<-EOF
- REVOKE ALL ON pg_auth_members FROM public;
- REVOKE ALL ON pg_authid FROM public;
- REVOKE ALL ON pg_database FROM public;
- REVOKE ALL ON pg_group FROM public;
- REVOKE ALL ON pg_roles FROM public;
- REVOKE ALL ON pg_settings FROM public;
- REVOKE ALL ON pg_tablespace FROM public;
- REVOKE ALL ON pg_user FROM public;
- EOF
- ;;
- esac
- )
- ;;
- esac
- }
-rule_postgresql_db_add () { # SYNTAX: $db $db_user
- local db="$1" db_user="$2"
- sudo -u postgresql psql template1 -f - <<-EOF
- CREATE ROLE $db NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT NOLOGIN;
- CREATE ROLE $db_user NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED;
- GRANT $db TO $db_user;
- CREATE DATABASE $db WITH OWNER=$db_user;
- REVOKE ALL ON DATABASE $db FROM public;
- EOF
- }
-rule_postgresql_db_user_add () { # SYNTAX: $db $user
- local db="$1" user="$2"
- sudo -u postgresql psql template1 -f - <<-EOF
- CREATE ROLE $user NOSUPERUSER NOCREATEDB NOCREATEROLE NOINHERIT LOGIN ENCRYPTED;
- GRANT USAGE ON SCHEMA public TO $user;
- GRANT CONNECT,TEMPORARY ON DATABASE $db TO $user;
- GRANT $db TO $user;
- EOF
- }
-rule_openerp_configure () {
- sudo install -m 660 -o root -g root /dev/stdin /etc/apt/sources.list.d/openerp.list <<-EOF
- deb http://nightly.openerp.com/trunk/nightly/deb/ ./
- EOF
- sudo apt-get update
- rule apt_get_install openerp