-rule adduser log-"$sv"\
+ # DOC: http://wiki.postgresql.org/wiki/Shared_Database_Hosting
+rule apt_get_install postgresql-9.1
+rule insserv_remove postgresql
+rule adduser postgres \
--disabled-login \
--disabled-password \
--group \
- --home /home/postgresql/log/9.1/main \
+ --home /home/postgresql \
--shell /bin/false \
--system
-sudo install -d -m 770 -o log-"$sv" -g log-"$sv" \
- /home/postgresql/log
+rule adduser postgres-data \
+ --disabled-login \
+ --disabled-password \
+ --group \
+ --home /home/postgresql/data \
+ --no-create-home \
+ --shell /bin/false \
+ --system
+sudo usermod --home /home/postgresql postgres
+sudo adduser postgres postgres-data
+sudo rm -rf \
+ /etc/postgresql
+sudo install -d -m 1751 -o postgres -g postgres-data \
+ /home/postgresql \
+ /home/postgresql/etc \
+ /home/postgresql/bin \
+ /etc/postgresql \
+ /etc/postgresql/9.1 \
+ /etc/postgresql/9.1/main
+sudo ln -fns \
+ /etc/postgresql \
+ /home/postgresql/etc/postgresql
+
+if sudo test ! -d /home/postgresql/data
+ then
+ sudo install -d -m 750 -o postgres -g postgres \
+ /home/postgresql/data
+ sudo -u postgres pg_createcluster \
+ --datadir=/home/postgresql/data \
+ --logfile=/home/postgresql/log/9.1/main/cluster.log \
+ --socketdir=/run/postgresql \
+ 9.1 main
+ fi
+
+sudo install -m 640 -o postgres -g postgres /dev/stdin \
+ /etc/postgresql/9.1/main/pg_ctl.conf <<-EOF
+ pg_ctl_options = ''
+ EOF
+sudo install -m 640 -o postgres -g postgres /dev/stdin \
+ /etc/postgresql/9.1/main/pg_ident.conf <<-EOF
+ # MAPNAME SYSTEM-USERNAME PG-USERNAME
+ EOF
+sudo install -m 640 -o postgres -g postgres /dev/stdin \
+ /etc/postgresql/9.1/main/start.conf <<-EOF
+ EOF
+sudo install -m 640 -o postgres -g postgres /dev/stdin \
+ /etc/postgresql/9.1/main/pg_hba.conf <<-EOF
+ local all postgres peer
+ local all all peer
+ EOF
+sudo install -m 640 -o postgres -g postgres-data \
+ "$tool"/etc/postgresql/9.1/main/postgresql.conf \
+ /etc/postgresql/9.1/main/postgresql.conf
+sudo find "$tool"/etc/postgresql/bin/ -type f -perm /+x -exec \
+ install -m 755 -o root -g root \
+ -t /home/postgresql/bin/ {} +
+
+sudo sv -w 1 start /etc/sv/postgres
+while ! sudo -u postgres psql </dev/null
+do sleep 1; done
+# NOTE: supprime l'accès au schéma public depuis public,
+# de sorte à ce que les différents utilisateurices
+# ne voient pas leurs bases de données entre-elleux ;
+sudo -u postgres psql template1 -a -f - <<-EOF
+ \set ON_ERROR_STOP on
+ REVOKE ALL ON DATABASE template1 FROM public;
+ REVOKE ALL ON SCHEMA public FROM public;
+ GRANT ALL ON SCHEMA public TO postgres;
+ EOF
+# NOTE: ajoute le support de PL/PGSQL s'il ne l'est pas déjà.
+sudo -u postgres psql template1 -a -f - <<-EOF
+ \set ON_ERROR_STOP on
+ CREATE OR REPLACE FUNCTION create_language_plpgsql()
+ RETURNS BOOLEAN AS \$\$
+ CREATE LANGUAGE plpgsql;
+ SELECT TRUE;
+ \$\$ LANGUAGE SQL;
+ SELECT CASE WHEN NOT (
+ SELECT TRUE AS exists
+ FROM pg_language
+ WHERE lanname = 'plpgsql'
+ UNION
+ SELECT FALSE AS exists
+ ORDER BY exists DESC
+ LIMIT 1
+ )
+ THEN
+ create_language_plpgsql()
+ ELSE
+ FALSE
+ END AS plpgsql_created;
+ DROP FUNCTION create_language_plpgsql();
+ EOF
+# NOTE: supprime l'accès à la liste des bases données
+# et utilisateurices depuis public.
+sudo -u postgres psql template1 -a -f - <<-EOF
+ \set ON_ERROR_STOP on
+ REVOKE ALL ON pg_auth_members FROM public;
+ REVOKE ALL ON pg_authid FROM public;
+ REVOKE ALL ON pg_database FROM public;
+ REVOKE ALL ON pg_group FROM public;
+ REVOKE ALL ON pg_roles FROM public;
+ REVOKE ALL ON pg_settings FROM public;
+ REVOKE ALL ON pg_tablespace FROM public;
+ REVOKE ALL ON pg_user FROM public;
+ EOF
dépôts / lhc / ateliers.git / blobdiff