password passwords["backup"]
end
-postgresql_user "munin" do
- cluster node[:db][:cluster]
- password passwords["munin"]
-end
-
postgresql_user "replication" do
cluster node[:db][:cluster]
password passwords["replication"]
"changeset_comments" => [:select],
"changeset_tags" => [:select],
"changesets" => [:select, :update],
- "client_applications" => [:select],
"current_node_tags" => [:select, :insert, :delete],
"current_nodes" => [:select, :insert, :update],
"current_nodes_id_seq" => [:update],
"current_way_tags" => [:select, :insert, :delete],
"current_ways" => [:select, :insert, :update],
"current_ways_id_seq" => [:update],
+ "issues" => [:select],
"node_tags" => [:select, :insert],
"nodes" => [:select, :insert],
"oauth_access_grants" => [:select],
"oauth_access_tokens" => [:select],
"oauth_applications" => [:select],
- "oauth_nonces" => [:select, :insert],
- "oauth_nonces_id_seq" => [:update],
- "oauth_tokens" => [:select],
"relation_members" => [:select, :insert],
"relation_tags" => [:select, :insert],
"relations" => [:select, :insert],
+ "reports" => [:select],
"user_blocks" => [:select],
"user_roles" => [:select],
"users" => [:select],
"ways" => :select
}.freeze
+PROMETHEUS_PERMISSIONS = {
+ "delayed_jobs" => :select
+}.freeze
+
%w[
acls
active_storage_attachments
changeset_tags
changesets
changesets_subscribers
- client_applications
current_node_tags
current_nodes
current_relation_members
oauth_access_grants
oauth_access_tokens
oauth_applications
- oauth_nonces
oauth_openid_requests
- oauth_tokens
redactions
relation_members
relation_tags
reports
schema_migrations
user_blocks
+ user_mutes
user_preferences
user_roles
- user_tokens
users
way_nodes
way_tags
"cgimap" => CGIMAP_PERMISSIONS[table],
"planetdump" => PLANETDUMP_PERMISSIONS[table],
"planetdiff" => PLANETDIFF_PERMISSIONS[table],
+ "prometheus" => PROMETHEUS_PERMISSIONS[table],
"backup" => [:select]
end
end
active_storage_variant_records_id_seq
changeset_comments_id_seq
changesets_id_seq
- client_applications_id_seq
current_nodes_id_seq
current_relations_id_seq
current_ways_id_seq
oauth_access_grants_id_seq
oauth_access_tokens_id_seq
oauth_applications_id_seq
- oauth_nonces_id_seq
oauth_openid_requests_id_seq
- oauth_tokens_id_seq
redactions_id_seq
reports_id_seq
user_blocks_id_seq
+ user_mutes_id_seq
user_roles_id_seq
- user_tokens_id_seq
users_id_seq
].each do |sequence|
postgresql_sequence sequence do
user "postgres"
sandbox true
restrict_address_families "AF_UNIX"
+ remove_ipc false
end
systemd_timer "monthly-reindex" do
user "postgres"
sandbox true
restrict_address_families "AF_UNIX"
+ remove_ipc false
end
systemd_timer "yearly-reindex" do
description "Yearly database reindex"
- on_calendar "Fri *-1-8..14 02:00"
+ on_calendar "Thu *-1-8..14 02:00"
end
service "yearly-reindex.timer" do
action [:enable, :start]
end
+
+template "/etc/prometheus/exporters/sql_rails.collector.yml" do
+ source "sql_rails.yml.erb"
+ owner "root"
+ group "root"
+ mode "0644"
+end