il/ilnmors-homelab
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.0.0 Release IaaS

Browse Source
This commit is contained in:
Il Lee
2026-03-15 04:41:02 +09:00
commit a7365da431
292 changed files with 36059 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config/services/containers/infra/postgresql/config/pg_hba.conf.j2
+28
View File
@@ -0,0 +1,28 @@
# @authcomment@
# TYPE DATABASE USER ADDRESS METHOD
# Local host `trust`
local all all trust
# Local monitoring connection (host - infra VM) `trust`
hostssl postgres alloy {{ hostvars['fw']['network4']['infra']['server'] }}/32 trust
hostssl postgres alloy {{ hostvars['fw']['network6']['infra']['server'] }}/128 trust
hostssl postgres alloy {{ hostvars['fw']['network4']['subnet']['lla'] }} trust
hostssl postgres alloy {{ hostvars['fw']['network6']['subnet']['lla'] }} trust
# Local connection (in postgresql container) needs password (127.0.0.1 - container loopback)
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256
# Local connection (host - infra VM) needs password (169.254.1.0/24 - link_local subnet for containers in pasta mode)
hostssl all all {{ hostvars['fw']['network4']['infra']['server'] }}/32 scram-sha-256
hostssl all all {{ hostvars['fw']['network6']['infra']['server'] }}/128 scram-sha-256
hostssl all all {{ hostvars['fw']['network4']['subnet']['lla'] }} scram-sha-256
hostssl all all {{ hostvars['fw']['network6']['subnet']['lla'] }} scram-sha-256
# auth VM
hostssl all all {{ hostvars['fw']['network4']['auth']['server'] }}/32 scram-sha-256
hostssl all all {{ hostvars['fw']['network6']['auth']['server'] }}/128 scram-sha-256
# app VM (Applications, 192.168.10.13)
hostssl all all {{ hostvars['fw']['network4']['app']['server'] }}/32 scram-sha-256
hostssl all all {{ hostvars['fw']['network6']['app']['server'] }}/128 scram-sha-256
config/services/containers/infra/postgresql/config/postgresql.conf.j2
+41
View File
@@ -0,0 +1,41 @@
#------------------------------------------------------------------------------
# CUSTOMIZED OPTIONS
#------------------------------------------------------------------------------
# Add settings for extensions here
# Listen_address
listen_addresses = '*'
# Max connections
max_connections = 250
# listen_port
port = 5432
# SSL
ssl = on
ssl_ca_file = '/etc/ssl/postgresql/ilnmors_root_ca.crt'
ssl_cert_file = '/etc/ssl/postgresql/postgresql.crt'
ssl_key_file = '/etc/ssl/postgresql/postgresql.key'
ssl_ciphers = 'HIGH:!aNULL:!MD5'
ssl_prefer_server_ciphers = on
# log
log_destination = 'stderr'
log_checkpoints = on
log_temp_files = 0
log_min_duration_statement = 500
# IO
track_io_timing = on
## immich_config
shared_preload_libraries = 'vchord.so'
search_path = '"$user", public'
max_wal_size = 5GB
shared_buffers = 512MB
wal_compression = on
work_mem = 16MB
autovacuum_vacuum_scale_factor = 0.1
autovacuum_analyze_scale_factor = 0.05
autovacuum_vacuum_cost_limit = 1000
effective_io_concurrency = 200
random_page_cost = 1.2