Add option to set trusted hostname for db connections

For improved security, it's useful to be able to limit which host can
connect to the database (by setting POSTGRES_ALLOW_HOST to ip or name
instead of 'all')

db/Dockerfile

@@ -3,6 +3,7 @@ MAINTAINER Piero Toffanin <pt@masseranolabs.com>
 
 ENV POSTGRES_PASSWORD postgres
 ENV POSTGRES_HOST_AUTH_METHOD trust
+ENV POSTGRES_ALLOW_HOST all
 ENV GOSU_VERSION 1.12
 ENV PG_MAJOR 9.5
 ENV PG_VERSION 9.5.25

db/docker-entrypoint.sh

@@ -222,6 +222,7 @@ docker_setup_env() {
 }
 
 # append POSTGRES_HOST_AUTH_METHOD to pg_hba.conf for "host" connections
+# set POSTGRES_ALLOW_HOST to limit trusted hosts, can be ip or domain, default is "all"
 pg_setup_hba_conf() {
 	{
 		echo
@@ -229,7 +230,7 @@ pg_setup_hba_conf() {
 			echo '# warning trust is enabled for all connections'
 			echo '# see https://www.postgresql.org/docs/12/auth-trust.html'
 		fi
-		echo "host all all all $POSTGRES_HOST_AUTH_METHOD"
+		echo "host all all $POSTGRES_ALLOW_HOST $POSTGRES_HOST_AUTH_METHOD"
 	} >> "$PGDATA/pg_hba.conf"
 }