From a80b240397796110aacea893ca51ec5d0ab7cffa Mon Sep 17 00:00:00 2001
From: admire <admire@kartoza.com>
Date: Sun, 3 Jan 2021 13:18:32 +0200
Subject: [PATCH] split conf into seperate files

---
 scripts/setup-conf.sh | 19 ++++++++++++++++---
 scripts/setup-ssl.sh  | 20 ++++++++++++--------
 scripts/setup.sh      | 10 +++-------
 3 files changed, 31 insertions(+), 18 deletions(-)

diff --git a/scripts/setup-conf.sh b/scripts/setup-conf.sh
index 5c214c8..f087b82 100644
--- a/scripts/setup-conf.sh
+++ b/scripts/setup-conf.sh
@@ -21,7 +21,11 @@ sed -i '/data_directory/d' $CONF
 echo "data_directory = '${DATADIR}'" >> $CONF
 
 # This script will setup necessary configuration to optimise for PostGIS and to enable replications
-cat >> $CONF <<EOF
+if [[  -f ${ROOT_CONF}/postgis.conf ]];then
+  rm $CONF/postgis.conf
+fi
+cat >> ${ROOT_CONF}/postgis.conf <<EOF
+port = 5432
 superuser_reserved_connections= 10
 listen_addresses = '${IP_LIST}'
 shared_buffers = ${SHARED_BUFFERS}
@@ -39,12 +43,16 @@ timezone='${TIMEZONE}'
 cron.use_background_workers = on
 EOF
 
+echo "include 'postgis.conf'" >> $CONF
 # This script will setup necessary replication settings
 
 
 
 if [[  "${REPLICATION}" =~ [Tt][Rr][Uu][Ee] && "$WAL_LEVEL" == 'logical' ]]; then
-cat >> "$CONF" <<EOF
+  if [[  -f ${ROOT_CONF}/logical_replication.conf ]];then
+    rm $CONF/logical_replication.conf
+  fi
+cat >> ${ROOT_CONF}/streaming_replication.conf <<EOF
 wal_level = ${WAL_LEVEL}
 max_wal_senders = ${PG_MAX_WAL_SENDERS}
 wal_keep_size = ${PG_WAL_KEEP_SIZE}
@@ -53,10 +61,14 @@ max_wal_size = ${WAL_SIZE}
 max_logical_replication_workers = ${MAX_LOGICAL_REPLICATION_WORKERS}
 max_sync_workers_per_subscription = ${MAX_SYNC_WORKERS_PER_SUBSCRIPTION}
 EOF
+echo "include 'logical_replication.conf'" >> $CONF
 fi
 
 if [[ "${REPLICATION}" =~ [Tt][Rr][Uu][Ee] &&  "$WAL_LEVEL" == 'replica' ]]; then
-cat >> "$CONF" <<EOF
+  if [[  -f ${ROOT_CONF}/streaming_replication.conf ]];then
+    rm $CONF/streaming_replication.conf
+  fi
+cat >> ${ROOT_CONF}/streaming_replication.conf <<EOF
 wal_level = ${WAL_LEVEL}
 archive_mode = ${ARCHIVE_MODE}
 archive_command = '${ARCHIVE_COMMAND}'
@@ -73,6 +85,7 @@ recovery_target_timeline=${TARGET_TIMELINE}
 recovery_target_action=${TARGET_ACTION}
 promote_trigger_file = '${PROMOTE_FILE}'
 EOF
+echo "include 'streaming_replication.conf'" >> $CONF
 fi
 
 echo -e $EXTRA_CONF >> $CONF
diff --git a/scripts/setup-ssl.sh b/scripts/setup-ssl.sh
index 8ce2a6f..0fa12a9 100644
--- a/scripts/setup-ssl.sh
+++ b/scripts/setup-ssl.sh
@@ -22,15 +22,19 @@ mkdir -p ${PGSTAT_TMP}
 chmod 0777 ${PGSTAT_TMP}
 
 # moved from setup.sh
-echo "ssl = true" >> $CONF
-#echo "ssl_ciphers = 'DEFAULT:!LOW:!EXP:!MD5:@STRENGTH' " >> $CONF
-#echo "ssl_renegotiation_limit = 512MB "  >> $CONF
-echo "ssl_cert_file = '${SSL_CERT_FILE}'" >> $CONF
-echo "ssl_key_file = '${SSL_KEY_FILE}'" >> $CONF
-if [ ! -z "${SSL_CA_FILE}" ]; then
-	echo "ssl_ca_file = '${SSL_CA_FILE}'                       # (change requires restart)" >> $CONF
+if [[  -f ${ROOT_CONF}/ssl.conf ]];then
+    rm $CONF/ssl.conf
 fi
-#echo "ssl_crl_file = ''" >> $CONF
 
+cat >> ${ROOT_CONF}/ssl.conf <<EOF
+ssl = true
+ssl_cert_file = '${SSL_CERT_FILE}'
+ssl_key_file = '${SSL_KEY_FILE}'
+EOF
+
+if [ ! -z "${SSL_CA_FILE}" ]; then
+	echo "ssl_ca_file = '${SSL_CA_FILE}'                       # (change requires restart)" >> ${ROOT_CONF}/ssl.conf
+fi
+echo "include 'ssl.conf'" >> $CONF
 # Put lock file to make sure conf was not reinitialized
 touch ${SETUP_LOCKFILE}
diff --git a/scripts/setup.sh b/scripts/setup.sh
index d64c2fd..f2f78c5 100755
--- a/scripts/setup.sh
+++ b/scripts/setup.sh
@@ -7,13 +7,9 @@ source /scripts/env-data.sh
 
 
 # Restrict subnet to docker private network
-echo "host    all             all             172.0.0.0/8               md5" >> $ROOT_CONF/pg_hba.conf
-# And allow access from DockerToolbox / Boottodocker on OSX
-echo "host    all             all             192.168.0.0/16               md5" >> $ROOT_CONF/pg_hba.conf
-# Listen on all ip addresses
-echo "listen_addresses = '*'" >> $CONF
-echo "port = 5432" >> $CONF
-
+echo "host    all             all             172.0.0.0/8              ${PASSWORD_AUTHENTICATION}" >> $ROOT_CONF/pg_hba.conf
+# And allow access from DockerToolbox / Boot to docker on OSX
+echo "host    all             all             192.168.0.0/16               ${PASSWORD_AUTHENTICATION}" >> $ROOT_CONF/pg_hba.conf
 
 # Create backup template for conf
 cat $CONF > $CONF.template