feat: Added optional postgres replication

2025-12-06 02:49:55 +00:00 · 2024-11-19 16:11:28 +01:00
parent dde435ca95
commit 2bf98e9273
4 changed files with 33 additions and 0 deletions
--- a/tasks/firewall.yml
+++ b/tasks/firewall.yml
@ -57,6 +57,15 @@
    destination_port: "{{ consensus_port }}"
    jump: ACCEPT

+- name: Allow postgres replication traffic from replica only
+  when: enable_postgres_replication
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 5432
+    source: "{{ postgres_replication_bind_address }}"
+    jump: ACCEPT
+
 - name: Set default policy to DROP
  ansible.builtin.iptables:
    chain: INPUT