Enable firewall rules to allow primary/replica to connect

site-cookbooks/kosmos-postgresql/recipes/default.rb

@@ -61,6 +61,18 @@ postgresql_replicas.each do |replica|
     # resource was already up to date
     notifies :reload, "service[#{postgresql_service}]", :immediately
   end
+
+  unless node.chef_environment == "development"
+    include_recipe "firewall"
+
+    firewall_rule "postgresql" do
+      port        5432
+      protocol    :tcp
+      command     :allow
+      destination replica[:ipaddress]
+    end
+  end
 end
 
-include_recipe "kosmos-postgresql::firewall"
+# TODO: We need to set up firewall rules and access rules for clients too
+# (Mastodon, ejabberd, etc)