Define access rules in the PostgreSQL primary recipe

Access is done for the IP of a server for all users and all databases
for ejabberd and gitea

site-cookbooks/kosmos-postgresql/recipes/default.rb

@@ -27,6 +27,10 @@
 postgresql_version = "12"
 postgresql_service = "postgresql@#{postgresql_version}-main"
 
+service postgresql_service do
+  supports restart: true, status: true, reload: true
+end
+
 postgresql_custom_server postgresql_version do
   role "primary"
 end
@@ -54,6 +58,25 @@ postgresql_replicas.each do |replica|
     notifies :reload, "service[#{postgresql_service}]", :immediately
   end
 
+  gitea_servers = search(:node, "role:gitea AND chef_environment:#{node.chef_environment}") || []
+  ejabberd_servers = search(:node, "role:ejabberd AND chef_environment:#{node.chef_environment}") || []
+
+  servers = (gitea_servers + ejabberd_servers).uniq
+
+  servers.each do |server|
+    ip = ip_for(server)
+    hostname = server[:hostname]
+
+    postgresql_access "#{hostname} all" do
+      access_type "host"
+      access_db "all"
+      access_user "all"
+      access_addr "#{ip}/32"
+      access_method "md5"
+      notifies :reload, "service[#{postgresql_service}]", :immediately
+    end
+  end
+
   unless node.chef_environment == "development"
     include_recipe "firewall"