6adb910e1b
Merge pull request 'Chef base role improvements' (#184) from feature/unattended_upgrades_and_vim into master
f55fc71765
Merge pull request 'Bootstrap draco.kosmos.org' (#185) from feature/175-draco_bootstrap into master
Blog post about setting up trusts or foundations for DAOs: DAO or Die: How to Fully Decentralize the Off-chain Governance of Your Crypto Project
At least it's half the LOC. Looks much better to me.
However, I don't quite understand why it still has to be searching for every single app. Isn't there an easier way to know that a machine has roles that require postgres access?
It's not about looking good, it's about adding unnecessary complexities and code.
I didn't mean replication per se, but all Hetzner machines would definitely be replicas for now anyway.
I mean that any of our Hetzner machines should be able to connect to the Posgtgres server anyway. The actual authentication is then the username/password for the database, and doesn't require whitelisting the host per database.
I find it rather complicated that we should specifically allow PostgreSQL access per app and database, instead of allowing our own servers to connect to the primary by default. Why wouldn't a replica be allowed to connect to the primary just because it's a replica? It does that for replication anyway, and thus should needs access to all databases in the first place.
81403b7cb9
Merge pull request 'Fix PostgreSQL replica config with encrypted data directory' (#179) from bugfix/postgres_issues into master
