From 1a6a1e0c6d823ec6065d74297527ac775416d9c5 Mon Sep 17 00:00:00 2001
From: Thierry Parmentelat <thierry.parmentelat@inria.fr>
Date: Fri, 25 May 2018 18:16:31 +0200
Subject: [PATCH] less aggressive config of pg_hba.conf that could previously
 have side-effects on other databases like myplc's

---
 systemd/sfa-db-init.sh | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/systemd/sfa-db-init.sh b/systemd/sfa-db-init.sh
index 01de2cbf..1a030fd9 100755
--- a/systemd/sfa-db-init.sh
+++ b/systemd/sfa-db-init.sh
@@ -103,11 +103,12 @@ function start () {
     postgresql_setting log_timezone "'UTC'"
 
     ######## /var/lib/pgsql/data/pg_hba.conf
-    # Disable access to all DBs from all hosts
-    sed -i -e '/^\(host\|local\)/d' $pg_hba_conf
+    # remove/recreate passwordless localhost entry
+    sed -i -e "/^local/d" $pg_hba_conf
+    echo "local all all trust" >> $pg_hba_conf
 
-    # Enable passwordless localhost access
-    echo "local all all trust" >>$pg_hba_conf
+    # Disable access to our DB from all hosts
+    sed -i -e "/^host ${SFA_DB_NAME}/d' $pg_hba_conf
     # grant access
     {
         echo "host $SFA_DB_NAME $SFA_DB_USER 127.0.0.1/32 password"
-- 
2.43.0