# This source code is released into the public domain.
#
# Postgres doesn't support any sort of defined ACL, so instead we just add
# hostssl entries for each prefix.

POSTGRES_FILE="/var/db/postgres/pg_hba.ldap"
POSTGRES_TEMP="${POSTGRES_FILE}.ldaptmp"

if [ ! -f "$POSTGRES_FILE" ]; then
	exit 0
fi

awk <"$NETWORKS_FILE" >"$POSTGRES_TEMP" '{
	print "hostssl all all " $1 " scram-sha-256"
}'

if cmp -s "$POSTGRES_TEMP" "$POSTGRES_FILE"; then
	rm "$POSTGRES_TEMP"
	exit 0
fi

printf '%s updated:\n\n' "$POSTGRES_FILE"
diff "$POSTGRES_FILE" "$POSTGRES_TEMP"
printf '\n'

mv "$POSTGRES_TEMP" "$POSTGRES_FILE" 
/usr/sbin/service postgresql reload