PostgreSQL Setup
================

1. Partitioning:
/var/lib/postgresql is the storage place of the database files.


2. Package installation:
sudo apt-get install postgresql postgresql-contrib


3. Configuration:

In /etc/postgresql/*/main/pg_hba.conf:
# ====== NorNet =============================================================
hostssl all        all        10.0.0.0/8                        scram-sha-256
hostssl all        all        2001:700:4100::/48                scram-sha-256
hostssl all        all        192.168.0.0/16                    scram-sha-256
hostssl all        all        2001:700:4100:ff:ffff::/80        scram-sha-256


In /etc/postgresql/*/main/postgresql.conf:
listen_addresses = '*'

Fine tuning; add to /etc/postgresql/*/main/postgresql.conf:
# ====== NorNet =============================================================
# Tuning: https://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server
# Assuming 8192MB RAM here!
shared_buffers       = 2048MB   # 1/4 of RAM
effective_cache_size = 4096MB   # 1/2 of RAM
checkpoint_timeout   = 15min
autovacuum           = on

work_mem             = 32MB
maintenance_work_mem = 64MB


NOTE:
The example below assumes hostname rolfsbukta.alpha.test, with TLS key file
rolfsbukta.alpha.test.key and certificate file rolfsbukta.alpha.test.crt!

Change in /etc/postgresql/*/main/postgresql.conf:
# ====== NorNet =============================================================
ssl                       = on
ssl_ciphers               = 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256'
ssl_prefer_server_ciphers = on
password_encryption       = scram-sha-256
ssl_ca_file               = '/etc/ssl/NorNet-CA-Simula-chain.pem'
ssl_cert_file             = '/etc/ssl/rolfsbukta.alpha.test.crt'
ssl_key_file              = '/etc/ssl/rolfsbukta.alpha.test.key'
