dreamcat4-moonshadow 0.0.1

data/lib/moonshine/manifest/rails/templates/moonshine.cnf.erb

@@ -0,0 +1,63 @@
+<% log_prefix = configuration[:mysql][:log_prefix] || Facter.to_hash["hostname"] %>
+
+[client]
+default-character-set   = <%= configuration[:mysql][:default_character_set] || 'utf8' %>
+
+[mysqld]
+######### storage engine
+default-storage-engine  = <%= configuration[:mysql][:default_storage_engine] || 'innodb' %>
+
+######### character sets
+character_set_server    = <%= configuration[:mysql][:character_set_server] || 'utf8' %>
+collation_server        = <%= configuration[:mysql][:collation_server] || 'utf8_general_ci' %>
+
+######### replication
+server-id                = <%= configuration[:mysql][:server_id] || '1' %>
+auto-increment-increment = <%= configuration[:mysql][:auto_increment_increment] || '10' %>
+auto-increment-offset    = <%= configuration[:mysql][:auto_increment_offset] || configuration[:mysql][:server_id] || '1' %>
+log-bin                  = <%= configuration[:mysql][:log_bin] || "#{log_prefix}-bin" %>
+log-bin-index            = <%= configuration[:mysql][:log_bin_index] || "#{log_prefix}-bin" %>
+relay-log                = <%= configuration[:mysql][:relay_log] || "#{log_prefix}-relay" %>
+relay-log-index          = <%= configuration[:mysql][:relay_log_index] || "#{log_prefix}-relay" %>
+replicate-same-server-id = <%= configuration[:mysql][:replicate_same_server_id] || '0' %>
+
+######### innodb options
+innodb_buffer_pool_size           = <%= configuration[:mysql][:innodb_buffer_pool_size] || '128M' %>
+innodb_additional_mem_pool_size   = <%= configuration[:mysql][:innodb_additional_mem_pool_size] || '16M' %>
+innodb_data_file_path             = <%= configuration[:mysql][:innodb_data_file_path] || 'ibdata1:10M:autoextend' %>
+innodb_file_io_threads            = <%= configuration[:mysql][:innodb_file_io_threads] || '4' %>
+innodb_thread_concurrency         = <%= configuration[:mysql][:innodb_thread_concurrency] || '4' %>
+innodb_flush_log_at_trx_commit    = <%= configuration[:mysql][:innodb_flush_log_at_trx_commit] || '2' %>
+innodb_log_buffer_size            = <%= configuration[:mysql][:innodb_log_buffer_size] || '64M' %>
+innodb_log_file_size              = <%= configuration[:mysql][:innodb_log_file_size] || '80M' %>
+innodb_log_files_in_group         = <%= configuration[:mysql][:innodb_log_files_in_group] || '3' %>
+innodb_file_per_table             = <%= configuration[:mysql][:innodb_file_per_table] || '1' %>
+innodb_max_dirty_pages_pct        = <%= configuration[:mysql][:innodb_max_dirty_pages_pct] || '90' %>
+innodb_lock_wait_timeout          = <%= configuration[:mysql][:innodb_lock_wait_timeout] || '120' %>
+
+######### general
+default-time-zone     = <%= configuration[:mysql][:default_time_zone] || 'SYSTEM' %>
+connect_timeout       = <%= configuration[:mysql][:connect_timeout] || '10' %>
+back_log              = <%= configuration[:mysql][:back_log] || '50' %>
+max_connections       = <%= configuration[:mysql][:max_connections] || '25' %>
+max_connect_errors    = <%= configuration[:mysql][:max_connect_errors] || '10' %>
+table_cache           = <%= configuration[:mysql][:table_cache] || '2048' %>
+max_allowed_packet    = <%= configuration[:mysql][:max_allowed_packet] || '32M' %>
+open_files_limit      = <%= configuration[:mysql][:open_files_limit] || '1024' %>
+max_heap_table_size   = <%= configuration[:mysql][:max_heap_table_size] || '64M' %>
+join_buffer_size      = <%= configuration[:mysql][:join_buffer_size] || '4M' %>
+read_buffer_size      = <%= configuration[:mysql][:read_buffer_size] || '4M' %>
+sort_buffer_size      = <%= configuration[:mysql][:sort_buffer_size] || '8M' %>
+read_rnd_buffer_size  = <%= configuration[:mysql][:read_rnd_buffer_size] || '8M' %>
+thread_cache_size     = <%= configuration[:mysql][:thread_cache_size] || '8' %>
+thread_concurrency    = <%= configuration[:mysql][:thread_concurrency] || '8' %>
+query_cache_size      = <%= configuration[:mysql][:query_cache_size] || '128M' %>
+query_cache_limit     = <%= configuration[:mysql][:query_cache_limit] || '2M' %>
+thread_stack          = <%= configuration[:mysql][:thread_stack] || '192K' %>
+transaction_isolation = <%= configuration[:mysql][:transaction_isolation] || 'READ-COMMITTED' %>
+tmp_table_size        = <%= configuration[:mysql][:tmp_table_size] || '128M' %>
+tmpdir                = <%= configuration[:mysql][:tmpdir] || '/tmp' %>
+log_slow_queries      = <%= configuration[:mysql][:log_slow_queries] || '/var/log/mysql/slow_queries.log' %>
+long_query_time       = <%= configuration[:mysql][:long_query_time] || '5' %>
+
+<%= configuration[:mysql][:extra] %>

data/lib/moonshine/manifest/rails/templates/passenger.conf.erb

@@ -0,0 +1,106 @@
+PassengerRoot <%= configuration[:passenger][:path] %>
+PassengerRuby /usr/bin/ruby
+
+## PassengerLogLevel
+#
+# Specify how much information Phusion Passenger should write to the
+# Apache error log file. A higher log level value means that more
+# information will be logged.
+#
+#  0: Show only errors and warnings. This is the default setting.
+#  1: Show the most important debugging information. This might be useful
+#     for system administrators who are trying to figure out the cause
+#     of a problem.
+#  2: Show more debugging information. This is typically
+#     only useful for developers.
+#  3: Show even more debugging information.
+
+PassengerLogLevel <%= configuration[:passenger][:log_level] || 0 %>
+
+## PassengerUseGlobalQueue
+#
+# Recall that Phusion Passenger spawns multiple backend processes (e.g. multiple
+# Ruby on Rails processes), each which processes HTTP requests serially. One of
+# Phusion Passenger's jobs is to forward HTTP requests to a suitable backend
+# process. A backend process may take an arbitrary amount of time to process a
+# specific HTTP request. If the websites are (temporarily) under high load, and
+# the backend processes cannot process the requests fast enough, then some
+# requests may have to be queued.
+#
+# If global queuing is turned off, then Phusion Passenger will use fair load
+# balancing. This means that each backend process will have its own private
+# queue. Phusion Passenger will forward an HTTP request to the backend process
+# that has the least amount of requests in its queue.
+#
+# If global queuing is turned on, then Phusion Passenger will use a global queue
+# that's shared between all backend processes. If an HTTP request comes in, and
+# all the backend processes are still busy, then Phusion Passenger will wait
+# until at least one backend process is done, and will then forward the request
+# to that process.
+#
+# Options: <on|off>
+
+PassengerUseGlobalQueue <%= passenger_config_boolean(configuration[:passenger][:use_global_queue] || true) %>
+
+## PassengerUserSwitching
+#
+# Enable User Switching Support. This option starts your application
+# as the owner of the file config/environment.rb. The owner of
+# environment.rb must have read access to the Rails application's
+# folder, and read/write access to the Rails application's logs folder.
+# This feature is only available if Apache is started by root.
+#
+# Options: <on|off>
+
+PassengerUserSwitching <%= passenger_config_boolean(configuration[:passenger][:user_switching] || true) %>
+
+## PassengerDefaultUser
+#
+# Specify the user Passenger must run as. This option allows you
+# to specify which user your application will run as if user
+# switching fails or is disabled.
+
+PassengerDefaultUser <%= configuration[:passenger][:default_user] || configuration[:user] %>
+
+## PassengerMaxPoolSize
+#
+# Set the maximum number of application instances that can be
+# simultaneously active. A larger number results in higher
+# memory usage, but improved ability to handle concurrent HTTP clients.
+# The optimal value depends on your system's hardware and the server's
+# average load. You should experiment with different values. Generally
+# speaking, the value should be at least equal to the number of CPUs
+# (or CPU cores) that you have. If your system has 2 GB of RAM, then
+# we recommend a value of 30. If your system is a Virtual Private
+# Server (VPS) and has about 256 MB RAM, and is also running other
+# services such as MySQL, then we recommend a value of 2.
+
+PassengerMaxPoolSize <%= configuration[:passenger][:max_pool_size] || 6 %>
+
+## PassengerMaxInstancesPerApp
+#
+# Set the maximum number of application instances that may
+# be simultaneously active for a single application. This helps to
+# make sure that a single application will not occupy all available
+# slots in the application pool. This value must be less than
+# PassengerMaxPoolSize. A value of 0 means that there is no limit
+# placed on the number of instances a single application may use,
+# i.e. only the global limit of PassengerMaxPoolSize will be enforced.
+
+PassengerMaxInstancesPerApp <%= configuration[:passenger][:max_instances_per_app] || 0 %>
+
+## PassengerPoolIdleTime
+#
+# Set the maximum number of seconds that your application instance
+# may be idle. That is, if an application instance hasn't done anything
+# after the given number of seconds, then it will be shutdown in order
+# to conserve memory. Decreasing this value means that applications
+# will have to be spawned more often. Since spawning is a relatively
+# slow operation, some visitors may notice a small delay when they
+# visit your website. However, it will also free up resources used by
+# applications more quickly. The optimal value depends on the average
+# time that a visitor spends on a single Rails/Rack web page. We
+# recommend a value of 2 * x, where x is the average number of seconds
+# that a visitor spends on a single web page. But your mileage may vary.
+
+PassengerPoolIdleTime <%= configuration[:passenger][:pool_idle_time] || 300 %>

data/lib/moonshine/manifest/rails/templates/passenger.vhost.erb

@@ -0,0 +1,273 @@
+<VirtualHost *:80>
+  ServerName <%= configuration[:domain] || (Facter.to_hash["hostname"] + '.' + Facter.to_hash["domain"]) %>
+  <% if configuration[:domain_aliases] %>
+  ServerAlias <%= configuration[:domain_aliases].to_a.join(' ') %>
+  <% end %>
+<% if configuration[:ssl] && configuration[:ssl][:only] %>
+  RewriteEngine On
+  RewriteCond %{HTTPS} !=on
+  RewriteCond %{REQUEST_URI} !^/server-status
+  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
+<% else %>
+  DocumentRoot <%= configuration[:deploy_to] + "/current/public" %>
+
+  <Directory <%= configuration[:deploy_to] + "/current/public" %>>
+    Options FollowSymLinks
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+  </Directory>
+
+  <% if configuration[:apache ] && (configuration[:apache][:users] || configuration[:apache][:allow] || configuration[:apache][:deny]) %>
+  <Location / >
+    <% if configuration[:apache][:users] %>
+    authtype basic
+    authuserfile <%= configuration[:apache][:htpasswd] || "#{configuration[:deploy_to]}/shared/config/htpasswd" %>
+    authname "<%= configuration[:authname] || configuration[:domain] %>"
+    <% end %>
+    <Limit GET POST DELETE PUT>
+      order deny,allow
+      <% if configuration[:apache][:users] || configuration[:apache][:allow] %>
+      deny from all
+      <% end %>
+      <% configuration[:apache][:deny].to_a.each do |deny| %>
+      deny from <%= deny %>
+      <% end %>
+      <% configuration[:apache][:allow].to_a.each do |allow| %> 
+      allow from <%= allow %>
+      <% end %>
+      <% if configuration[:apache][:users] %>
+      require valid-user
+      <% end %>
+      Satisfy <%= configuration[:apache][:satisfy] || 'Any' %>
+    </Limit>
+  </Location>
+  <% end %>
+
+  ##
+  ## The following options are Rails specific options. They may occur
+  ## here in your VirtualHost entry or in the global configuration.
+  ##
+
+  ## RailsAutoDetect
+  #
+  # Set whether Phusion Passenger should automatically detect whether
+  # a virtual host's document root is a Ruby on Rails application.
+  # The default is on.
+  # Options: <on|off>
+
+  RailsAutoDetect <%= passenger_config_boolean(configuration[:passenger][:rails_auto_detect] || true) %>
+
+  ## RailsBaseURI
+  #
+  # Specify that the given URI is a Rails application. It is allowed to
+  # specify this option multiple times. Do this to deploy multiple
+  # Rails applications in different sub-URIs under the same virtual host.
+  <% if configuration[:passenger][:rails_base_uri] %>
+  RailsBaseURI <%= configuration[:passenger][:rails_base_uri] %>
+  <% else %>
+  # RailsBaseURI <uri>
+  <% end %>
+
+  ## RailsAllowModRewrite
+  #
+  # Passenger will not override mod_rewrite rules if this option
+  # is enabled.
+  # Options: <on|off>
+
+  RailsAllowModRewrite <%= passenger_config_boolean(configuration[:passenger][:allow_mod_rewrite] || true) %>
+
+  ## RailsEnv
+  #
+  # Use this option to specify the default RAILS_ENV value. The default
+  # setting is production.
+
+  RailsEnv <%= configuration[:passenger][:rails_env] || ENV['RAILS_ENV'] || 'production' %>
+
+  ## RailsSpawnMethod
+  #
+  # Internally, Phusion Passenger spawns multiple Ruby on Rails processes
+  # in order to handle requests. But there are multiple ways with which
+  # processes can be spawned, each having its own set of pros and cons.
+  # Supported spawn methods are:
+  #  smart
+  #    When this spawn method is used, Phusion Passenger will attempt
+  #    to cache Ruby on Rails framework code and application code for
+  #    a limited period of time.
+  #
+  #  conservative
+  #    This spawning method is similar to the one used in Mongrel Cluster.
+  #    It does not perform any code caching at all.
+
+  RailsSpawnMethod <%= configuration[:passenger][:rails_spawn_method] || 'smart' %>
+
+  # Deflate
+  AddOutputFilterByType DEFLATE text/html text/plain text/xml
+  BrowserMatch ^Mozilla/4 gzip-only-text/html
+  BrowserMatch ^Mozilla/4\.0[678] no-gzip
+  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+  RewriteEngine On
+
+  <%= configuration[:passenger][:vhost_extra] %>
+
+  # Prevent access to .git directories
+  RewriteRule ^(.*/)?\.git/ - [F,L]
+  ErrorDocument 403 "Access Forbidden"
+
+  # Check for maintenance file and redirect all requests
+  RewriteCond %{REQUEST_URI} !\.(css|jpg|png|gif)$
+  RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
+  RewriteRule ^.*$ /system/maintenance.html [L]
+
+  # Rewrite index to check for static
+  RewriteRule ^([^.]+)$ $1/index.html [QSA]
+
+  # Rewrite to check for Rails cached page
+  RewriteRule ^([^.]+)$ $1.html [QSA]
+<% end %>
+</VirtualHost>
+
+<% if configuration[:ssl] %>
+<VirtualHost <%= configuration[:ssl][:ip] || '_default_' %>:443>
+  RequestHeader set X_FORWARDED_PROTO "https"
+
+  SSLEngine on
+  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+  SSLCertificateFile    <%= configuration[:ssl][:certificate_file] || '/etc/ssl/certs/ssl-cert-snakeoil.pem' %>
+  SSLCertificateKeyFile <%= configuration[:ssl][:certificate_key_file] || '/etc/ssl/private/ssl-cert-snakeoil.key' %>
+  <% if configuration[:ssl][:certificate_chain_file] %>
+  SSLCertificateChainFile <%= configuration[:ssl][:certificate_chain_file] %>
+  <% else %>
+  # SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+  <% end %>
+
+  BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
+
+  ServerName <%= configuration[:domain] || (Facter.to_hash["hostname"] + '.' + Facter.to_hash["domain"]) %>
+  <% if configuration[:domain_aliases] %>
+  ServerAlias <%= configuration[:domain_aliases].to_a.join(' ') %>
+  <% end %>
+  DocumentRoot <%= configuration[:deploy_to] + "/current/public" %>
+
+  <Directory <%= configuration[:deploy_to] + "/current/public" %>>
+    Options FollowSymLinks
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+  </Directory>
+
+  <% if configuration[:apache ] and (configuration[:apache][:users] || configuration[:apache][:allow] || configuration[:apache][:deny]) %>
+  <Location / >
+    <% if configuration[:apache][:users] %>
+    authtype basic
+    authuserfile <%= configuration[:apache][:htpasswd] || "#{configuration[:deploy_to]}/shared/config/htpasswd" %>
+    authname "<%= configuration[:authname] || configuration[:domain] %>"
+    <% end %>
+    <Limit GET POST DELETE PUT>
+      order deny,allow
+      <% if configuration[:apache][:users] || configuration[:apache][:allow] %>
+      deny from all
+      <% end %>
+      <% configuration[:apache][:deny].to_a.each do |deny| %>
+      deny from <%= deny %>
+      <% end %>
+      <% configuration[:apache][:allow].to_a.each do |allow| %> 
+      allow from <%= allow %>
+      <% end %>
+      <% if configuration[:apache][:users] %>
+      require valid-user
+      <% end %>
+      Satisfy <%= configuration[:apache][:satisfy] || 'Any' %>
+    </Limit>
+  </Location>
+  <% end %>
+
+  ##
+  ## The following options are Rails specific options. They may occur
+  ## here in your VirtualHost entry or in the global configuration.
+  ##
+
+  ## RailsAutoDetect
+  #
+  # Set whether Phusion Passenger should automatically detect whether
+  # a virtual host's document root is a Ruby on Rails application.
+  # The default is on.
+  # Options: <on|off>
+
+  RailsAutoDetect <%= passenger_config_boolean(configuration[:passenger][:rails_auto_detect] || true) %>
+
+  ## RailsBaseURI
+  #
+  # Specify that the given URI is a Rails application. It is allowed to
+  # specify this option multiple times. Do this to deploy multiple
+  # Rails applications in different sub-URIs under the same virtual host.
+  <% if configuration[:passenger][:rails_base_uri] %>
+  RailsBaseURI <%= configuration[:passenger][:rails_base_uri] %>
+  <% else %>
+  # RailsBaseURI <uri>
+  <% end %>
+
+  ## RailsAllowModRewrite
+  #
+  # Passenger will not override mod_rewrite rules if this option
+  # is enabled.
+  # Options: <on|off>
+
+  RailsAllowModRewrite <%= passenger_config_boolean(configuration[:passenger][:allow_mod_rewrite] || true) %>
+
+  ## RailsEnv
+  #
+  # Use this option to specify the default RAILS_ENV value. The default
+  # setting is production.
+
+  RailsEnv <%= configuration[:passenger][:rails_env] || ENV['RAILS_ENV'] || 'production' %>
+
+  ## RailsSpawnMethod
+  #
+  # Internally, Phusion Passenger spawns multiple Ruby on Rails processes
+  # in order to handle requests. But there are multiple ways with which
+  # processes can be spawned, each having its own set of pros and cons.
+  # Supported spawn methods are:
+  #  smart
+  #    When this spawn method is used, Phusion Passenger will attempt
+  #    to cache Ruby on Rails framework code and application code for
+  #    a limited period of time.
+  #
+  #  conservative
+  #    This spawning method is similar to the one used in Mongrel Cluster.
+  #    It does not perform any code caching at all.
+
+  RailsSpawnMethod <%= configuration[:passenger][:rails_spawn_method] || 'smart' %>
+
+  # Deflate
+  AddOutputFilterByType DEFLATE text/html text/plain text/xml
+  BrowserMatch ^Mozilla/4 gzip-only-text/html
+  BrowserMatch ^Mozilla/4\.0[678] no-gzip
+  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+  RewriteEngine On
+
+<% if configuration[:ssl] %>
+  <%= configuration[:ssl][:vhost_extra] %>
+<% else %>
+  <%= configuration[:passenger][:vhost_extra] %>
+<% end %>
+
+  # Prevent access to .git directories
+  RewriteRule ^(.*/)?\.git/ - [F,L]
+  ErrorDocument 403 "Access Forbidden"
+
+  # Check for maintenance file and redirect all requests
+  RewriteCond %{REQUEST_URI} !\.(css|jpg|png|gif)$
+  RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
+  RewriteRule ^.*$ /system/maintenance.html [L]
+
+  # Rewrite index to check for static
+  RewriteRule ^([^.]+)$ $1/index.html [QSA]
+
+  # Rewrite to check for Rails cached page
+  RewriteRule ^([^.]+)$ $1.html [QSA]
+
+  </VirtualHost>
+<% end %>

data/lib/moonshine/manifest/rails/templates/pg_hba.conf.erb

@@ -0,0 +1,83 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the "Client Authentication" section in the
+# PostgreSQL documentation for a complete description
+# of this file.  A short synopsis follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local      DATABASE  USER  METHOD  [OPTION]
+# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
+# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
+# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTION]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type: "local" is a Unix-domain socket,
+# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
+# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
+#
+# DATABASE can be "all", "sameuser", "samerole", a database name, or
+# a comma-separated list thereof.
+#
+# USER can be "all", a user name, a group name prefixed with "+", or
+# a comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names from
+# a separate file.
+#
+# CIDR-ADDRESS specifies the set of hosts the record matches.
+# It is made up of an IP address and a CIDR mask that is an integer
+# (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies
+# the number of significant bits in the mask.  Alternatively, you can write
+# an IP address and netmask in separate columns to specify the set of hosts.
+#
+# METHOD can be "trust", "reject", "md5", "crypt", "password", "gss", "sspi",
+# "krb5", "ident", "pam" or "ldap".  Note that "password" sends passwords
+# in clear text; "md5" is preferred since it sends encrypted passwords.
+#
+# OPTION is the ident map or the name of the PAM service, depending on METHOD.
+#
+# Database and user names containing spaces, commas, quotes and other special
+# characters must be quoted. Quoting one of the keywords "all", "sameuser" or
+# "samerole" makes the name lose its special character, and just match a
+# database or username with that name.
+#
+# This file is read on server startup and when the postmaster receives
+# a SIGHUP signal.  If you edit the file on a running system, you have
+# to SIGHUP the postmaster for the changes to take effect.  You can use
+# "pg_ctl reload" to do that.
+
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records. In that case you will also need to make PostgreSQL listen
+# on a non-local interface via the listen_addresses configuration parameter,
+# or via the -i or -h command line switches.
+#
+
+
+
+
+# DO NOT DISABLE!
+# If you change this first entry you will need to make sure that the
+# database
+# super user can access the database using some other method.
+# Noninteractive
+# access to all databases is required during automatic maintenance
+# (autovacuum, daily cronjob, replication, and similar tasks).
+#
+# Database administrative login by UNIX sockets
+local   all         postgres                          ident sameuser
+
+# TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
+
+# "local" is for Unix domain socket connections only
+local   all         all                               md5 sameuser
+# IPv4 local connections:
+host    all         all         127.0.0.1/32          md5
+# IPv6 local connections:
+host    all         all         ::1/128               md5