From 00ca5873bcb31814d336afa9466a35e434498c48 Mon Sep 17 00:00:00 2001
From: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
Date: Thu, 19 Sep 2024 16:27:05 -0300
Subject: [PATCH 1/2] postgresql.conf hardening

Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
---
 templates/patroni.yml.j2 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/templates/patroni.yml.j2 b/templates/patroni.yml.j2
index ccac3ee1e..7780924e8 100644
--- a/templates/patroni.yml.j2
+++ b/templates/patroni.yml.j2
@@ -16,18 +16,25 @@ bootstrap:
         {%- endif %}
         archive_mode: on
         autovacuum: true
+        debug_print_plan: 'off'
+        debug_print_parse: 'off'
+        debug_print_rewritten: 'off'
         fsync: true
         full_page_writes: true
         lc_messages: 'en_US.UTF8'
         log_autovacuum_min_duration: 60000
+        log_disconnections: 'on'
         log_checkpoints: 'on'
+        log_connections: 'on'
         log_destination: 'stderr'
         log_directory: '/var/log/postgresql'
+        log_error_verbosity: 'verbose'
         log_file_mode: '0600'
         log_filename: 'postgresql-%w_%H%M.log'
         log_hostname: 'off'
         log_line_prefix: '%t [%p]: user=%u,db=%d,app=%a,client=%h,line=%l '
         log_min_duration_sample: -1
+        log_min_error_statement: 'warning'
         log_recovery_conflict_waits: 'on'
         log_replication_commands: 'on'
         log_rotation_age: 1

From 73206b958189e3070320ef40a70c44163f76886e Mon Sep 17 00:00:00 2001
From: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
Date: Thu, 19 Sep 2024 16:33:11 -0300
Subject: [PATCH 2/2] Change parameter position

Signed-off-by: Marcelo Henrique Neppel <marcelo.neppel@canonical.com>
---
 templates/patroni.yml.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/patroni.yml.j2 b/templates/patroni.yml.j2
index 7780924e8..5de8ef6b3 100644
--- a/templates/patroni.yml.j2
+++ b/templates/patroni.yml.j2
@@ -23,11 +23,11 @@ bootstrap:
         full_page_writes: true
         lc_messages: 'en_US.UTF8'
         log_autovacuum_min_duration: 60000
-        log_disconnections: 'on'
         log_checkpoints: 'on'
         log_connections: 'on'
         log_destination: 'stderr'
         log_directory: '/var/log/postgresql'
+        log_disconnections: 'on'
         log_error_verbosity: 'verbose'
         log_file_mode: '0600'
         log_filename: 'postgresql-%w_%H%M.log'