From eadc48d6e70713e063f7e9e48537b7fd0b32ca48 Mon Sep 17 00:00:00 2001
From: ace <ace@0xace.cc>
Date: Thu, 1 Aug 2024 18:36:54 +0300
Subject: [PATCH] update ciphers and timeouts

---
 defaults/main.yaml         | 6 ++++--
 templates/pgbouncer.ini.j2 | 3 +++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yaml b/defaults/main.yaml
index 34b9b41..acf9add 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -24,13 +24,15 @@ pgbouncer_admin_users: "postgres"
 pgbouncer_client_tls_sslmode: "prefer"
 pgbouncer_client_tls_key_file: "/etc/pki/tls/private/cert.key"
 pgbouncer_client_tls_cert_file: "/etc/pki/tls/cert/cert.crt"
-pgbouncer_client_tls_protocols: "tlsv1.3"
+pgbouncer_client_tls_protocols: "secure"
 pgbouncer_client_tls_ciphers: "secure"
 pgbouncer_server_tls_sslmode: "prefer"
 pgbouncer_server_tls_key_file: "/etc/pki/tls/private/cert.key"
 pgbouncer_server_tls_cert_file: "/etc/pki/tls/cert/cert.crt"
-pgbouncer_server_tls_protocols: "tlsv1.3"
+pgbouncer_server_tls_protocols: "secure"
 pgbouncer_server_tls_ciphers: "secure"
+pgbouncer_server_lifetime: "300"
+pgbouncer_server_idle_timeout: "30"
 pgbouncer_postgresql_host: "localhost"
 pgbouncer_postgresql_db: "postgres"
 pgbouncer_postgresql_superuser_username: "postgres"
diff --git a/templates/pgbouncer.ini.j2 b/templates/pgbouncer.ini.j2
index 1470e5c..fee169b 100644
--- a/templates/pgbouncer.ini.j2
+++ b/templates/pgbouncer.ini.j2
@@ -39,6 +39,9 @@ default_pool_size = {{ pgbouncer_default_pool_size }}
 reserve_pool_size = {{ pgbouncer_reserve_pool_size }}
 reserve_pool_timeout = 1
 max_db_connections = {{ pgbouncer_max_db_connections }}
+server_lifetime = {{ pgbouncer_server_lifetime }}
+server_idle_timeout = {{ pgbouncer_server_idle_timeout }}
+
 pkt_buf = 8192
 listen_backlog = 4096