Only add postgres module config on manager nodes

Removed postgres from soc/defaults.yaml (shared by all nodes)
and moved it entirely into defaults.map.jinja, which only injects
the config when postgres auth pillar exists (manager-type nodes).
Sensors and other non-manager nodes will not have a postgres module
section in their sensoroni.json, so sensoroni won't try to connect.

salt/soc/defaults.map.jinja

@@ -25,7 +25,7 @@
 {% do SOCDEFAULTS.soc.config.server.modules.elastic.update({'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user, 'password': GLOBALS.elasticsearch.auth.users.so_elastic_user.pass}) %}
 
 {% if GLOBALS.postgres is defined and GLOBALS.postgres.auth is defined %}
-{% do SOCDEFAULTS.soc.config.server.modules.postgres.update({'hostUrl': GLOBALS.manager_ip, 'username': GLOBALS.postgres.auth.users.so_postgres_user.user, 'password': GLOBALS.postgres.auth.users.so_postgres_user.pass}) %}
+{% do SOCDEFAULTS.soc.config.server.modules.update({'postgres': {'hostUrl': GLOBALS.manager_ip, 'port': 5432, 'username': GLOBALS.postgres.auth.users.so_postgres_user.user, 'password': GLOBALS.postgres.auth.users.so_postgres_user.pass, 'dbname': 'securityonion', 'sslMode': 'require', 'assistantEnabled': true}}) %}
 {% endif %}
 
 {% do SOCDEFAULTS.soc.config.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %}

salt/soc/defaults.yaml

@@ -1491,14 +1491,6 @@ soc:
           org: Security Onion
           bucket: telegraf/so_short_term
           verifyCert: false
-        postgres:
-          hostUrl: so-postgres
-          port: 5432
-          username:
-          password:
-          dbname: securityonion
-          sslMode: require
-          assistantEnabled: true
         playbook:
           autoUpdateEnabled: true
           playbookImportFrequencySeconds: 86400