From 55be1f1119fe6bab273911de372e0e302527e97a Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Thu, 9 Apr 2026 21:09:43 -0400
Subject: [PATCH] Only add postgres module config on manager nodes

Removed postgres from soc/defaults.yaml (shared by all nodes)
and moved it entirely into defaults.map.jinja, which only injects
the config when postgres auth pillar exists (manager-type nodes).
Sensors and other non-manager nodes will not have a postgres module
section in their sensoroni.json, so sensoroni won't try to connect.
---
 salt/soc/defaults.map.jinja | 2 +-
 salt/soc/defaults.yaml      | 8 --------
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/salt/soc/defaults.map.jinja b/salt/soc/defaults.map.jinja
index 20d64603d..99e85e364 100644
--- a/salt/soc/defaults.map.jinja
+++ b/salt/soc/defaults.map.jinja
@@ -25,7 +25,7 @@
 {% do SOCDEFAULTS.soc.config.server.modules.elastic.update({'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user, 'password': GLOBALS.elasticsearch.auth.users.so_elastic_user.pass}) %}
 
 {% if GLOBALS.postgres is defined and GLOBALS.postgres.auth is defined %}
-{% do SOCDEFAULTS.soc.config.server.modules.postgres.update({'hostUrl': GLOBALS.manager_ip, 'username': GLOBALS.postgres.auth.users.so_postgres_user.user, 'password': GLOBALS.postgres.auth.users.so_postgres_user.pass}) %}
+{% do SOCDEFAULTS.soc.config.server.modules.update({'postgres': {'hostUrl': GLOBALS.manager_ip, 'port': 5432, 'username': GLOBALS.postgres.auth.users.so_postgres_user.user, 'password': GLOBALS.postgres.auth.users.so_postgres_user.pass, 'dbname': 'securityonion', 'sslMode': 'require', 'assistantEnabled': true}}) %}
 {% endif %}
 
 {% do SOCDEFAULTS.soc.config.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %}
diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml
index 2bdbbae37..0bde8f20e 100644
--- a/salt/soc/defaults.yaml
+++ b/salt/soc/defaults.yaml
@@ -1491,14 +1491,6 @@ soc:
           org: Security Onion
           bucket: telegraf/so_short_term
           verifyCert: false
-        postgres:
-          hostUrl: so-postgres
-          port: 5432
-          username:
-          password:
-          dbname: securityonion
-          sslMode: require
-          assistantEnabled: true
         playbook:
           autoUpdateEnabled: true
           playbookImportFrequencySeconds: 86400