2 files changed, 12 insertions, 3 deletions

diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp
index e437c8f2..1113bd86 100644
--- a/puppet/modules/soledad/manifests/server.pp
+++ b/puppet/modules/soledad/manifests/server.pp
@@ -4,9 +4,10 @@ class soledad::server {
   include soledad
   include site_apt::preferences::twisted
 
-  $soledad           = hiera('soledad')
-  $couchdb_user      = $soledad['couchdb_soledad_user']['username']
-  $couchdb_password  = $soledad['couchdb_soledad_user']['password']
+  $soledad              = hiera('soledad')
+  $couchdb_user         = $soledad['couchdb_soledad_user']['username']
+  $couchdb_password     = $soledad['couchdb_soledad_user']['password']
+  $couchdb_leap_mx_user = $soledad['couchdb_leap_mx_user']['username']
 
   $couchdb_host = 'localhost'
   $couchdb_port = '5984'
diff --git a/puppet/modules/soledad/templates/soledad-server.conf.erb b/puppet/modules/soledad/templates/soledad-server.conf.erb
index 42cf44d8..1c6a0d19 100644
--- a/puppet/modules/soledad/templates/soledad-server.conf.erb
+++ b/puppet/modules/soledad/templates/soledad-server.conf.erb
@@ -2,3 +2,11 @@
 couch_url   = http://<%= @couchdb_user %>:<%= @couchdb_password %>@<%= @couchdb_host %>:<%= @couchdb_port %>
 create_cmd  = sudo -u soledad-admin /usr/bin/create-user-db
 admin_netrc = /etc/couchdb/couchdb-soledad-admin.netrc
+
+[database-security]
+members = <%= @couchdb_user %>, <%= @couchdb_leap_mx_user %>
+# not needed, but for documentation:
+# members_roles = replication
+# admins = admin
+# admins_roles = replication
+