we do not have other hosts connecting to ansible-db

the ansible-db is restricted to ansible hosts and does not send logs to
datadog. Remove the task that adds hosts to pg_hba and modify the logs
to be readable only to the postgresql user

roles/postgresql/tasks/pg_hba.yml

@@ -11,18 +11,6 @@
     - ansible_os_family == "Debian"
     - running_on_server
 
-- name: PostgreSQL | ensure access to postgres server for client connections (RedHat)
-  ansible.builtin.lineinfile:
-    path: '/var/lib/pgsql/data/pg_hba.conf'
-    line: 'host  {{ pg_hba_postgresql_database }}      {{ pg_hba_postgresql_user }} {{ ansible_default_ipv4.address }}/32       md5'
-  delegate_to: '{{ postgres_host }}'
-  register: remote_postgres_configured
-  when:
-    - postgres_host is not none
-    - not postgresql_is_local
-    - ansible_os_family == "RedHat"
-    - running_on_server
-
 - name: PostgreSQL | reload postgresql
   ansible.builtin.service:
     name: postgresql

roles/postgresql/templates/rh_postgresql.conf.j2

@@ -102,10 +102,10 @@ logging_collector = on   # Enable capturing of stderr, sonlog,
 log_destination = 'csvlog'
 
 # These are only used if logging_collector is on:
-log_directory = 'pg_log' # relative to PGDATA (/var/lib/postgresql/15/main/pg_log/)
+log_directory = 'pg_log' # relative to PGDATA (/var/lib/pgsql/data/pg_log/)
 log_filename = 'pg.log'  # can include strftime() escapes, but daily rotation is enough
 log_statement = 'none'
-log_file_mode = 0644     # allow Datadog to read log files
+log_file_mode = 0600     # allow Datadog to read log files
 # log_rotation_age = 1d		 # We use logrotate, which takes precedence over these configurations
 # log_rotation_size = 1GB  # We use logrotate, which takes precedence over these configurations
 log_checkpoints = on