diff --git a/data/hostname/met.internal.softwareheritage.org.yaml b/data/hostname/met.internal.softwareheritage.org.yaml
index 7d430f45..c590ea52 100644
--- a/data/hostname/met.internal.softwareheritage.org.yaml
+++ b/data/hostname/met.internal.softwareheritage.org.yaml
@@ -1,101 +1,110 @@
 backups::exclude:
   - var/lib/rabbitmq
 
 users:
   ardumont:
     groups:
       - docker
   aeviso:
     groups:
       - sudo
       - docker
   ddouard:
     groups:
       - sudo
       - docker
   jayesh:
     groups:
       - sudo
       - docker
   olasd:
     groups:
       - docker
   vsellier:
     groups:
       - docker
   zack:
     groups:
       - docker
 
 icinga2::host::vars:
   load: high
 
 swh::apt_config::enable_non_free: true
 packages:
   - intel-microcode
   # install zfs
   - zfs-dkms
 
 rabbitmq::python_package: 'python3'
 
 rabbitmq::server::users:
   - name: "swh-provenance"
     is_admin: true
     password: "%{hiera('rabbitmq::monitoring::provenance::password')}"
     tags: []
   - name: swh-provenance-consumer
     is_admin: false
     password: "%{hiera('swh::deploy::provenance::consumer::password')}"
     tags: []
   - name: swh-provenance-producer
     is_admin: false
     password: "%{hiera('swh::deploy::provenance::producer::password')}"
     tags: []
 
 swh::postgresql::version: 13
 # hack to don't hang in bullseye
 postgresql::globals::version: "%{lookup('swh::postgresql::version')}"
 
 swh::postgresql::listen_addresses:
   - 0.0.0.0
 swh::postgresql::port: 5433
 swh::postgresql::cluster_name: "%{lookup('swh::postgresql::version')}/main"
 swh::postgresql::datadir_base: "%{lookup('swh::base_directory')}/postgres"
 swh::postgresql::datadir: "%{lookup('swh::postgresql::datadir_base')}/%{lookup('swh::postgresql::cluster_name')}"
 swh::postgresql::network_accesses:
   - 192.168.100.0/24 # Monitoring
   - 192.168.100.0/24 # Internal network
 
 # using an indirection to allow the override for vagrant
 swh::postgresql::shared_buffers: "%{lookup('swh::provenance::db::shared_buffers')}"
 
 postgresql::server::config_entries:
   shared_buffers: "%{alias('swh::postgresql::shared_buffers')}"
   cluster_name: "%{alias('swh::postgresql::cluster_name')}"
 
 swh::dbs:
   provenance:
     name: "%{hiera('swh::deploy::provenance::db::dbname')}"
     user: "%{hiera('swh::deploy::provenance::db::user')}"
 
 # What aliases to install in .pg_service/.pgpass
 swh::postgres::service::dbs:
   - alias: swh-provenance
     name: "%{hiera('swh::deploy::provenance::db::dbname')}"
     host: "%{hiera('swh::deploy::provenance::db::host')}"
     port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
     user: guest
   - alias: admin-swh-provenance
     name: "%{hiera('swh::deploy::provenance::db::dbname')}"
     host: "%{hiera('swh::deploy::provenance::db::host')}"
     port: "%{hiera('swh::deploy::db::pgbouncer::port')}"
     user: "%{hiera('swh::deploy::provenance::db::user')}"
     password: "%{hiera('swh::deploy::provenance::db::password')}"
 
 # Install the .pg_service/.pgpass files to those users
 swh::postgres::service::users:
   - root
   - zack
   - ardumont
   - aeviso
   - vsellier
+
+pgbouncer::auth_hba_file: /etc/postgresql/13/main/pg_hba.conf
+pgbouncer::listen_addr: 192.168.100.210
+pgbouncer::databases:
+  - source_db: "%{hiera('swh::deploy::provenance::db::dbname')}"
+    host: "%{hiera('swh::deploy::provenance::db::host')}"
+    auth_user: "%{hiera('swh::deploy::db::pgbouncer::user::login')}"
+    port: "%{hiera('swh::deploy::db::main::port')}"
+