diff --git a/data/hostname/db0.internal.staging.swh.network.yaml b/data/hostname/db0.internal.staging.swh.network.yaml
index e411d0ef..25f0706b 100644
--- a/data/hostname/db0.internal.staging.swh.network.yaml
+++ b/data/hostname/db0.internal.staging.swh.network.yaml
@@ -1,41 +1,41 @@
 ---
 networks:
   default:
     interface: eth0
     address: 192.168.128.3
     netmask: 255.255.255.0
     gateway: 192.168.128.1
 
 swh::dbs:
   storage:
     name: swh
     user: swh
   indexer:
     name: swh-indexer
     user: swh-indexer
   scheduler:
     name: swh-scheduler
     user: swh-scheduler
 
-pgbouncer::auth_hba_file: /etc/postgresql/11/replica/pg_hba.conf
+pgbouncer::auth_hba_file: /etc/postgresql/11/main/pg_hba.conf
 pgbouncer::listen_addr: 192.168.128.3
 pgbouncer::databases:
   # swh
   - source_db: swh
     host: db0.internal.staging.swh.network
-    auth_user: swh
+    auth_user: postgres
     port: 5433
     alias: staging-swh
   - source_db: swh-indexer
     host: db0.internal.staging.swh.network
-    auth_user: swh-indexer
+    auth_user: postgres
     port: 5433
     alias: staging-swh-indexer
   - source_db: swh-scheduler
     host: db0.internal.staging.swh.network
-    auth_user: swh-scheduler
+    auth_user: postgres
     port: 5433
     alias: staging-swh-scheduler
 
 dar::backup::exclude:
   - srv/softwareheritage/postgres
diff --git a/site-modules/profile/manifests/postgresql/server.pp b/site-modules/profile/manifests/postgresql/server.pp
index 61c2c098..4bac1ad6 100644
--- a/site-modules/profile/manifests/postgresql/server.pp
+++ b/site-modules/profile/manifests/postgresql/server.pp
@@ -1,43 +1,45 @@
 class profile::postgresql::server {
   class { 'postgresql::globals':
     encoding            => 'UTF-8',
     locale              => 'en_US.UTF-8',
     manage_package_repo => true,
     version             => '11',
   }
 
+  $postgres_pass = lookup('swh::deploy::db::postgres::password')
+
   class { 'postgresql::server':
     ip_mask_deny_postgres_user => '0.0.0.0/32',
     ip_mask_allow_all_users    => '0.0.0.0/0',
     ipv4acls                   => ['hostssl all guest 192.168.128.0/24 cert'],
-    postgres_password          => lookup('swh::deploy::db::postgres::password'),
-    port                       => 5433
+    postgres_password          => $postgres_pass,
+    port                       => 5433,
   }
 
   $guest = 'guest'
   postgresql::server::role { $guest:
     password_hash => postgresql_password($guest, 'guest'),
   }
 
   $dbs = lookup('swh::dbs')
   each($dbs) | $db_type, $db_config | {
     # db_type in {storage, indexer, scheduler, etc...}
     $db_pass = lookup("swh::deploy::db::${db_type}::password")
     $db_name = $db_config['name']
     $db_user = $db_config['user']
 
     postgresql::server::db { $db_name:
       user     => $db_user,
       password => $db_pass,
       owner    => $db_user
     }
 
     # guest user has read access on tables
     postgresql::server::table_grant { $db_name:
       privilege   => 'select',
       db          => $db_name,
       role        => $guest,
       table       => 'all',
     }
   }
 }