diff --git a/.fixtures.yml b/.fixtures.yml
@@ -7,6 +7,10 @@ fixtures:
     service: "puppetlabs/service"
     package: "puppetlabs/package"
     reboot: "puppetlabs/reboot"
+    puppetdb: "puppetlabs/puppetdb"
+    postgresql: "puppetlabs/postgresql"
+    firewall: "puppetlabs/firewall"
+    concat: "puppetlabs/concat"
   repositories:
     stdlib: 'https://github.com/puppetlabs/puppetlabs-stdlib'
     apt: 'https://github.com/puppetlabs/puppetlabs-apt'
@@ -35,4 +39,4 @@ fixtures:
     container_inventory: 'https://gitlab.com/nwops/bolt-container_inventory'
     peadm: 'https://github.com/puppetlabs/puppetlabs-peadm.git'
   symlinks:
-    peadm_spec: "#{source_dir}/spec/fixtures/modules/peadm/spec/acceptance/peadm_spec/"
+    peadm_spec: "#{source_dir}/spec/fixtures/modules/peadm/spec/acceptance/peadm_spec/"
diff --git a/.github/workflows/call_nightly.yml b/.github/workflows/call_nightly.yml
@@ -2,8 +2,6 @@ name: Call nightly testing workflows
 
 on:
   workflow_dispatch:
-  schedule:
-    - cron:  '25 5 * * 3'
 
 jobs:
   spec_testing:

diff --git a/.gitignore b/.gitignore
@@ -16,7 +16,7 @@
 /log/
 /pkg/
 /spec/fixtures/manifests/
-/spec/fixtures/modules/
+/spec/fixtures/modules/*
 /tmp/
 /vendor/
 /convert_report.txt

diff --git a/.pdkignore b/.pdkignore
@@ -16,7 +16,7 @@
 /log/
 /pkg/
 /spec/fixtures/manifests/
-/spec/fixtures/modules/
+/spec/fixtures/modules/*
 /tmp/
 /vendor/
 /convert_report.txt
@@ -29,6 +29,7 @@
 /.fixtures.yml
 /Gemfile
 /.gitattributes
+/.github/
 /.gitignore
 /.pdkignore
 /.puppet-lint.rc

diff --git a/.rubocop.yml b/.rubocop.yml
@@ -3,6 +3,7 @@ require:
 - rubocop-performance
 - rubocop-rspec
 AllCops:
+  NewCops: enable
   DisplayCopNames: true
   TargetRubyVersion: '2.6'
   Include:
@@ -529,6 +530,8 @@ Lint/DuplicateBranch:
   Enabled: false
 Lint/DuplicateMagicComment:
   Enabled: false
+Lint/DuplicateMatchPattern:
+  Enabled: false
 Lint/DuplicateRegexpCharacterClassElement:
   Enabled: false
 Lint/EmptyBlock:
@@ -645,6 +648,8 @@ Style/ComparableClamp:
   Enabled: false
 Style/ConcatArrayLiterals:
   Enabled: false
+Style/DataInheritance:
+  Enabled: false
 Style/DirEmpty:
   Enabled: false
 Style/DocumentDynamicEvalDefinition:
@@ -713,6 +718,8 @@ Style/RedundantHeredocDelimiterQuotes:
   Enabled: false
 Style/RedundantInitialize:
   Enabled: false
+Style/RedundantLineContinuation:
+  Enabled: false
 Style/RedundantSelfAssignmentBranch:
   Enabled: false
 Style/RedundantStringEscape:

diff --git a/.sync.yml b/.sync.yml
@@ -33,6 +33,7 @@ spec/spec_helper.rb:
   mock_with: ":rspec"
   coverage_report: true
 Rakefile:
+  unmanaged: true
   changelog_user: "puppetlabs"
   extra_disabled_lint_checks:
     - 'lookup_in_parameter'
@@ -43,6 +44,10 @@ spec/default_facts.yml:
       user: 'root'
     settings:
       module_groups: 'base+pe_only'
+    pe_postgresql_info:
+      installed_server_version: '14'
+    networking:
+      fqdn: 'foo.bar.com'
 .rubocop.yml:
   default_configs:
     "Layout/MultilineOperationIndentation":

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v2.3.0](https://github.com/puppetlabs/puppet_operational_dashboards/tree/v2.3.0) (2024-02-03)
+
+[Full Changelog](https://github.com/puppetlabs/puppet_operational_dashboards/compare/v2.2.0...v2.3.0)
+
+### Added
+
+- Fix collection of postgres metrics on FOSS Puppet [\#206](https://github.com/puppetlabs/puppet_operational_dashboards/pull/206) ([m0dular](https://github.com/m0dular))
+- Fix logic to include pe metrics [\#204](https://github.com/puppetlabs/puppet_operational_dashboards/pull/204) ([m0dular](https://github.com/m0dular))
+
 ## [v2.2.0](https://github.com/puppetlabs/puppet_operational_dashboards/tree/v2.2.0) (2023-11-16)
 
 [Full Changelog](https://github.com/puppetlabs/puppet_operational_dashboards/compare/v2.1.0...v2.2.0)

diff --git a/Gemfile b/Gemfile
@@ -19,20 +19,21 @@ group :development do
   gem "json", '= 2.5.1',                         require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
   gem "json", '= 2.6.1',                         require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
   gem "json", '= 2.6.3',                         require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+  gem "racc", '~> 1.4.0',                        require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
   gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false
   gem "facterdb", '~> 1.18',                     require: false
   gem "metadata-json-lint", '~> 3.0',            require: false
   gem "puppetlabs_spec_helper", '~> 6.0',        require: false
   gem "rspec-puppet-facts", '~> 2.0',            require: false
-  gem "codecov", '~> 0.2',                       require: false
   gem "dependency_checker", '~> 1.0.0',          require: false
   gem "parallel_tests", '= 3.12.1',              require: false
   gem "pry", '~> 0.10',                          require: false
-  gem "simplecov-console", '~> 0.5',             require: false
+  gem "simplecov-console", '~> 0.9',             require: false
   gem "puppet-debugger", '~> 1.0',               require: false
-  gem "rubocop", '= 1.48.1',                     require: false
+  gem "rubocop", '~> 1.50.0',                    require: false
   gem "rubocop-performance", '= 1.16.0',         require: false
   gem "rubocop-rspec", '= 2.19.0',               require: false
+  gem "puppet-strings", '~> 4.0',                require: false
   gem "rb-readline", '= 0.5.5',                  require: false, platforms: [:mswin, :mingw, :x64_mingw]
   gem "github_changelog_generator", '= 1.16.4',  require: false
   gem "concurrent-ruby", '= 1.1.10',             require: false
@@ -43,6 +44,10 @@ group :system_tests do
   gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
   gem "serverspec", '~> 2.41',   require: false
 end
+group :release_prep do
+  gem "puppet-strings", '~> 4.0',         require: false
+  gem "puppetlabs_spec_helper", '~> 6.0', require: false
+end
 
 puppet_version = ENV['PUPPET_GEM_VERSION']
 facter_version = ENV['FACTER_GEM_VERSION']

diff --git a/README.md b/README.md
@@ -154,9 +154,11 @@ Please note database access will not be granted until the Puppet agent run on th
 
 The toml-rb gem needs to be installed in the Puppetserver gem space, which can be done with the [influxdb::profile::toml](https://github.com/puppetlabs/influxdb/blob/main/manifests/profile/toml.pp) class in the InfluxDB module.
 
-To collect PostgreSQL metrics, FOSS users will need to manually configure the PostgreSQL authentication settings.
+To collect PostgreSQL metrics, FOSS users can apply the `puppet_operational_dashboards::profile::foss_postgres_access` class to any postgres nodes to configure authentication and grants for a `telegraf` user to connect.  This class has a dependency on the `puppetlabs/puppetdb` and `puppetlabs/postgresql` modules, and you must use the `puppetlabs/puppetdb` module to configure SSL for postgres.  See the documentation [here](https://forge.puppet.com/modules/puppetlabs/puppetdb/readme#enable-ssl-connections).
 
-The easiest way to get started using this module is by including the `puppet_operational_dashboards` class to install and configure Telegraf, InfluxDB, and Grafana.  Note that you also need to install the toml-rb gem according to the.
+You may also configure the connection options used by the Telegraf client when querying postgres.  These options can be set using the `puppet_operational_dashboards::telegraf::agent::postgres_options` class parameter.
+
+The easiest way to get started using this module is by including the `puppet_operational_dashboards` class to install and configure Telegraf, InfluxDB, and Grafana.  Note that you also need to install the toml-rb gem according to the documentation.
 
 ```
 include puppet_operational_dashboards

diff --git a/REFERENCE.md b/REFERENCE.md
@@ -9,6 +9,7 @@
 * [`puppet_operational_dashboards`](#puppet_operational_dashboards): Installs Telegraf, InfluxDB, and Grafana to collect and display Puppet metrics
 * [`puppet_operational_dashboards::enterprise_infrastructure`](#puppet_operational_dashboards--enterprise_infrastructure): Installs dependancies for Operational dashboards on PE infrastructure components
 * [`puppet_operational_dashboards::profile::dashboards`](#puppet_operational_dashboards--profile--dashboards): Installs Grafana and several dashboards to display Puppet metrics.  Included via the base class.
+* [`puppet_operational_dashboards::profile::foss_postgres_access`](#puppet_operational_dashboards--profile--foss_postgres_access): Allows Telegraf to connect and collect metrics from postgres nodes
 * [`puppet_operational_dashboards::profile::postgres_access`](#puppet_operational_dashboards--profile--postgres_access): Allows Telegraf to connect and collect metrics from postgres nodes
 * [`puppet_operational_dashboards::telegraf::agent`](#puppet_operational_dashboards--telegraf--agent): Installs and configures Telegraf to query hosts in a Puppet infrastructure. Included by the base class
 
@@ -194,7 +195,13 @@ Data type: `Boolean`
 
 Whether to include Filesync and Orchestrator dashboards
 
-Default value: `$settings::module_groups =~ 'pe_only'`
+Default value:
+
+```puppet
+$settings::module_groups ? {
+    /pe_only/ => true,
+    default   => false
+```
 
 ##### <a name="-puppet_operational_dashboards--manage_system_board"></a>`manage_system_board`
 
@@ -505,6 +512,41 @@ Version of the system dashboard to manage. v2 is compatible with puppet_metrics_
 
 Default value: `'v2'`
 
+### <a name="puppet_operational_dashboards--profile--foss_postgres_access"></a>`puppet_operational_dashboards::profile::foss_postgres_access`
+
+Allows Telegraf to connect and collect metrics from postgres nodes
+
+#### Examples
+
+##### Basic usage
+
+```puppet
+include puppet_operational_dashboards::profile::foss_postgres_access
+```
+
+#### Parameters
+
+The following parameters are available in the `puppet_operational_dashboards::profile::foss_postgres_access` class:
+
+* [`telegraf_hosts`](#-puppet_operational_dashboards--profile--foss_postgres_access--telegraf_hosts)
+* [`telegraf_user`](#-puppet_operational_dashboards--profile--foss_postgres_access--telegraf_user)
+
+##### <a name="-puppet_operational_dashboards--profile--foss_postgres_access--telegraf_hosts"></a>`telegraf_hosts`
+
+Data type: `Array`
+
+A list of FQDNs running Telegraf to allow access to
+
+Default value: `puppet_operational_dashboards::hosts_with_profile('Puppet_operational_dashboards::Telegraf::Agent')`
+
+##### <a name="-puppet_operational_dashboards--profile--foss_postgres_access--telegraf_user"></a>`telegraf_user`
+
+Data type: `String`
+
+Username for the Telegraf client to use in the postgres connection string
+
+Default value: `'telegraf'`
+
 ### <a name="puppet_operational_dashboards--profile--postgres_access"></a>`puppet_operational_dashboards::profile::postgres_access`
 
 Allows Telegraf to connect and collect metrics from postgres nodes
@@ -584,6 +626,10 @@ The following parameters are available in the `puppet_operational_dashboards::te
 * [`influxdb_token_file`](#-puppet_operational_dashboards--telegraf--agent--influxdb_token_file)
 * [`http_timeout_seconds`](#-puppet_operational_dashboards--telegraf--agent--http_timeout_seconds)
 * [`include_pe_metrics`](#-puppet_operational_dashboards--telegraf--agent--include_pe_metrics)
+* [`telegraf_user`](#-puppet_operational_dashboards--telegraf--agent--telegraf_user)
+* [`telegraf_postgres_password`](#-puppet_operational_dashboards--telegraf--agent--telegraf_postgres_password)
+* [`postgres_port`](#-puppet_operational_dashboards--telegraf--agent--postgres_port)
+* [`postgres_options`](#-puppet_operational_dashboards--telegraf--agent--postgres_options)
 
 ##### <a name="-puppet_operational_dashboards--telegraf--agent--token"></a>`token`
 
@@ -850,6 +896,47 @@ Whether to include Filesync and Orchestrator dashboards
 
 Default value: `$puppet_operational_dashboards::include_pe_metrics`
 
+##### <a name="-puppet_operational_dashboards--telegraf--agent--telegraf_user"></a>`telegraf_user`
+
+Data type: `String`
+
+Username for the Telegraf client to use in the postgres connection string
+
+Default value: `'telegraf'`
+
+##### <a name="-puppet_operational_dashboards--telegraf--agent--telegraf_postgres_password"></a>`telegraf_postgres_password`
+
+Data type: `Optional[Sensitive[String]]`
+
+Optional Sensitive password for the Telegraf client to use in the postgres connection string
+
+Default value: `undef`
+
+##### <a name="-puppet_operational_dashboards--telegraf--agent--postgres_port"></a>`postgres_port`
+
+Data type: `Integer`
+
+Port for the Telegraf client to use in the postgres connection string
+
+Default value: `5432`
+
+##### <a name="-puppet_operational_dashboards--telegraf--agent--postgres_options"></a>`postgres_options`
+
+Data type: `Hash`
+
+Hash of options for the Telegraf client to use as connection parameters in the postgres connection string
+
+Default value:
+
+```puppet
+{
+    'sslmode'     => 'verify-full',
+    'sslkey'      => '/etc/telegraf/puppet_key.pem',
+    'sslcert'     => '/etc/telegraf/puppet_cert.pem',
+    'sslrootcert' => '/etc/telegraf/puppet_ca.pem',
+  }
+```
+
 ## Defined types
 
 ### <a name="puppet_operational_dashboards--telegraf--config"></a>`puppet_operational_dashboards::telegraf::config`

diff --git a/Rakefile b/Rakefile
@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 require 'bundler'
-require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any?
+require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus'
 require 'puppetlabs_spec_helper/rake_tasks'
 require 'puppet-syntax/tasks/puppet-syntax'
 require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any?
-require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any?
+require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings'
 
 def changelog_user
   return unless Rake.application.top_level_tasks.include? "changelog"
@@ -40,6 +40,7 @@ def changelog_future_release
   returnVal
 end
 
+
 PuppetLint.configuration.send('disable_relative')
 PuppetLint.configuration.send('disable_lookup_in_parameter')
 

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -61,7 +61,11 @@
   Boolean $use_ssl = true,
   Boolean $use_system_store = lookup(influxdb::use_system_store, undef, undef, false),
   # Check for PE by looking at the compiling server's module_groups setting
-  Boolean $include_pe_metrics = $settings::module_groups =~ 'pe_only',
+  Boolean $include_pe_metrics = $settings::module_groups ? {
+    /pe_only/ => true,
+    default   => false,
+  },
+
   Boolean $manage_system_board = true,
 ) {
   unless $facts['os']['family'] in ['RedHat', 'Debian', 'Suse'] {

diff --git a/manifests/profile/foss_postgres_access.pp b/manifests/profile/foss_postgres_access.pp
@@ -0,0 +1,56 @@
+# @summary Allows Telegraf to connect and collect metrics from postgres nodes
+# @example Basic usage
+#   include puppet_operational_dashboards::profile::foss_postgres_access
+# @param telegraf_hosts
+#   A list of FQDNs running Telegraf to allow access to
+# @param telegraf_user
+#   Username for the Telegraf client to use in the postgres connection string
+class puppet_operational_dashboards::profile::foss_postgres_access (
+  Array $telegraf_hosts = puppet_operational_dashboards::hosts_with_profile('Puppet_operational_dashboards::Telegraf::Agent'),
+  String $telegraf_user = 'telegraf',
+) {
+  postgresql::server::role { $telegraf_user:
+    ensure => present,
+    db     => 'puppetdb',
+  }
+
+  postgresql::server::database_grant { "puppetdb grant connect to ${telegraf_user}":
+    privilege => 'CONNECT',
+    db        => 'puppetdb',
+    role      => $telegraf_user,
+    require   => Postgresql::Server::Role[$telegraf_user],
+  }
+
+  postgresql::server::grant_role { 'monitoring':
+    group   => 'pg_monitor',
+    role    => $telegraf_user,
+    require => Postgresql::Server::Role[$telegraf_user],
+  }
+
+  postgresql::server::pg_hba_rule { "Allow certificate mapped connections to puppetdb as ${telegraf_user} (ipv4)":
+    type        => 'hostssl',
+    database    => 'puppetdb',
+    user        => $telegraf_user,
+    address     => '0.0.0.0/0',
+    auth_method => 'cert',
+    order       => 0,
+    auth_option => 'map=puppetdb-telegraf-map clientcert=1',
+  }
+
+  postgresql::server::pg_hba_rule { "Allow certificate mapped connections to puppetdb as ${telegraf_user} (ipv6)":
+    type        => 'hostssl',
+    database    => 'puppetdb',
+    user        => $telegraf_user,
+    address     => '::0/0',
+    auth_method => 'cert',
+    order       => 0,
+    auth_option => 'map=puppetdb-telegraf-map clientcert=1',
+  }
+  $telegraf_hosts.each |$host| {
+    postgresql::server::pg_ident_rule { "Map the SSL certificate of ${host} as a puppetdb user":
+      map_name          => 'puppetdb-telegraf-map',
+      system_username   => $host,
+      database_username => $telegraf_user,
+    }
+  }
+}