commit 48615a3a486e8c2ebfc7d728996cee5f2ba5b9b8
Author: primal <primal@primal.host>
Date:   Sun Feb 1 14:43:27 2026 -0500

    Initial commit: PostgreSQL database server
    
    Co-Authored-By: Claude <noreply@anthropic.com>

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ac5d1a0
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,11 @@
+# Secrets
+*.env
+secrets/
+*.pem
+*.key
+
+# Data volumes
+data/
+
+# Logs
+*.log
diff --git a/.launch.sh b/.launch.sh
new file mode 100755
index 0000000..1124257
--- /dev/null
+++ b/.launch.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+cd "$(dirname "$0")"
+~/apps/.launch.sh "$@"
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..581a147
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,38 @@
+services:
+  postgres:
+    image: postgres:17-alpine
+    container_name: infra-postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
+    secrets:
+      - postgres_password
+      - news_1440_password
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+      - ./init:/docker-entrypoint-initdb.d:ro
+    networks:
+      - atproto
+    # Port exposed for local debugging (using 5433 to avoid conflict with local postgres)
+    ports:
+      - "5433:5432"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+secrets:
+  postgres_password:
+    file: ./secrets/postgres_password.txt
+  news_1440_password:
+    file: ./secrets/news_1440_password.txt
+
+volumes:
+  pgdata:
+
+networks:
+  atproto:
+    name: atproto
+    driver: bridge
diff --git a/init/01-news_1440.sql b/init/01-news_1440.sql
new file mode 100644
index 0000000..5f6bde1
--- /dev/null
+++ b/init/01-news_1440.sql
@@ -0,0 +1,13 @@
+-- Create news_1440 database and user for app.1440.news
+-- Password will be set via ALTER after creation
+
+CREATE USER news_1440;
+CREATE DATABASE news_1440 OWNER news_1440;
+
+-- Grant privileges
+GRANT ALL PRIVILEGES ON DATABASE news_1440 TO news_1440;
+
+-- Connect to the database and set up schema permissions
+\c news_1440
+
+GRANT ALL ON SCHEMA public TO news_1440;
diff --git a/init/02-set-passwords.sh b/init/02-set-passwords.sh
new file mode 100755
index 0000000..77e5a25
--- /dev/null
+++ b/init/02-set-passwords.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+set -e
+
+# Set password for news_1440 user from secrets file
+if [ -f /run/secrets/news_1440_password ]; then
+    NEWS_1440_PASS=$(cat /run/secrets/news_1440_password)
+    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname postgres <<-EOSQL
+        ALTER USER news_1440 WITH PASSWORD '$NEWS_1440_PASS';
+EOSQL
+    echo "Password set for news_1440 user"
+else
+    echo "Warning: news_1440_password secret not found, user has no password"
+fi