Initial commit: PostgreSQL database server
Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
primal
+11
@@ -0,0 +1,11 @@
|
|||||||
|
# Secrets
|
||||||
|
*.env
|
||||||
|
secrets/
|
||||||
|
*.pem
|
||||||
|
*.key
|
||||||
|
|
||||||
|
# Data volumes
|
||||||
|
data/
|
||||||
|
|
||||||
|
# Logs
|
||||||
|
*.log
|
||||||
Executable
+3
@@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
cd "$(dirname "$0")"
|
||||||
|
~/apps/.launch.sh "$@"
|
||||||
@@ -0,0 +1,38 @@
|
|||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
image: postgres:17-alpine
|
||||||
|
container_name: infra-postgres
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: postgres
|
||||||
|
POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
|
||||||
|
secrets:
|
||||||
|
- postgres_password
|
||||||
|
- news_1440_password
|
||||||
|
volumes:
|
||||||
|
- pgdata:/var/lib/postgresql/data
|
||||||
|
- ./init:/docker-entrypoint-initdb.d:ro
|
||||||
|
networks:
|
||||||
|
- atproto
|
||||||
|
# Port exposed for local debugging (using 5433 to avoid conflict with local postgres)
|
||||||
|
ports:
|
||||||
|
- "5433:5432"
|
||||||
|
healthcheck:
|
||||||
|
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
||||||
|
interval: 10s
|
||||||
|
timeout: 5s
|
||||||
|
retries: 5
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
postgres_password:
|
||||||
|
file: ./secrets/postgres_password.txt
|
||||||
|
news_1440_password:
|
||||||
|
file: ./secrets/news_1440_password.txt
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
pgdata:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
atproto:
|
||||||
|
name: atproto
|
||||||
|
driver: bridge
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
-- Create news_1440 database and user for app.1440.news
|
||||||
|
-- Password will be set via ALTER after creation
|
||||||
|
|
||||||
|
CREATE USER news_1440;
|
||||||
|
CREATE DATABASE news_1440 OWNER news_1440;
|
||||||
|
|
||||||
|
-- Grant privileges
|
||||||
|
GRANT ALL PRIVILEGES ON DATABASE news_1440 TO news_1440;
|
||||||
|
|
||||||
|
-- Connect to the database and set up schema permissions
|
||||||
|
\c news_1440
|
||||||
|
|
||||||
|
GRANT ALL ON SCHEMA public TO news_1440;
|
||||||
Executable
+13
@@ -0,0 +1,13 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# Set password for news_1440 user from secrets file
|
||||||
|
if [ -f /run/secrets/news_1440_password ]; then
|
||||||
|
NEWS_1440_PASS=$(cat /run/secrets/news_1440_password)
|
||||||
|
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname postgres <<-EOSQL
|
||||||
|
ALTER USER news_1440 WITH PASSWORD '$NEWS_1440_PASS';
|
||||||
|
EOSQL
|
||||||
|
echo "Password set for news_1440 user"
|
||||||
|
else
|
||||||
|
echo "Warning: news_1440_password secret not found, user has no password"
|
||||||
|
fi
|
||||||
Reference in New Issue
Block a user