Initial commit: PostgreSQL database server

Co-Authored-By: Claude <noreply@anthropic.com>

.gitignore

@@ -0,0 +1,11 @@
+# Secrets
+*.env
+secrets/
+*.pem
+*.key
+
+# Data volumes
+data/
+
+# Logs
+*.log

.launch.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+cd "$(dirname "$0")"
+~/apps/.launch.sh "$@"

docker-compose.yml

@@ -0,0 +1,38 @@
+services:
+  postgres:
+    image: postgres:17-alpine
+    container_name: infra-postgres
+    restart: unless-stopped
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
+    secrets:
+      - postgres_password
+      - news_1440_password
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+      - ./init:/docker-entrypoint-initdb.d:ro
+    networks:
+      - atproto
+    # Port exposed for local debugging (using 5433 to avoid conflict with local postgres)
+    ports:
+      - "5433:5432"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+secrets:
+  postgres_password:
+    file: ./secrets/postgres_password.txt
+  news_1440_password:
+    file: ./secrets/news_1440_password.txt
+
+volumes:
+  pgdata:
+
+networks:
+  atproto:
+    name: atproto
+    driver: bridge

init/01-news_1440.sql

@@ -0,0 +1,13 @@
+-- Create news_1440 database and user for app.1440.news
+-- Password will be set via ALTER after creation
+
+CREATE USER news_1440;
+CREATE DATABASE news_1440 OWNER news_1440;
+
+-- Grant privileges
+GRANT ALL PRIVILEGES ON DATABASE news_1440 TO news_1440;
+
+-- Connect to the database and set up schema permissions
+\c news_1440
+
+GRANT ALL ON SCHEMA public TO news_1440;

init/02-set-passwords.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+set -e
+
+# Set password for news_1440 user from secrets file
+if [ -f /run/secrets/news_1440_password ]; then
+    NEWS_1440_PASS=$(cat /run/secrets/news_1440_password)
+    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname postgres <<-EOSQL
+        ALTER USER news_1440 WITH PASSWORD '$NEWS_1440_PASS';
+EOSQL
+    echo "Password set for news_1440 user"
+else
+    echo "Warning: news_1440_password secret not found, user has no password"
+fi