124 lines
4.5 KiB
Bash
124 lines
4.5 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Postgresql Service
|
|
|
|
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
config_postgresql() {
|
|
echo -ne "\n* Configuring /federated/apps/postgresql container.."
|
|
spin &
|
|
SPINPID=$!
|
|
|
|
if [ ! -d "/federated/apps/postgresql" ]; then
|
|
mkdir -p /federated/apps/postgresql/data/var/lib/postgresql /federated/apps/postgresql/data/docker-entrypoint-initdb.d
|
|
cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt
|
|
cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key
|
|
chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
|
|
chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
|
|
fi
|
|
|
|
cat > /federated/apps/postgresql/docker-compose.yml <<EOF
|
|
version: "3.7"
|
|
|
|
services:
|
|
postgresql:
|
|
image: postgres:\${IMAGE_VERSION}
|
|
container_name: postgresql
|
|
hostname: postgresql.$DOMAIN
|
|
domainname: $DOMAIN
|
|
restart: always
|
|
networks:
|
|
federated:
|
|
ipv4_address: 172.99.0.14
|
|
volumes:
|
|
- ./data/var/lib/postgresql/server.crt:/var/lib/postgresql/server.crt
|
|
- ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key
|
|
- ./data/var/lib/postgresql/data:/var/lib/postgresql/data
|
|
- ./data/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
|
|
env_file:
|
|
- ./.env
|
|
secrets:
|
|
- federated_psql_password
|
|
command: >
|
|
-c ssl=on
|
|
-c ssl_cert_file=/var/lib/postgresql/server.crt
|
|
-c ssl_key_file=/var/lib/postgresql/server.key
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
secrets:
|
|
federated_psql_password:
|
|
file: ./.postgresql.secret
|
|
networks:
|
|
federated:
|
|
external: true
|
|
EOF
|
|
|
|
cat > /federated/apps/postgresql/.env <<EOF
|
|
IMAGE_VERSION="14"
|
|
POSTGRES_DB=postgres
|
|
POSTGRES_USER=postgres
|
|
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
|
|
POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C'
|
|
EOF
|
|
chmod 600 /federated/apps/postgresql/.env
|
|
|
|
PSQL_SECRET=$(create_password);
|
|
echo "$PSQL_SECRET" > /federated/apps/postgresql/.postgresql.secret
|
|
chmod 600 /federated/apps/postgresql/.postgresql.secret
|
|
NEXTCLOUD_SECRET=$(create_password);
|
|
VAULTWARDEN_SECRET=$(create_password);
|
|
LISTMONK_SECRET=$(create_password);
|
|
MATRIX_SECRET=$(create_password);
|
|
BASEROW_SECRET=$(create_password);
|
|
GITEA_SECRET=$(create_password);
|
|
|
|
# cat postgresql/data/docker-entrypoint-initdb.d/init.sql
|
|
cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql <<EOF
|
|
CREATE USER nextcloud WITH PASSWORD '$NEXTCLOUD_SECRET';
|
|
CREATE DATABASE nextcloud;
|
|
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
|
|
CREATE USER vaultwarden WITH PASSWORD '$VAULTWARDEN_SECRET';
|
|
CREATE DATABASE vaultwarden;
|
|
GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden;
|
|
CREATE USER listmonk WITH PASSWORD '$LISTMONK_SECRET';
|
|
CREATE DATABASE listmonk;
|
|
GRANT ALL PRIVILEGES ON DATABASE listmonk TO listmonk;
|
|
CREATE USER matrix WITH PASSWORD '$MATRIX_SECRET';
|
|
CREATE DATABASE matrix;
|
|
GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
|
|
CREATE USER baserow WITH PASSWORD '$BASEROW_SECRET';
|
|
CREATE DATABASE baserow;
|
|
GRANT ALL PRIVILEGES ON DATABASE baserow TO baserow;
|
|
CREATE USER gitea WITH PASSWORD '$GITEA_SECRET';
|
|
CREATE DATABASE gitea;
|
|
GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
|
|
EOF
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|
|
start_postgresql() {
|
|
# Grab the container IP from docker-compose above
|
|
SERVICE_IP=`grep ipv4_address /federated/apps/postgresql/docker-compose.yml | awk '{ print $2 }'`
|
|
|
|
# Start service with command to make sure it's up before proceeding
|
|
start_service "postgresql" "nc -z ${SERVICE_IP} 5432 &> /dev/null"
|
|
|
|
# Tune PostgreSQL
|
|
sed -i "s#shared_buffers =.*#shared_buffers = 800MB#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
|
|
sed -i "s#max_connections =.*#max_connections = 400#g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
|
|
sed -i "s/#work_mem =.*/work_mem = 16MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
|
|
sed -i "s/#maintenance_work_mem =.*/maintenance_work_mem = 128MB/g" /federated/apps/postgresql/data/var/lib/postgresql/data/postgresql.conf
|
|
|
|
# Restart PostgreSQL
|
|
/federated/bin/stop postgresql &> /dev/null
|
|
/federated/bin/start postgresql &> /dev/null
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|