test/lib/postgresql.sh

#!/bin/bash
#
# Postgresql Service

PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

config_postgresql() {
  echo -ne "\n* Configuring /federated/apps/postgresql container.."
  spin &
  SPINPID=$!

  if [ ! -d "/federated/apps/postgresql" ]; then
    mkdir -p /federated/apps/postgresql/data/var/lib/postgresql /federated/apps/postgresql/data/docker-entrypoint-initdb.d
    cp /federated/apps/dns/data/etc/letsencrypt/archive/$DOMAIN/fullchain1.pem /federated/apps/postgresql/data/var/lib/postgresql/server.crt
    cp /federated/apps/dns/data/etc/letsencrypt/archive/$DOMAIN/privkey1.pem /federated/apps/postgresql/data/var/lib/postgresql/server.key
    chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.*
    chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.*
  fi

  DOMAIN_ARRAY=(${DOMAIN//./ })
  DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
  DOMAIN_LAST=${DOMAIN_ARRAY[1]}

cat > /federated/apps/postgresql/docker-compose.yml <<EOF
version: "3.7"

services:
  postgresql:
    image: postgres:\${IMAGE_VERSION}
    container_name: postgresql
    hostname: postgresql.$DOMAIN
    domainname: $DOMAIN
    restart: always
    networks:
      federated:
        ipv4_address: 172.99.0.11
    volumes:
      - ./data/var/lib/postgresql/server.crt:/var/lib/postgresql/server.crt
      - ./data/var/lib/postgresql/server.key:/var/lib/postgresql/server.key
      - ./data/var/lib/postgresql/data:/var/lib/postgresql/data
      - ./data/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d
    env_file:
      - ./.env
    secrets:
      - federated_psql_password
    command: >
      -c ssl=on
      -c ssl_cert_file=/var/lib/postgresql/server.crt
      -c ssl_key_file=/var/lib/postgresql/server.key
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      timeout: 5s
      retries: 5

secrets:
  federated_psql_password:
    file: ./.postgresql.secret
networks:
  federated:
    external: true
EOF

cat > /federated/apps/postgresql/.env <<EOF
IMAGE_VERSION="14"
POSTGRES_DB=postgres
POSTGRES_USER=postgres
POSTGRES_PASSWORD_FILE=/run/secrets/federated_psql_password
POSTGRES_INITDB_ARGS=--encoding='UTF8' --lc-collate='C' --lc-ctype='C'
EOF
chmod 600 /federated/apps/postgresql/.env

PSQL_SECRET=$(create_password);
echo "$PSQL_SECRET" > /federated/apps/postgresql/.postgresql.secret
chmod 600 /federated/apps/postgresql/.postgresql.secret
NEXTCLOUD_SECRET=$(create_password);
VAULTWARDEN_SECRET=$(create_password);
LISTMONK_SECRET=$(create_password);
MATRIX_SECRET=$(create_password);
BASEROW_SECRET=$(create_password);
CALCOM_SECRET=$(create_password);
GITEA_SECRET=$(create_password);

# cat postgresql/data/docker-entrypoint-initdb.d/init.sql
cat > /federated/apps/postgresql/data/docker-entrypoint-initdb.d/init.sql <<EOF
CREATE USER nextcloud WITH PASSWORD '$NEXTCLOUD_SECRET';
CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
CREATE USER vaultwarden WITH PASSWORD '$VAULTWARDEN_SECRET';
CREATE DATABASE vaultwarden;
GRANT ALL PRIVILEGES ON DATABASE vaultwarden TO vaultwarden;
CREATE USER listmonk WITH PASSWORD '$LISTMONK_SECRET';
CREATE DATABASE listmonk;
GRANT ALL PRIVILEGES ON DATABASE listmonk TO listmonk;
CREATE USER matrix WITH PASSWORD '$MATRIX_SECRET';
CREATE DATABASE matrix;
GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
CREATE USER baserow WITH PASSWORD '$BASEROW_SECRET';
CREATE DATABASE baserow;
GRANT ALL PRIVILEGES ON DATABASE baserow TO baserow;
CREATE USER calcom WITH PASSWORD '$CALCOM_SECRET';
CREATE DATABASE calcom;
GRANT ALL PRIVILEGES ON DATABASE calcom TO calcom;
CREATE USER gitea WITH PASSWORD '$GITEA_SECRET';
CREATE DATABASE gitea;
GRANT ALL PRIVILEGES ON DATABASE gitea TO gitea;
EOF
 
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_postgresql() {
  # Start service with command to make sure it's up before proceeding
  start_service "postgresql" "nc -z 172.99.0.11 5432 &> /dev/null"

  kill -9 $SPINPID &> /dev/null
  echo -ne "done."
}