peter/homelab-docker-config
1
0
Fork 0
Code Issues Pull Requests 10 Packages Projects Releases Wiki Activity

Add shared postgres (wip)

Browse Source
This commit is contained in:
Peter Smit
2025-09-26 11:37:14 +02:00
parent 8ae7ba2c7f
commit 0d20dc3153
10 changed files with 439 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
postgres/.env.example
View File

@@ -1,2 +1,4 @@
POSTGRES_USER=
POSTGRES_PASSWORD=
SHARED_DB_USER=
SHARED_DB_PASSWORD=
SHARED_DB_DB=
SHARED_DB_DATA_DIR=

35
postgres/docker-compose.yml
View File

@@ -1,18 +1,27 @@
services:
postgres:
image: ghcr.io/immich-app/postgres:17-vectorchord0.4.3-pgvectors0.3.0
container_name: database
environment:
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_INITDB_ARGS: '--data-checksums --encoding=UTF-8 --locale=C'
DB_STORAGE_TYPE: 'HDD'
shared-postgres:
image: ghcr.io/immich-app/postgres:14-vectorchord0.3.0-pgvectors0.2.0
container_name: shared-postgres
restart: always
env_file:
- .env
environment:
POSTGRES_USER: ${SHARED_DB_USER}
POSTGRES_PASSWORD: ${SHARED_DB_PASSWORD}
POSTGRES_DB: ${SHARED_DB_DB} # Default database
POSTGRES_INITDB_ARGS: '--encoding=UTF-8 --locale=C --data-checksums'
volumes:
- ${SHARED_DB_DATA_DIR}:/var/lib/postgresql/data
- ./init-scripts:/docker-entrypoint-initdb.d:ro
ports:
- 5432:5432
- "5431:5432"
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${SHARED_DB_USER}"]
interval: 10s
timeout: 5s
retries: 5
networks:
- postgres
- postgres-network
networks:
postgres:
postgres-network:
name: postgres-network
driver: bridge

73
postgres/init-scripts/01-init-databases.sh Executable file
View File

@@ -0,0 +1,73 @@
#!/bin/bash
set -e
# This script initializes all databases and users for the homelab services
# It runs automatically when the PostgreSQL container starts for the first time
echo "Creating databases and users for homelab services..."
# Function to create database and user with restricted permissions
create_db_and_user() {
local db_name=$1
local db_user=$2
local db_password=$3
echo "Creating database: $db_name with user: $db_user"
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
-- Create database
CREATE DATABASE $db_name;
-- Create user with password
CREATE USER $db_user WITH ENCRYPTED PASSWORD '$db_password';
-- Grant connection to the specific database only
GRANT CONNECT ON DATABASE $db_name TO $db_user;
-- Make user owner of the database
ALTER DATABASE $db_name OWNER TO $db_user;
-- Connect to the specific database to set schema permissions
\c $db_name
-- Grant schema permissions
GRANT ALL ON SCHEMA public TO $db_user;
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO $db_user;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO $db_user;
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO $db_user;
-- Set default privileges for future objects
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO $db_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO $db_user;
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON FUNCTIONS TO $db_user;
-- Switch back to postgres database
\c postgres
EOSQL
}
# Create databases for each service
# Using environment variables that will be set in your .env file
# Spliit
create_db_and_user "${SPLIIT_POSTGRES_DB}" "${SPLIIT_POSTGRES_USER}" "${SPLIIT_POSTGRES_PASSWORD}"
# Shlink
create_db_and_user "${SHLINK_POSTGRES_DB}" "${SHLINK_POSTGRES_USER}" "${SHLINK_POSTGRES_PASSWORD}"
# Immich
create_db_and_user "${IMMICH_DB_DATABASE_NAME}" "${IMMICH_DB_USERNAME}" "${IMMICH_DB_PASSWORD}"
# Nextcloud
create_db_and_user "${NEXTCLOUD_POSTGRES_DB}" "${NEXTCLOUD_POSTGRES_USER}" "${NEXTCLOUD_POSTGRES_PASSWORD}"
# Paperless
create_db_and_user "${PAPERLESS_POSTGRES_DB}" "${PAPERLESS_POSTGRES_USER}" "${PAPERLESS_POSTGRES_PASSWORD}"
# Matrix and co
create_db_and_user "${SYNAPSE_POSTGRES_DB}" "${SYNAPSE_POSTGRES_USER}" "${SYNAPSE_POSTGRES_PASSWORD}"
create_db_and_user "${MAS_POSTGRES_DB}" "${MAS_POSTGRES_USER}" "${MAS_POSTGRES_PASSWORD}"
create_db_and_user "${MAUTRIX_SIGNAL_POSTGRES_DB}" "${MAUTRIX_SIGNAL_POSTGRES_USER}" "${MAUTRIX_SIGNAL_POSTGRES_PASSWORD}"
create_db_and_user "${MAUTRIX_WHATSAPP_POSTGRES_DB}" "${MAUTRIX_WHATSAPP_POSTGRES_USER}" "${MAUTRIX_WHATSAPP_POSTGRES_PASSWORD}"
echo "Database initialization completed successfully!"

35
postgres/init-scripts/02-immich-extensions.sh Executable file
View File

@@ -0,0 +1,35 @@
#!/bin/bash
set -e
# Enable vector extensions for Immich database
echo "Enabling vector extensions for Immich database..."
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "${IMMICH_DB_DATABASE_NAME}" <<-EOSQL
-- Create extensions as superuser
CREATE EXTENSION IF NOT EXISTS vectors;
CREATE EXTENSION IF NOT EXISTS earthdistance CASCADE;
-- Grant usage on the extension schemas to immich user
GRANT USAGE ON SCHEMA vectors TO ${IMMICH_DB_USERNAME};
GRANT USAGE ON SCHEMA earthdistance TO ${IMMICH_DB_USERNAME};
-- Grant all privileges on extension objects to immich user
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA vectors TO ${IMMICH_DB_USERNAME};
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA vectors TO ${IMMICH_DB_USERNAME};
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA vectors TO ${IMMICH_DB_USERNAME};
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA earthdistance TO ${IMMICH_DB_USERNAME};
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA earthdistance TO ${IMMICH_DB_USERNAME};
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA earthdistance TO ${IMMICH_DB_USERNAME};
-- Set default privileges for future extension objects
ALTER DEFAULT PRIVILEGES IN SCHEMA vectors GRANT ALL ON TABLES TO ${IMMICH_DB_USERNAME};
ALTER DEFAULT PRIVILEGES IN SCHEMA vectors GRANT ALL ON SEQUENCES TO ${IMMICH_DB_USERNAME};
ALTER DEFAULT PRIVILEGES IN SCHEMA vectors GRANT ALL ON FUNCTIONS TO ${IMMICH_DB_USERNAME};
ALTER DEFAULT PRIVILEGES IN SCHEMA earthdistance GRANT ALL ON TABLES TO ${IMMICH_DB_USERNAME};
ALTER DEFAULT PRIVILEGES IN SCHEMA earthdistance GRANT ALL ON SEQUENCES TO ${IMMICH_DB_USERNAME};
ALTER DEFAULT PRIVILEGES IN SCHEMA earthdistance GRANT ALL ON FUNCTIONS TO ${IMMICH_DB_USERNAME};
EOSQL
echo "Immich vector extensions enabled successfully!"