74 lines
2.8 KiB
Bash
Executable File
74 lines
2.8 KiB
Bash
Executable File
#!/bin/bash
|
|
set -e
|
|
|
|
# This script initializes all databases and users for the homelab services
|
|
# It runs automatically when the PostgreSQL container starts for the first time
|
|
|
|
echo "Creating databases and users for homelab services..."
|
|
|
|
# Function to create database and user with restricted permissions
|
|
create_db_and_user() {
|
|
local db_name=$1
|
|
local db_user=$2
|
|
local db_password=$3
|
|
|
|
echo "Creating database: $db_name with user: $db_user"
|
|
|
|
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
|
|
-- Create database
|
|
CREATE DATABASE $db_name;
|
|
|
|
-- Create user with password
|
|
CREATE USER $db_user WITH ENCRYPTED PASSWORD '$db_password';
|
|
|
|
-- Grant connection to the specific database only
|
|
GRANT CONNECT ON DATABASE $db_name TO $db_user;
|
|
|
|
-- Make user owner of the database
|
|
ALTER DATABASE $db_name OWNER TO $db_user;
|
|
|
|
-- Connect to the specific database to set schema permissions
|
|
\c $db_name
|
|
|
|
-- Grant schema permissions
|
|
GRANT ALL ON SCHEMA public TO $db_user;
|
|
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO $db_user;
|
|
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO $db_user;
|
|
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO $db_user;
|
|
|
|
-- Set default privileges for future objects
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO $db_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO $db_user;
|
|
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON FUNCTIONS TO $db_user;
|
|
|
|
-- Switch back to postgres database
|
|
\c postgres
|
|
EOSQL
|
|
}
|
|
|
|
# Create databases for each service
|
|
# Using environment variables that will be set in your .env file
|
|
|
|
# Spliit
|
|
create_db_and_user "${SPLIIT_POSTGRES_DB}" "${SPLIIT_POSTGRES_USER}" "${SPLIIT_POSTGRES_PASSWORD}"
|
|
|
|
# Shlink
|
|
create_db_and_user "${SHLINK_POSTGRES_DB}" "${SHLINK_POSTGRES_USER}" "${SHLINK_POSTGRES_PASSWORD}"
|
|
|
|
# Immich
|
|
create_db_and_user "${IMMICH_DB_DATABASE_NAME}" "${IMMICH_DB_USERNAME}" "${IMMICH_DB_PASSWORD}"
|
|
|
|
# Nextcloud
|
|
create_db_and_user "${NEXTCLOUD_POSTGRES_DB}" "${NEXTCLOUD_POSTGRES_USER}" "${NEXTCLOUD_POSTGRES_PASSWORD}"
|
|
|
|
# Paperless
|
|
create_db_and_user "${PAPERLESS_POSTGRES_DB}" "${PAPERLESS_POSTGRES_USER}" "${PAPERLESS_POSTGRES_PASSWORD}"
|
|
|
|
# Matrix and co
|
|
create_db_and_user "${SYNAPSE_POSTGRES_DB}" "${SYNAPSE_POSTGRES_USER}" "${SYNAPSE_POSTGRES_PASSWORD}"
|
|
create_db_and_user "${MAS_POSTGRES_DB}" "${MAS_POSTGRES_USER}" "${MAS_POSTGRES_PASSWORD}"
|
|
create_db_and_user "${MAUTRIX_SIGNAL_POSTGRES_DB}" "${MAUTRIX_SIGNAL_POSTGRES_USER}" "${MAUTRIX_SIGNAL_POSTGRES_PASSWORD}"
|
|
create_db_and_user "${MAUTRIX_WHATSAPP_POSTGRES_DB}" "${MAUTRIX_WHATSAPP_POSTGRES_USER}" "${MAUTRIX_WHATSAPP_POSTGRES_PASSWORD}"
|
|
|
|
echo "Database initialization completed successfully!"
|