Add PostgreSQL with DB for Keycloak

commit: 5d7a1cbe7796bc840046a43d33527f78359091c1 [log] [tgz]
author: Nico Huber <nico.h@gmx.de> Sun Jul 23 19:36:14 2023 +0000
committer: Nico Huber <nico.h@gmx.de> Tue Jul 25 10:07:10 2023 +0000
tree: 05506173c68cbfe2fe36ed71bd7cd35a68e0bba2
parent: c3497aaff334c418015498f487ca559741f059df [diff]
diff --git a/.gitignore b/.gitignore
index 0b36d07..1f89b79 100644
--- a/.gitignore
+++ b/.gitignore

@@ -19,3 +19,5 @@
 /mail/passwd/
 /mail/rspamd-override.d/
 /mail/state/
+/postgres/data/
+/postgres/passwd/

diff --git a/docker-compose.yml b/docker-compose.yml
index d600756..148b0c3 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml

@@ -24,6 +24,16 @@
       - ./nginx/sa.conf:/etc/nginx/conf.d/sa.conf.template:ro
       - ./nginx/empty.conf:/etc/nginx/conf.d/default.conf:ro
       - ./logs/nginx:/var/log/nginx/:rw
+  postgres:
+    build:
+      context: ./postgres/docker/
+    networks:
+      - dbnet
+    volumes:
+      - ./postgres/postgres.conf:/etc/postgresql/postgresql.conf:ro
+      - ./postgres/init.sh:/docker-entrypoint-initdb.d/init.sh:ro
+      - ./postgres/data/:/var/lib/postgresql/data/:rw
+      - ./postgres/passwd/:/tmp/passwd/:rw
   simpleid:
     build:
       context: .
@@ -108,3 +118,8 @@
     ipam:
       config:
         - subnet: 10.12.14.24/29
+  dbnet:
+    driver: bridge
+    ipam:
+      config:
+        - subnet: 10.12.14.40/29

diff --git a/postgres/docker/Dockerfile b/postgres/docker/Dockerfile
new file mode 100644
index 0000000..4b4874f
--- /dev/null
+++ b/postgres/docker/Dockerfile

@@ -0,0 +1,7 @@
+FROM postgres:15-alpine
+
+COPY entrypoint /sa-entrypoint
+RUN chmod 544 /sa-entrypoint
+
+ENTRYPOINT ["/bin/sh", "/sa-entrypoint"]
+CMD ["postgres"]

diff --git a/postgres/docker/entrypoint b/postgres/docker/entrypoint
new file mode 100644
index 0000000..311a019
--- /dev/null
+++ b/postgres/docker/entrypoint

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+export POSTGRES_PASSWORD=$(mktemp -u XXXXXXXXXXXXXXXX)
+
+kc_secret=/tmp/passwd/keycloak/secret
+{
+    if [ ! -f ${kc_secret} ]; then
+        mkdir -p $(dirname ${kc_secret})
+        echo $(mktemp -u XXXXXXXXXXXXXXXX) >${kc_secret}
+    fi
+    chown root:postgres ${kc_secret}
+    chmod 440 ${kc_secret}
+}
+
+exec docker-entrypoint.sh "$@"

diff --git a/postgres/init.sh b/postgres/init.sh
new file mode 100755
index 0000000..dc0d510
--- /dev/null
+++ b/postgres/init.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -e
+
+{
+    kc_secret=/tmp/passwd/keycloak/secret
+    kc_password=$(cat ${kc_secret})
+
+    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+	CREATE USER keycloak WITH PASSWORD '${kc_password}';
+	CREATE DATABASE keycloak;
+	GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloak;
+EOSQL
+}
commit	5d7a1cbe7796bc840046a43d33527f78359091c1	[log] [tgz]
author	Nico Huber <nico.h@gmx.de>	Sun Jul 23 19:36:14 2023 +0000
committer	Nico Huber <nico.h@gmx.de>	Tue Jul 25 10:07:10 2023 +0000
tree	05506173c68cbfe2fe36ed71bd7cd35a68e0bba2
parent	c3497aaff334c418015498f487ca559741f059df [diff]