diff --git a/config.mk b/config.mk index ea39c7f..ae1e09b 100644 --- a/config.mk +++ b/config.mk @@ -25,8 +25,8 @@ daemons/nsd/${BUILD_ID_OUT}: daemons/nsd/% : \ daemons/postgres/${BUILD_ID_OUT}: daemons/postgres/% : \ daemons/postgres/disable-hba-patcher.patch \ - daemons/postgres/pg_hba.conf \ daemons/postgres/postgresql.conf \ + daemons/postgres/init-db-hba.py \ data/ca/% \ data/postgres-cert/% diff --git a/daemons/postgres/Containerfile b/daemons/postgres/Containerfile index 637a3ed..bcca297 100644 --- a/daemons/postgres/Containerfile +++ b/daemons/postgres/Containerfile @@ -1,3 +1,13 @@ +FROM python:3.11 as init + +WORKDIR /root +ADD init-db-hba.py init-db-hba.py +RUN python3 init-db-hba.py \ + "murmur/murmur" \ + "mail/postfix" \ + "mail/dovecot" +# Splits out init.sql and pg_hba.conf + FROM postgres:alpine # FUCK YOU I PROVIDE MY OWN HBA EAT FUCKING SHIT @@ -5,14 +15,15 @@ RUN apk add patch ADD disable-hba-patcher.patch /tmp/disable-hba-patcher.patch RUN patch -p0 /usr/local/bin/docker-entrypoint.sh /tmp/disable-hba-patcher.patch -ADD postgresql.conf /etc/postgresql/postgresql.conf -ADD pg_hba.conf /etc/postgresql/pg_hba.conf - +# Certificates COPY --from=redxen.eu/data/ca:latest /redxen.eu/certs/ca.crt /etc/redxen/postgres-cert/redxen.eu/certs/ca.crt COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/certs/postgres.crt /etc/redxen/postgres-cert/redxen.eu/certs/postgres.crt COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/keys/postgres.key /etc/redxen/postgres-cert/redxen.eu/keys/postgres.key - RUN chown -Rv postgres:postgres /etc/redxen/postgres-cert/ +ADD postgresql.conf /etc/postgresql/postgresql.conf +COPY --from=init /root/pg_hba.conf /etc/postgresql/pg_hba.conf +COPY --from=init /root/init.sql /docker-entrypoint-initdb.d/init.sql + # TODO: https://hub.docker.com/_/postgres > Initialisation scripts (Database) CMD ["postgres", "-c", "config_file=/etc/postgresql/postgresql.conf"] diff --git a/daemons/postgres/init-db-hba.py b/daemons/postgres/init-db-hba.py new file mode 100755 index 0000000..c9f59a7 --- /dev/null +++ b/daemons/postgres/init-db-hba.py @@ -0,0 +1,35 @@ +#!/usr/bin/python3 +# +# Script to translate mappings between a list to hba and preseed databases +# caskd (https://redxen.eu) +# CC0 +# + +import sys + +table = [] + +for elem in sys.argv[1:]: + table.append(elem.split('/')) + +dbs = set() +users = set() + +for val in table: + dbs.add(val[0]) + users.add(val[1]) + +with open("init.sql", 'x') as w: + for db in dbs: + w.write("CREATE DATABASE " + db + ";\n") + + for user in users: + w.write("CREATE USER " + user + " LOGIN;\n") + + for combo in table: + w.write("GRANT ALL PRIVILEGES ON DATABASE " + combo[0] + " TO " + combo[1] + ";\n") + +with open("pg_hba.conf", 'x') as w: + w.write("local\tall\tpostgres\ttrust\n") + for combo in table: + w.write("hostssl\t" + combo[0] + "\t" + combo[1] + "\tall\tcert\tclientcert=verify-full\n")