Fully preseed postgresql
This commit is contained in:
parent
e6e1796d79
commit
96a89b0f4b
|
@ -25,8 +25,8 @@ daemons/nsd/${BUILD_ID_OUT}: daemons/nsd/% : \
|
|||
|
||||
daemons/postgres/${BUILD_ID_OUT}: daemons/postgres/% : \
|
||||
daemons/postgres/disable-hba-patcher.patch \
|
||||
daemons/postgres/pg_hba.conf \
|
||||
daemons/postgres/postgresql.conf \
|
||||
daemons/postgres/init-db-hba.py \
|
||||
data/ca/% \
|
||||
data/postgres-cert/%
|
||||
|
||||
|
|
|
@ -1,3 +1,13 @@
|
|||
FROM python:3.11 as init
|
||||
|
||||
WORKDIR /root
|
||||
ADD init-db-hba.py init-db-hba.py
|
||||
RUN python3 init-db-hba.py \
|
||||
"murmur/murmur" \
|
||||
"mail/postfix" \
|
||||
"mail/dovecot"
|
||||
# Splits out init.sql and pg_hba.conf
|
||||
|
||||
FROM postgres:alpine
|
||||
|
||||
# FUCK YOU I PROVIDE MY OWN HBA EAT FUCKING SHIT
|
||||
|
@ -5,14 +15,15 @@ RUN apk add patch
|
|||
ADD disable-hba-patcher.patch /tmp/disable-hba-patcher.patch
|
||||
RUN patch -p0 /usr/local/bin/docker-entrypoint.sh /tmp/disable-hba-patcher.patch
|
||||
|
||||
ADD postgresql.conf /etc/postgresql/postgresql.conf
|
||||
ADD pg_hba.conf /etc/postgresql/pg_hba.conf
|
||||
|
||||
# Certificates
|
||||
COPY --from=redxen.eu/data/ca:latest /redxen.eu/certs/ca.crt /etc/redxen/postgres-cert/redxen.eu/certs/ca.crt
|
||||
COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/certs/postgres.crt /etc/redxen/postgres-cert/redxen.eu/certs/postgres.crt
|
||||
COPY --from=redxen.eu/data/postgres-cert:latest /redxen.eu/keys/postgres.key /etc/redxen/postgres-cert/redxen.eu/keys/postgres.key
|
||||
|
||||
RUN chown -Rv postgres:postgres /etc/redxen/postgres-cert/
|
||||
|
||||
ADD postgresql.conf /etc/postgresql/postgresql.conf
|
||||
COPY --from=init /root/pg_hba.conf /etc/postgresql/pg_hba.conf
|
||||
COPY --from=init /root/init.sql /docker-entrypoint-initdb.d/init.sql
|
||||
|
||||
# TODO: https://hub.docker.com/_/postgres > Initialisation scripts (Database)
|
||||
CMD ["postgres", "-c", "config_file=/etc/postgresql/postgresql.conf"]
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
#!/usr/bin/python3
|
||||
#
|
||||
# Script to translate mappings between a list to hba and preseed databases
|
||||
# caskd (https://redxen.eu)
|
||||
# CC0
|
||||
#
|
||||
|
||||
import sys
|
||||
|
||||
table = []
|
||||
|
||||
for elem in sys.argv[1:]:
|
||||
table.append(elem.split('/'))
|
||||
|
||||
dbs = set()
|
||||
users = set()
|
||||
|
||||
for val in table:
|
||||
dbs.add(val[0])
|
||||
users.add(val[1])
|
||||
|
||||
with open("init.sql", 'x') as w:
|
||||
for db in dbs:
|
||||
w.write("CREATE DATABASE " + db + ";\n")
|
||||
|
||||
for user in users:
|
||||
w.write("CREATE USER " + user + " LOGIN;\n")
|
||||
|
||||
for combo in table:
|
||||
w.write("GRANT ALL PRIVILEGES ON DATABASE " + combo[0] + " TO " + combo[1] + ";\n")
|
||||
|
||||
with open("pg_hba.conf", 'x') as w:
|
||||
w.write("local\tall\tpostgres\ttrust\n")
|
||||
for combo in table:
|
||||
w.write("hostssl\t" + combo[0] + "\t" + combo[1] + "\tall\tcert\tclientcert=verify-full\n")
|
Loading…
Reference in New Issue