diff --git a/ansible/plays/services/gitea/docker-compose.yaml b/ansible/plays/services/gitea/docker-compose.yaml index d272a3c..b373add 100644 --- a/ansible/plays/services/gitea/docker-compose.yaml +++ b/ansible/plays/services/gitea/docker-compose.yaml @@ -1,3 +1,4 @@ +{% import 'macro/postgres.j2' as pg with context %} --- version: '3.9' @@ -36,22 +37,7 @@ services: db: condition: service_healthy - db: - image: postgres:14 - restart: always - environment: - - "POSTGRES_USER={{ gitea.db.user }}" - - "POSTGRES_PASSWORD={{ gitea.db.password }}" - - "POSTGRES_DB={{ gitea.db.name }}" - networks: - - backend - volumes: - - pg_data:/var/lib/postgresql/data - healthcheck: - test: ["CMD-SHELL", "pg_isready", "-U", "{{ gitea.db.user }}"] - interval: 10s - timeout: 5s - retries: 5 +{{ pg.postgres("db", gitea.db.user, gitea.db.password, gitea.db.name, ["backend"], version="14" ) }} drone: image: drone/drone:2 @@ -82,11 +68,13 @@ services: - gitea networks: + postgres: + internal: true backend: internal: true volumes: gitea_data: drone_data: - pg_data: + db_data: ... diff --git a/ansible/plays/services/gotosocial/docker-compose.yaml b/ansible/plays/services/gotosocial/docker-compose.yaml index d3883af..50e0b79 100644 --- a/ansible/plays/services/gotosocial/docker-compose.yaml +++ b/ansible/plays/services/gotosocial/docker-compose.yaml @@ -1,3 +1,4 @@ +{% import 'macro/postgres.j2' as pg with context %} --- version: '3' services: @@ -53,27 +54,16 @@ services: - default - metrics - db: - image: postgres:15 - restart: unless-stopped - environment: - - POSTGRES_USER={{ gotosocial.db.user }} - - POSTGRES_PASSWORD={{ gotosocial.db.password }} - volumes: - - database:/var/lib/postgresql/data - healthcheck: - test: ["CMD", "pg_isready", "-U", "{{ gotosocial.db.user }}"] - interval: 10s - start_period: 30s - networks: - - backend +{{ pg.postgres("db", gotosocial.db.user, gotosocial.db.password, gotosocial.db.user, ["backend"]) }} volumes: - database: + db_data: networks: backend: internal: true metrics: external: true + postgres: + internal: true ... diff --git a/ansible/plays/services/grafana/docker-compose.yaml b/ansible/plays/services/grafana/docker-compose.yaml index d7288bc..d3878e6 100644 --- a/ansible/plays/services/grafana/docker-compose.yaml +++ b/ansible/plays/services/grafana/docker-compose.yaml @@ -44,3 +44,5 @@ networks: internal: true metrics: external: true + postgres: + internal: true diff --git a/ansible/plays/services/hedgedoc/docker-compose.yaml b/ansible/plays/services/hedgedoc/docker-compose.yaml index 1652c80..0bc0787 100644 --- a/ansible/plays/services/hedgedoc/docker-compose.yaml +++ b/ansible/plays/services/hedgedoc/docker-compose.yaml @@ -1,23 +1,7 @@ +{% import 'macro/postgres.j2' as pg with context %} --- version: '3' services: - database: - image: postgres:13-alpine - environment: - - POSTGRES_USER={{ hedgedoc.db.user }} - - POSTGRES_PASSWORD={{ hedgedoc.db.password }} - - POSTGRES_DB={{ hedgedoc.db.name }} - volumes: - - database:/var/lib/postgresql/data - restart: always - networks: - - backend - healthcheck: - test: ["CMD-SHELL", "pg_isready", "-U", "{{ hedgedoc.db.user }}"] - interval: 10s - timeout: 5s - retries: 5 - app: # Make sure to use the latest release from https://hedgedoc.org/latest-release image: quay.io/hedgedoc/hedgedoc:1.9.3 @@ -63,19 +47,22 @@ services: - "prometheus-scrape.enabled=true" - "prometheus-scrape.port=3000" depends_on: - database: + db: condition: service_healthy networks: - backend - metrics - default # oauth +{{ pg.postgres("db", hedgedoc.db.user, hedgedoc.db.password, hedgedoc.db.name, ["backend"], version="13-alpine") }} volumes: - database: + db_data: networks: backend: internal: true metrics: external: true + postgres: + internal: true ... diff --git a/ansible/plays/services/keycloak/docker-compose.yaml b/ansible/plays/services/keycloak/docker-compose.yaml index 5531900..a6dd552 100644 --- a/ansible/plays/services/keycloak/docker-compose.yaml +++ b/ansible/plays/services/keycloak/docker-compose.yaml @@ -1,29 +1,13 @@ +{% import 'macro/postgres.j2' as pg with context %} --- version: '3.9' services: - postgres: - image: postgres:15 - restart: always - environment: - - "POSTGRES_DB={{ auth.db.name }}" - - "POSTGRES_USER={{ auth.db.user }}" - - "POSTGRES_PASSWORD={{ auth.db.password }}" - volumes: - - pg_data:/var/lib/postgresql/data - networks: - - backend - healthcheck: - test: ["CMD-SHELL", "pg_isready", "-U", "{{ auth.db.user }}"] - interval: 10s - timeout: 5s - retries: 5 - keycloak: image: registry.tobiasmanske.de/keycloak:main command: start depends_on: - postgres: + pg: condition: service_healthy environment: - "KC_DB=postgres" @@ -46,7 +30,11 @@ services: - backend - default # keycloak needs to talk to social logins +{{ pg.postgres("pg", auth.db.user, auth.db.password, auth.db.name, ["backend"]) }} + networks: + postgres: + internal: true backend: internal: true diff --git a/ansible/plays/services/matrix/docker-compose.yaml b/ansible/plays/services/matrix/docker-compose.yaml index 221a616..89250bc 100644 --- a/ansible/plays/services/matrix/docker-compose.yaml +++ b/ansible/plays/services/matrix/docker-compose.yaml @@ -1,3 +1,4 @@ +{% import 'macro/postgres.j2' as pg with context %} --- version: '3.9' @@ -46,23 +47,7 @@ services: - "prometheus-scrape.port=9091" - "prometheus-scrape.metrics_path=/_synapse/metrics" - db: - image: postgres:15 - restart: always - environment: - - POSTGRES_USER={{ matrix.db.user }} - - POSTGRES_DB={{ matrix.db.database }} - - POSTGRES_PASSWORD={{ matrix.db.password }} - - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C - networks: - - backend - volumes: - - db_data:/var/lib/postgresql/data - healthcheck: - test: ["CMD-SHELL", "pg_isready", "-U", "{{ matrix.db.user }}"] - interval: 10s - timeout: 5s - retries: 5 +{{ pg.postgres("db", matrix.db.user, matrix.db.password, matrix.db.database, ["backend"], schedule="@hourly" ) }} caddy: image: caddy:2 @@ -98,23 +83,7 @@ services: ### SLIDING SYNC - syncv3-db: - image: postgres:15 - restart: always - environment: - - POSTGRES_USER={{ matrix.syncv3.user }} - - POSTGRES_DB={{ matrix.syncv3.database }} - - POSTGRES_PASSWORD={{ matrix.syncv3.password }} - - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C - networks: - - syncv3 - volumes: - - syncv3_db_data:/var/lib/postgresql/data - healthcheck: - test: ["CMD-SHELL", "pg_isready", "-U", "{{ matrix.syncv3.user }}"] - interval: 10s - timeout: 5s - retries: 5 +{{ pg.postgres("db-syncv3", matrix.syncv3.user, matrix.syncv3.password, matrix.syncv3.database, ["syncv3"] ) }} syncv3-proxy: image: ghcr.io/matrix-org/sliding-sync:latest @@ -158,23 +127,7 @@ services: - db-bridge-tg - synapse - db-bridge-tg: - image: postgres:15 - restart: always - environment: - - POSTGRES_USER={{ matrix.bridge.tg.dbuser }} - - POSTGRES_DB={{ matrix.bridge.tg.dbname }} - - POSTGRES_PASSWORD={{ matrix.bridge.tg.dbpass }} - - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C - networks: - - backend - volumes: - - bridge_tg_db:/var/lib/postgresql/data - healthcheck: - test: ["CMD-SHELL", "pg_isready", "-U", "{{ matrix.bridge.tg.dbuser }}"] - interval: 10s - timeout: 5s - retries: 5 +{{ pg.postgres("db-bridge-tg", matrix.bridge.tg.dbuser, matrix.bridge.tg.dbpass, matrix.bridge.tg.dbname, ["backend"] ) }} #### SLACK @@ -195,23 +148,7 @@ services: - db-bridge-slack - synapse - db-bridge-slack: - image: postgres:15 - restart: always - environment: - - POSTGRES_USER={{ matrix.bridge.slack.dbuser }} - - POSTGRES_DB={{ matrix.bridge.slack.dbname }} - - POSTGRES_PASSWORD={{ matrix.bridge.slack.dbpass }} - - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C - networks: - - backend - volumes: - - bridge_slack_db:/var/lib/postgresql/data - healthcheck: - test: ["CMD-SHELL", "pg_isready", "-U", "{{ matrix.bridge.slack.dbuser }}"] - interval: 10s - timeout: 5s - retries: 5 +{{ pg.postgres("db-bridge-slack", matrix.bridge.slack.dbuser, matrix.bridge.slack.dbpass, matrix.bridge.slack.dbname, ["backend"] ) }} #### SIGNAL mautrix-signal: @@ -241,24 +178,11 @@ services: volumes: - signald_data:/signald - db-bridge-signal: - image: postgres:15 - restart: unless-stopped - networks: - - backend - environment: - - POSTGRES_USER={{ matrix.bridge.signal.dbuser }} - - POSTGRES_DB={{ matrix.bridge.signal.dbname }} - - POSTGRES_PASSWORD={{ matrix.bridge.signal.dbpass }} - volumes: - - bridge_signal_db:/var/lib/postgresql/data - healthcheck: - test: ["CMD-SHELL", "pg_isready", "-U", "{{ matrix.bridge.signal.dbuser }}"] - interval: 10s - timeout: 5s - retries: 5 +{{ pg.postgres("db-bridge-signal", matrix.bridge.signal.dbuser, matrix.bridge.signal.dbpass, matrix.bridge.signal.dbname, ["backend"] ) }} networks: + postgres: + internal: true backend: internal: true syncv3: @@ -267,14 +191,14 @@ networks: external: true volumes: - synapse_data: - syncv3_db_data: - bridge_tg_data: - bridge_tg_db: - bridge_slack_data: - bridge_slack_db: bridge_signal_data: - bridge_signal_db: - signald_data: + bridge_slack_data: + bridge_tg_data: + db-bridge-signal_data: + db-bridge-slack_data: + db-bridge-tg_data: + db-syncv3_data: db_data: + signald_data: + synapse_data: ... diff --git a/ansible/plays/services/miniflux/docker-compose.yaml b/ansible/plays/services/miniflux/docker-compose.yaml index 47fba21..701dcb2 100644 --- a/ansible/plays/services/miniflux/docker-compose.yaml +++ b/ansible/plays/services/miniflux/docker-compose.yaml @@ -1,3 +1,4 @@ +{% import 'macro/postgres.j2' as pg with context %} --- version: '3' services: @@ -39,23 +40,10 @@ services: - default - metrics - db: - image: postgres:13 - restart: unless-stopped - environment: - - POSTGRES_USER={{ miniflux.db.user }} - - POSTGRES_PASSWORD={{ miniflux.db.password }} - volumes: - - database:/var/lib/postgresql/data - healthcheck: - test: ["CMD", "pg_isready", "-U", "{{ miniflux.db.user }}"] - interval: 10s - start_period: 30s - networks: - - backend +{{ pg.postgres("db", miniflux.db.user, miniflux.db.password, miniflux.db.user, ["backend"], version="13") }} volumes: - database: + db_data: networks: backend: @@ -64,4 +52,6 @@ networks: external: true metrics: external: true + postgres: + internal: true ... diff --git a/ansible/plays/services/wallabag/docker-compose.yaml b/ansible/plays/services/wallabag/docker-compose.yaml index c3bc62d..7de27f8 100644 --- a/ansible/plays/services/wallabag/docker-compose.yaml +++ b/ansible/plays/services/wallabag/docker-compose.yaml @@ -1,3 +1,4 @@ +{% import 'macro/postgres.j2' as pg with context %} --- version: '3' services: @@ -29,25 +30,14 @@ services: - backend - default - db: - image: postgres:15-alpine - restart: unless-stopped - environment: - - POSTGRES_USER={{ wallabag.db.user }} - - POSTGRES_PASSWORD={{ wallabag.db.password }} - volumes: - - database:/var/lib/postgresql/data - healthcheck: - test: ["CMD", "pg_isready", "-U", "{{ wallabag.db.user }}"] - interval: 10s - start_period: 30s - networks: - - backend +{{ pg.postgres("db", wallabag.db.user, wallabag.db.password, wallabag.db.user, ["backend"], version="15-alpine") }} volumes: - database: + db_data: networks: backend: internal: true + postgres: + internal: true ... diff --git a/ansible/plays/templates/macro/postgres.j2 b/ansible/plays/templates/macro/postgres.j2 new file mode 100644 index 0000000..e79fb86 --- /dev/null +++ b/ansible/plays/templates/macro/postgres.j2 @@ -0,0 +1,36 @@ +{# https://github.com/prodrigestivill/docker-postgres-backup-local #} +{% macro postgres(name, user, pass, db, networks, schedule="@daily", version="15") %} + {{ name | mandatory | string }}: + image: postgres:{{ version | mandatory }} + restart: unless-stopped + environment: + - POSTGRES_USER={{ user | mandatory }} + - POSTGRES_DB={{ db | mandatory }} + - POSTGRES_PASSWORD={{ pass | mandatory }} + - POSTGRES_INITDB_ARGS=--encoding=UTF-8 --lc-collate=C --lc-ctype=C + networks: {{ networks | mandatory | list | union(["postgres"]) | sort }} + volumes: + - {{ name | string | lower }}_data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready", "-U", "{{ user }}"] + interval: 10s + timeout: 5s + retries: 5 + {{ name | mandatory | string }}_pgbackup: + image: prodrigestivill/postgres-backup-local:latest + restart: unless-stopped + volumes: + - "/opt/pgbackups/${COMPOSE_PROJECT_NAME}/:/backups:z" + networks: + - postgres + depends_on: + - {{ name | mandatory | string }} + environment: + - POSTGRES_HOST={{ name | mandatory | string }} + - POSTGRES_USER={{ user | mandatory }} + - POSTGRES_DB={{ db | mandatory }} + - POSTGRES_PASSWORD={{ pass | mandatory }} + - POSTGRES_EXTRA_OPTS=-Z6 --schema=public --blobs + - SCHEDULE={{ schedule | mandatory }} +{% endmacro %} +