mucas/mucas-central
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cd2b304a5c39bc9d5dd7b33ee9d2bb660376e652
mucas-central/homelab/applications/postgres
History
Amar Saljic cd2b304a5c updates...
2025-11-15 23:02:28 +01:00
..
compose.yml
made changes in order to make gitea work
2025-11-02 11:45:24 +01:00
README.md
updates...
2025-11-15 23:02:28 +01:00
start.sh
added postgres & made structure changes
2025-11-02 08:39:40 +01:00

README.md

Postgres

Set up non-root user for container

We are providing a non-root user to the container to limit the attack surface for privilege escalations. In order for this to work in our setup, please make sure to check if you have a user called postgres set up.

  1. Check if user postgres exists
cat /etc/passwd | grep postgres

In case the postgres user doesn't exist, please create the user by running

sudo useradd postgres
  1. data folder ownership Also you need to make sure that the postgres owner owns the volumes mounted for docker
sudo chown -R postgres:postgres data
sudo chmod 770 data
  1. Adjust compose.yml Within services > postgres > user, make sure to replare postgres with the UID of the user on your machine
cat /etc/passwd | grep postgres

About secrets

In order to manage secrets centrally in 1Password and due to the need for secrets in Postgres, using docker compose directly in the terminal does not work.

Bring up/tear down container

Please use the start.sh to spin up the container

Prerequisites start.sh

  • User executing the script is part of the docker group
  • Environment variable OP_SERVICE_ACCOUNT_TOKEN is set up [check out top-level README.md for more information on how to set this up]