mucas/mucas-central
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dd3ea726dba7b5c8eebc772355949303d70018dc
mucas-central/homelab/applications/postgres
History

README.md

Postgres

Set up non-root user for container

We are providing a non-root user to the container to limit the attack surface for privilege escalations. In order for this to work in our setup, please make sure to check if you have a user called postgres set up.

  1. Check if user postgres exists and if the UID is 1002
cat /etc/passwd | grep postgres

In case the postgres user exists but the UID is not 1002, please adjust it via

sudo usermod -u 1002 postgres

In case the postgres user doesn't exist at all, please create the user incl. the right UID by running

sudo useradd -u 1002 postgres

About secrets

In order to manage secrets centrally in 1Password and due to the need for secrets in Postgres, using docker compose directly in the terminal does not work.

Bring up/tear down container

Please use the start.sh to spin up the container

Prerequisites start.sh

  • User executing the script is part of the docker group
  • Env variable OP_SERVICE_ACCOUNT_TOKEN is set up [check out top-level README.md for more information on how to set this up]