feat : add Adminer service on port 8083

- Adminer web UI for PostgreSQL management
- Port 8083 (8080 taken by sirh-app)
- Nginx reverse proxy on adminer-prod.malio-dev.fr (HTTP)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.env.example

@@ -1,3 +1,6 @@
 # Superuser PostgreSQL (utilise pour creer les BDD/users au premier lancement)
 POSTGRES_USER=admin
 POSTGRES_PASSWORD=change-me
+
+# Notifications Discord (optionnel)
+DISCORD_WEBHOOK_URL=

CLAUDE.md

@@ -0,0 +1,26 @@
+# infra-postgres
+
+## Stack
+- PostgreSQL 16 Alpine (conteneur Docker)
+- Docker Compose
+
+## Structure
+- `docker-compose.yml` — service PostgreSQL, port 5432, volume data/ en bind mount
+- `deploy.sh` — pull + up + readiness check
+- `backup.sh` — pg_dumpall + rotation (garde les 7 derniers)
+- `doc/deployment.md` — guide complet de deploiement
+
+## Conventions
+- Un seul user `malio` pour toutes les bases de donnees
+- Les applications se connectent via `host.docker.internal:5432`
+- Les secrets (`.env`) ne sont jamais commites (`.gitignore`)
+- Les backups sont dans `backups/` (non commites)
+- Les donnees PostgreSQL sont dans `data/` (non commites)
+
+## CI/CD
+- Auto-tag sur push `main` (`.gitea/workflows/auto-tag.yml`)
+- Token : `REGISTRY_TOKEN` (secret organisation MALIO-DEV)
+
+## Language
+- Documentation en francais
+- Code/scripts en anglais

backup.sh

@@ -3,16 +3,64 @@ set -euo pipefail
 
 cd "$(dirname "$0")"
 
+# Charger les variables d'environnement
+source .env
+
 BACKUP_DIR="./backups"
+DATABASES=("sirh_prod" "inventory_prod" "lesstime_prod")
 DATE=$(date +%Y-%m-%d_%H%M%S)
+LOG_FILE="${BACKUP_DIR}/backup.log"
+WEBHOOK_URL="${DISCORD_WEBHOOK_URL:-}"
 
 mkdir -p "$BACKUP_DIR"
 
-echo "==> Dumping all databases..."
-docker compose exec -T postgres pg_dumpall -U admin > "${BACKUP_DIR}/all-databases-${DATE}.sql"
+log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG_FILE"; }
 
-echo "==> Backup saved to ${BACKUP_DIR}/all-databases-${DATE}.sql"
+discord() {
+    local color="$1" title="$2" msg="$3"
+    [[ -z "$WEBHOOK_URL" ]] && return 0
+    curl -fsS -H "Content-Type: application/json" -d "{
+        \"embeds\": [{
+            \"title\": \"${title}\",
+            \"description\": \"${msg}\",
+            \"color\": ${color}
+        }]
+    }" "$WEBHOOK_URL" >/dev/null 2>&1 || true
+}
 
-# Garder les 7 derniers backups
-ls -t "${BACKUP_DIR}"/all-databases-*.sql | tail -n +8 | xargs -r rm --
-echo "==> Old backups cleaned (keeping last 7)."
+fail() {
+    log "ERROR: $1"
+    discord 16711680 "Backup PostgreSQL - ECHEC" "$1"
+    exit 1
+}
+
+# Verifications
+command -v docker &>/dev/null || fail "docker n'est pas installe"
+
+# Supprimer les anciens backups (on ne garde que le dernier)
+rm -f "${BACKUP_DIR}"/*.sql
+
+log "Debut backup PostgreSQL"
+
+DETAILS=""
+ERRORS=0
+
+for DB in "${DATABASES[@]}"; do
+    log "Dumping ${DB}..."
+    if docker compose exec -T postgres pg_dump -U admin "$DB" > "${BACKUP_DIR}/${DB}-${DATE}.sql" 2>/dev/null; then
+        SIZE=$(du -h "${BACKUP_DIR}/${DB}-${DATE}.sql" | cut -f1)
+        log "${DB} sauvegarde (${SIZE})"
+        DETAILS="${DETAILS}\\n- **${DB}** : ${SIZE}"
+    else
+        log "ERREUR sur ${DB}"
+        DETAILS="${DETAILS}\\n- **${DB}** : ERREUR"
+        ((ERRORS++))
+    fi
+done
+
+if [[ $ERRORS -gt 0 ]]; then
+    fail "Backup termine avec ${ERRORS} erreur(s) :${DETAILS}"
+fi
+
+log "Backup termine avec succes"
+discord 65280 "Backup PostgreSQL - OK" "Backup **${DATE}** termine\\n${DETAILS}"

doc/deployment.md

@@ -51,14 +51,12 @@ Se connecter au conteneur :
 docker compose exec -T postgres psql -U admin
 ```
 
-Creer les bases et users :
+Creer un user unique pour toutes les applications et les bases :
 
 ```sql
-CREATE USER sirh_prod WITH PASSWORD 'motdepasse';
-CREATE DATABASE sirh_prod OWNER sirh_prod;
-
-CREATE USER sirh_recette WITH PASSWORD 'motdepasse';
-CREATE DATABASE sirh_recette OWNER sirh_recette;
+CREATE USER malio WITH PASSWORD 'motdepasse';
+CREATE DATABASE sirh_prod OWNER malio;
+CREATE DATABASE sirh_recette OWNER malio;
 \q
 ```
 
@@ -74,10 +72,10 @@ Les applications Docker sur la meme machine se connectent via `host.docker.inter
 
 ```env
 # SIRH prod
-DATABASE_URL="postgresql://sirh_prod:password@host.docker.internal:5432/sirh_prod?serverVersion=16&charset=utf8"
+DATABASE_URL="postgresql://malio:password@host.docker.internal:5432/sirh_prod?serverVersion=16&charset=utf8"
 
 # SIRH recette
-DATABASE_URL="postgresql://sirh_recette:password@host.docker.internal:5432/sirh_recette?serverVersion=16&charset=utf8"
+DATABASE_URL="postgresql://malio:password@host.docker.internal:5432/sirh_recette?serverVersion=16&charset=utf8"
 ```
 
 ## Ajouter une nouvelle base
@@ -87,8 +85,7 @@ docker compose exec -T postgres psql -U admin
 ```
 
 ```sql
-CREATE USER nouvelle_app WITH PASSWORD 'motdepasse';
-CREATE DATABASE nouvelle_app OWNER nouvelle_app;
+CREATE DATABASE nouvelle_app OWNER malio;
 \q
 ```
 

docker-compose.yml

@@ -8,3 +8,14 @@ services:
     volumes:
       - ./data:/var/lib/postgresql/data
     restart: unless-stopped
+
+  adminer:
+    image: adminer:latest
+    container_name: adminer
+    ports:
+      - "8083:8080"
+    environment:
+      ADMINER_DEFAULT_SERVER: postgres
+    restart: unless-stopped
+    depends_on:
+      - postgres