Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
dce99f58d7 | ||
| d3927b0cc4 | |||
| def82235ca |
@@ -1,3 +1,6 @@
|
||||
# Superuser PostgreSQL (utilise pour creer les BDD/users au premier lancement)
|
||||
POSTGRES_USER=admin
|
||||
POSTGRES_PASSWORD=change-me
|
||||
|
||||
# Notifications Discord (optionnel)
|
||||
DISCORD_WEBHOOK_URL=
|
||||
|
||||
26
CLAUDE.md
Normal file
26
CLAUDE.md
Normal file
@@ -0,0 +1,26 @@
|
||||
# infra-postgres
|
||||
|
||||
## Stack
|
||||
- PostgreSQL 16 Alpine (conteneur Docker)
|
||||
- Docker Compose
|
||||
|
||||
## Structure
|
||||
- `docker-compose.yml` — service PostgreSQL, port 5432, volume data/ en bind mount
|
||||
- `deploy.sh` — pull + up + readiness check
|
||||
- `backup.sh` — pg_dumpall + rotation (garde les 7 derniers)
|
||||
- `doc/deployment.md` — guide complet de deploiement
|
||||
|
||||
## Conventions
|
||||
- Un seul user `malio` pour toutes les bases de donnees
|
||||
- Les applications se connectent via `host.docker.internal:5432`
|
||||
- Les secrets (`.env`) ne sont jamais commites (`.gitignore`)
|
||||
- Les backups sont dans `backups/` (non commites)
|
||||
- Les donnees PostgreSQL sont dans `data/` (non commites)
|
||||
|
||||
## CI/CD
|
||||
- Auto-tag sur push `main` (`.gitea/workflows/auto-tag.yml`)
|
||||
- Token : `REGISTRY_TOKEN` (secret organisation MALIO-DEV)
|
||||
|
||||
## Language
|
||||
- Documentation en francais
|
||||
- Code/scripts en anglais
|
||||
60
backup.sh
60
backup.sh
@@ -3,16 +3,64 @@ set -euo pipefail
|
||||
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
# Charger les variables d'environnement
|
||||
source .env
|
||||
|
||||
BACKUP_DIR="./backups"
|
||||
DATABASES=("sirh_prod" "inventory_prod" "lesstime_prod")
|
||||
DATE=$(date +%Y-%m-%d_%H%M%S)
|
||||
LOG_FILE="${BACKUP_DIR}/backup.log"
|
||||
WEBHOOK_URL="${DISCORD_WEBHOOK_URL:-}"
|
||||
|
||||
mkdir -p "$BACKUP_DIR"
|
||||
|
||||
echo "==> Dumping all databases..."
|
||||
docker compose exec -T postgres pg_dumpall -U admin > "${BACKUP_DIR}/all-databases-${DATE}.sql"
|
||||
log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG_FILE"; }
|
||||
|
||||
echo "==> Backup saved to ${BACKUP_DIR}/all-databases-${DATE}.sql"
|
||||
discord() {
|
||||
local color="$1" title="$2" msg="$3"
|
||||
[[ -z "$WEBHOOK_URL" ]] && return 0
|
||||
curl -fsS -H "Content-Type: application/json" -d "{
|
||||
\"embeds\": [{
|
||||
\"title\": \"${title}\",
|
||||
\"description\": \"${msg}\",
|
||||
\"color\": ${color}
|
||||
}]
|
||||
}" "$WEBHOOK_URL" >/dev/null 2>&1 || true
|
||||
}
|
||||
|
||||
# Garder les 7 derniers backups
|
||||
ls -t "${BACKUP_DIR}"/all-databases-*.sql | tail -n +8 | xargs -r rm --
|
||||
echo "==> Old backups cleaned (keeping last 7)."
|
||||
fail() {
|
||||
log "ERROR: $1"
|
||||
discord 16711680 "Backup PostgreSQL - ECHEC" "$1"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# Verifications
|
||||
command -v docker &>/dev/null || fail "docker n'est pas installe"
|
||||
|
||||
# Supprimer les anciens backups (on ne garde que le dernier)
|
||||
rm -f "${BACKUP_DIR}"/*.sql
|
||||
|
||||
log "Debut backup PostgreSQL"
|
||||
|
||||
DETAILS=""
|
||||
ERRORS=0
|
||||
|
||||
for DB in "${DATABASES[@]}"; do
|
||||
log "Dumping ${DB}..."
|
||||
if docker compose exec -T postgres pg_dump -U admin "$DB" > "${BACKUP_DIR}/${DB}-${DATE}.sql" 2>/dev/null; then
|
||||
SIZE=$(du -h "${BACKUP_DIR}/${DB}-${DATE}.sql" | cut -f1)
|
||||
log "${DB} sauvegarde (${SIZE})"
|
||||
DETAILS="${DETAILS}\\n- **${DB}** : ${SIZE}"
|
||||
else
|
||||
log "ERREUR sur ${DB}"
|
||||
DETAILS="${DETAILS}\\n- **${DB}** : ERREUR"
|
||||
((ERRORS++))
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ $ERRORS -gt 0 ]]; then
|
||||
fail "Backup termine avec ${ERRORS} erreur(s) :${DETAILS}"
|
||||
fi
|
||||
|
||||
log "Backup termine avec succes"
|
||||
discord 65280 "Backup PostgreSQL - OK" "Backup **${DATE}** termine\\n${DETAILS}"
|
||||
|
||||
@@ -51,14 +51,12 @@ Se connecter au conteneur :
|
||||
docker compose exec -T postgres psql -U admin
|
||||
```
|
||||
|
||||
Creer les bases et users :
|
||||
Creer un user unique pour toutes les applications et les bases :
|
||||
|
||||
```sql
|
||||
CREATE USER sirh_prod WITH PASSWORD 'motdepasse';
|
||||
CREATE DATABASE sirh_prod OWNER sirh_prod;
|
||||
|
||||
CREATE USER sirh_recette WITH PASSWORD 'motdepasse';
|
||||
CREATE DATABASE sirh_recette OWNER sirh_recette;
|
||||
CREATE USER malio WITH PASSWORD 'motdepasse';
|
||||
CREATE DATABASE sirh_prod OWNER malio;
|
||||
CREATE DATABASE sirh_recette OWNER malio;
|
||||
\q
|
||||
```
|
||||
|
||||
@@ -74,10 +72,10 @@ Les applications Docker sur la meme machine se connectent via `host.docker.inter
|
||||
|
||||
```env
|
||||
# SIRH prod
|
||||
DATABASE_URL="postgresql://sirh_prod:password@host.docker.internal:5432/sirh_prod?serverVersion=16&charset=utf8"
|
||||
DATABASE_URL="postgresql://malio:password@host.docker.internal:5432/sirh_prod?serverVersion=16&charset=utf8"
|
||||
|
||||
# SIRH recette
|
||||
DATABASE_URL="postgresql://sirh_recette:password@host.docker.internal:5432/sirh_recette?serverVersion=16&charset=utf8"
|
||||
DATABASE_URL="postgresql://malio:password@host.docker.internal:5432/sirh_recette?serverVersion=16&charset=utf8"
|
||||
```
|
||||
|
||||
## Ajouter une nouvelle base
|
||||
@@ -87,8 +85,7 @@ docker compose exec -T postgres psql -U admin
|
||||
```
|
||||
|
||||
```sql
|
||||
CREATE USER nouvelle_app WITH PASSWORD 'motdepasse';
|
||||
CREATE DATABASE nouvelle_app OWNER nouvelle_app;
|
||||
CREATE DATABASE nouvelle_app OWNER malio;
|
||||
\q
|
||||
```
|
||||
|
||||
|
||||
Reference in New Issue
Block a user