From 591ec210101a4ce13efcc0ae912d99a0062dca87 Mon Sep 17 00:00:00 2001
From: Christoph Schug <com+github@schug.net>
Date: Sat, 2 Mar 2024 15:39:32 +0100
Subject: [PATCH 01/12] fix: use version 3.8 of the Docker Compose
 specification

See also the Compose and Docker compatibility matrix [1].

While at it, reorder top-level configuration elements and
separate each by a blank line to enhance readability.

[1] https://docs.docker.com/compose/compose-file/compose-file-v3/#compose-and-docker-compatibility-matrix
---
 docker-compose/postgres/docker-compose.yaml | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index 3a6d70e..96bfea4 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -1,10 +1,6 @@
 ---
-# (Optional) when using custom network
-# networks:
-#   yournetwork:
-#     external: true
-volumes:
-  postgres-data:
+version: "3.8"
+
 services:
   postgres:
     # (Recommended) replace "latest" with specific version
@@ -20,5 +16,13 @@ services:
     # networks:
     #   - yournetwork
     volumes:
-      - postgres-data:/var/lib/postgresql/data
+      - postgres_data:/var/lib/postgresql/data
     restart: unless-stopped
+
+# (Optional) when using custom network
+# networks:
+#   yournetwork:
+#     external: true
+
+volumes:
+  postgres_data:

From 89f8ecb4a572a200a3d208d5f9d2c50794a2a484 Mon Sep 17 00:00:00 2001
From: Christoph Schug <com+github@schug.net>
Date: Sat, 2 Mar 2024 16:03:29 +0100
Subject: [PATCH 02/12] feat: use the local volume storage driver by default

---
 docker-compose/postgres/docker-compose.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index 96bfea4..5f9364c 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -26,3 +26,4 @@ services:
 
 volumes:
   postgres_data:
+    driver: local

From e2d527ec67aa6cd4097e5f9f81e81b0993c9f024 Mon Sep 17 00:00:00 2001
From: Christoph Schug <com+github@schug.net>
Date: Sat, 2 Mar 2024 16:06:02 +0100
Subject: [PATCH 03/12] feat: use the latest PostgreSQL release as named
 version

Using the `latest` tag is bad practice.

Also reference the full path of the container image including its
container registry as for example Podman Compose doesn't default to
Docker Hub.
---
 docker-compose/postgres/docker-compose.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index 5f9364c..ac51425 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -3,8 +3,7 @@ version: "3.8"
 
 services:
   postgres:
-    # (Recommended) replace "latest" with specific version
-    image: postgres:latest
+    image: docker.io/library/postgres:16.2
     environment:
       - POSTGRES_USER=${POSTGRES_USER}
       - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}

From bb84e13b9a4f512c6a60fb570591f695d50f5674 Mon Sep 17 00:00:00 2001
From: Christoph Schug <com+github@schug.net>
Date: Sat, 2 Mar 2024 16:14:12 +0100
Subject: [PATCH 04/12] feat: give additional information on custom networking

---
 docker-compose/postgres/docker-compose.yaml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index ac51425..59f2614 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -11,14 +11,18 @@ services:
       # - POSTGRES_DB=${POSTGRES_DB}
     ports:
       - 5432:5432
-    # (Optional) when using custom network
+    # (Optional) when using custom network, see also
+    # https://docs.docker.com/compose/compose-file/compose-file-v3/#networks
+    #
     # networks:
     #   - yournetwork
     volumes:
       - postgres_data:/var/lib/postgresql/data
     restart: unless-stopped
 
-# (Optional) when using custom network
+# (Optional) when using custom network, see also
+# https://docs.docker.com/compose/compose-file/compose-file-v3/#network-configuration-reference
+#
 # networks:
 #   yournetwork:
 #     external: true

From edf466c7c9fe3c4cdae25a74469fbd88dd3d40a5 Mon Sep 17 00:00:00 2001
From: Christoph Schug <com+github@schug.net>
Date: Sat, 2 Mar 2024 16:17:47 +0100
Subject: [PATCH 05/12] feat: use Docker secrets for password

Using environment variables for secret data like passwords is an
anti-pattern as they can easily leak. It's much safer to maintain the
data as a file. To prevent accidental commits of the password file, we
are adding a `.gitignore` file.
---
 docker-compose/postgres/.gitignore          | 1 +
 docker-compose/postgres/docker-compose.yaml | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 docker-compose/postgres/.gitignore

diff --git a/docker-compose/postgres/.gitignore b/docker-compose/postgres/.gitignore
new file mode 100644
index 0000000..6e39f8f
--- /dev/null
+++ b/docker-compose/postgres/.gitignore
@@ -0,0 +1 @@
+secret.*
diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index 59f2614..2d6a9a6 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -6,7 +6,7 @@ services:
     image: docker.io/library/postgres:16.2
     environment:
       - POSTGRES_USER=${POSTGRES_USER}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
       # (Optional) when creating a new database
       # - POSTGRES_DB=${POSTGRES_DB}
     ports:
@@ -16,6 +16,8 @@ services:
     #
     # networks:
     #   - yournetwork
+    secrets:
+      - postgres_password
     volumes:
       - postgres_data:/var/lib/postgresql/data
     restart: unless-stopped
@@ -27,6 +29,10 @@ services:
 #   yournetwork:
 #     external: true
 
+secrets:
+  postgres_password:
+    file: secret.postgres_password.txt
+
 volumes:
   postgres_data:
     driver: local

From 89dd1f5a08a83b8e997d4ecde87150f640bc3614 Mon Sep 17 00:00:00 2001
From: Christoph Schug <com+github@schug.net>
Date: Sat, 2 Mar 2024 16:29:10 +0100
Subject: [PATCH 06/12] feat: default to use data checksums in PostgreSQL

There is little reason not to use PostgreSQL data checksums [1] and they
can greatly help to ensure data integrity.

[1] https://www.postgresql.org/docs/current/checksums.html
---
 docker-compose/postgres/docker-compose.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index 2d6a9a6..d8af54a 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -5,6 +5,7 @@ services:
   postgres:
     image: docker.io/library/postgres:16.2
     environment:
+      - POSTGRES_INITDB_ARGS=${POSTGRES_INITDB_ARGS---data-checksums}
       - POSTGRES_USER=${POSTGRES_USER}
       - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
       # (Optional) when creating a new database

From 16a628e111d78f99c2ea09eeeb744f27f5be2ebc Mon Sep 17 00:00:00 2001
From: Christoph Schug <com+github@schug.net>
Date: Sat, 2 Mar 2024 16:33:39 +0100
Subject: [PATCH 07/12] feat: allow custom host authentication method

---
 docker-compose/postgres/docker-compose.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index d8af54a..8dc98ae 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -6,6 +6,7 @@ services:
     image: docker.io/library/postgres:16.2
     environment:
       - POSTGRES_INITDB_ARGS=${POSTGRES_INITDB_ARGS---data-checksums}
+      - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD-}
       - POSTGRES_USER=${POSTGRES_USER}
       - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
       # (Optional) when creating a new database

From ce2caf7c8f0f7be658d189a3425d7e470f336cf7 Mon Sep 17 00:00:00 2001
From: Christoph Schug <com+github@schug.net>
Date: Sat, 2 Mar 2024 16:35:30 +0100
Subject: [PATCH 08/12] feat: allow custom timezone, defaulting to UTC

---
 docker-compose/postgres/docker-compose.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index 8dc98ae..08fec52 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -11,6 +11,7 @@ services:
       - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
       # (Optional) when creating a new database
       # - POSTGRES_DB=${POSTGRES_DB}
+      - TZ=${TZ:-UTC}
     ports:
       - 5432:5432
     # (Optional) when using custom network, see also

From 911fcc61eb291b648ec1434cee0ac7eb07d03fcf Mon Sep 17 00:00:00 2001
From: Christoph Schug <com+github@schug.net>
Date: Sat, 2 Mar 2024 16:43:49 +0100
Subject: [PATCH 09/12] feat: interpolate name of user and database

Unless explicitely set, the database name is nevertheless derived from
the user by the image's entrypoint, but we can make this more obvious by
defining a interpolation here.
---
 docker-compose/postgres/docker-compose.yaml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index 08fec52..5a90e1c 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -7,10 +7,9 @@ services:
     environment:
       - POSTGRES_INITDB_ARGS=${POSTGRES_INITDB_ARGS---data-checksums}
       - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD-}
-      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_USER=${POSTGRES_USER:-postgres}
       - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
-      # (Optional) when creating a new database
-      # - POSTGRES_DB=${POSTGRES_DB}
+      - POSTGRES_DB=${POSTGRES_DB:-$POSTGRES_USER}
       - TZ=${TZ:-UTC}
     ports:
       - 5432:5432

From 10ae69e17a084a248e4b0f8241be43fe3d1658a2 Mon Sep 17 00:00:00 2001
From: Christoph Schug <com+github@schug.net>
Date: Sat, 2 Mar 2024 16:48:26 +0100
Subject: [PATCH 10/12] feat: add container health check

---
 docker-compose/postgres/docker-compose.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index 5a90e1c..e43e8d5 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -13,6 +13,12 @@ services:
       - TZ=${TZ:-UTC}
     ports:
       - 5432:5432
+    healthcheck:
+      test: ['CMD-SHELL', 'pg_isready -U "${POSTGRES_USER:-postgres}"']
+      start_period: 30s
+      interval: 10s
+      timeout: 10s
+      retries: 5
     # (Optional) when using custom network, see also
     # https://docs.docker.com/compose/compose-file/compose-file-v3/#networks
     #

From b37a7096721be5f63dd03b3bd59379b81b45856e Mon Sep 17 00:00:00 2001
From: Christoph Schug <com+github@schug.net>
Date: Wed, 6 Mar 2024 21:34:33 +0100
Subject: [PATCH 11/12] fix: remove Compose version specification

---
 docker-compose/postgres/docker-compose.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index e43e8d5..1c691b3 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -1,6 +1,4 @@
 ---
-version: "3.8"
-
 services:
   postgres:
     image: docker.io/library/postgres:16.2

From 3d4f62f1c4a24038368cbb92b563357f0994fef8 Mon Sep 17 00:00:00 2001
From: Christian Lempa <christian.lempa@clcreative.de>
Date: Tue, 26 Mar 2024 11:59:45 +0100
Subject: [PATCH 12/12] formatting updates

---
 docker-compose/postgres/docker-compose.yaml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index 1c691b3..811eb9e 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -1,7 +1,8 @@
 ---
 services:
   postgres:
-    image: docker.io/library/postgres:16.2
+    image: postgres:16.2
+    container_name: postgres
     environment:
       - POSTGRES_INITDB_ARGS=${POSTGRES_INITDB_ARGS---data-checksums}
       - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD-}
@@ -17,8 +18,8 @@ services:
       interval: 10s
       timeout: 10s
       retries: 5
-    # (Optional) when using custom network, see also
-    # https://docs.docker.com/compose/compose-file/compose-file-v3/#networks
+    # (Optional)  When using custom network, see also
+    #             https://docs.docker.com/compose/compose-file/compose-file-v3/#networks
     #
     # networks:
     #   - yournetwork
@@ -28,8 +29,8 @@ services:
       - postgres_data:/var/lib/postgresql/data
     restart: unless-stopped
 
-# (Optional) when using custom network, see also
-# https://docs.docker.com/compose/compose-file/compose-file-v3/#network-configuration-reference
+# (Optional)  When using custom network, see also
+#             https://docs.docker.com/compose/compose-file/compose-file-v3/#network-configuration-reference
 #
 # networks:
 #   yournetwork: