---
services:
  postgres:
    image: docker.io/library/postgres:17.0
    container_name: postgres
    environment:
      - POSTGRES_INITDB_ARGS=${POSTGRES_INITDB_ARGS---data-checksums}
      - POSTGRES_HOST_AUTH_METHOD=${POSTGRES_HOST_AUTH_METHOD-}
      - POSTGRES_USER=${POSTGRES_USER:-postgres}
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
      - POSTGRES_DB=${POSTGRES_DB:-$POSTGRES_USER}
      - TZ=${TZ:-UTC}
    ports:
      - 5432:5432
    healthcheck:
      test: ['CMD-SHELL', 'pg_isready -U "${POSTGRES_USER:-postgres}"']
      start_period: 30s
      interval: 10s
      timeout: 10s
      retries: 5
    # (Optional)  When using custom network, see also
    #             https://docs.docker.com/compose/compose-file/compose-file-v3/#networks
    #
    # networks:
    #   - yournetwork
    secrets:
      - postgres_password
    volumes:
      - postgres_data:/var/lib/postgresql/data
    restart: unless-stopped

# (Optional)  When using custom network, see also
#             https://docs.docker.com/compose/compose-file/compose-file-v3/#network-configuration-reference
#
# networks:
#   yournetwork:
#     external: true

secrets:
  postgres_password:
    file: secret.postgres_password.txt

volumes:
  postgres_data:
    driver: local