From 3f9fc10dd718d56a1dce7ee873cc8848a5f05501 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 14:27:24 +0800 Subject: [PATCH 01/13] use alpine --- docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 7396ad4f..a3ec1d60 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -85,8 +85,8 @@ services: - oullin_net api-db: - restart: unless-stopped - image: postgres:17.4 + restart: always + image: postgres:17.4-alpine container_name: oullin_db env_file: - .env From f7f3238c39c0be4b6d40791d276289b15daf6d22 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 14:36:47 +0800 Subject: [PATCH 02/13] add secrets --- database/infra/secrets/postgres_db | 1 + database/infra/secrets/postgres_password | 1 + database/infra/secrets/postgres_user | 1 + docker-compose.yml | 12 ++++++++++++ 4 files changed, 15 insertions(+) create mode 100644 database/infra/secrets/postgres_db create mode 100644 database/infra/secrets/postgres_password create mode 100644 database/infra/secrets/postgres_user diff --git a/database/infra/secrets/postgres_db b/database/infra/secrets/postgres_db new file mode 100644 index 00000000..18030346 --- /dev/null +++ b/database/infra/secrets/postgres_db @@ -0,0 +1 @@ +oullin_db diff --git a/database/infra/secrets/postgres_password b/database/infra/secrets/postgres_password new file mode 100644 index 00000000..65b23ee5 --- /dev/null +++ b/database/infra/secrets/postgres_password @@ -0,0 +1 @@ +gocanto-password diff --git a/database/infra/secrets/postgres_user b/database/infra/secrets/postgres_user new file mode 100644 index 00000000..516f039b --- /dev/null +++ b/database/infra/secrets/postgres_user @@ -0,0 +1 @@ +gocanto-user diff --git a/docker-compose.yml b/docker-compose.yml index a3ec1d60..69e0a575 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,3 +1,11 @@ +secrets: + postgres_user: + file: ./database/infra/secrets/postgres_user + postgres_password: + file: ./database/infra/secrets/postgres_password + postgres_db: + file: ./database/infra/secrets/postgres_db + volumes: caddy_data: caddy_config: @@ -103,6 +111,10 @@ services: POSTGRES_PASSWORD: ${ENV_DB_USER_PASSWORD} ports: - "${ENV_DB_PORT}:${ENV_DB_PORT}" + secrets: + - postgres_user + - postgres_password + - postgres_db volumes: - ./database/infra/ssl/server.crt:/etc/ssl/certs/server.crt - ./database/infra/ssl/server.key:/etc/ssl/private/server.key From fe202cd60c7882e18c6770d4f1c746d888f2dbaa Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 15:15:01 +0800 Subject: [PATCH 03/13] wip --- .../init-user-db.sh | 41 ----------- docker-compose.yml | 70 ++++++++++++------- 2 files changed, 45 insertions(+), 66 deletions(-) delete mode 100755 database/infra/docker-entrypoint-initdb.d/init-user-db.sh diff --git a/database/infra/docker-entrypoint-initdb.d/init-user-db.sh b/database/infra/docker-entrypoint-initdb.d/init-user-db.sh deleted file mode 100755 index 5a6bd0b6..00000000 --- a/database/infra/docker-entrypoint-initdb.d/init-user-db.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -set -e - -RED='\033[0;31m' -GREEN='\033[0;32m' -YELLOW='\033[1;33m' -BLUE='\033[0;34m' -NC='\033[0m' # No Color -PADDING=" " - -echo -e "\n${BLUE}====================[ Database Setup Initiated ]====================${NC}" -echo -e "${PADDING}${BLUE}PGUSER: ${YELLOW}$PGUSER${NC}, ${BLUE}PGDATABASE: ${YELLOW}$PGDATABASE${NC}, ${BLUE}POSTGRES_PASSWORD: ${YELLOW}$POSTGRES_PASSWORD.${NC}" -echo -e "${BLUE}====================================================================${NC}" -echo -e "${PADDING}\n" - -# Check if the database already exists -if psql -v ON_ERROR_STOP=1 --username "$PGUSER" --dbname "$PGDATABASE" -lqt | cut -d \| -f 1 | grep -qw "$PGDATABASE"; then - echo -e "${PADDING}${YELLOW}Database:${NC} [$PGDATABASE] already exists.${NC}\n" - - psql -v ON_ERROR_STOP=1 --username "$PGUSER" --dbname "$PGDATABASE" <<-EOSQL - GRANT ALL PRIVILEGES ON DATABASE "$PGDATABASE" TO "$PGUSER"; -EOSQL - echo -e "${PADDING}${GREEN}All privileges granted to ${YELLOW}[$PGUSER]${NC} in ${YELLOW}[$PGDATABASE]${NC}\n" - -else - - echo -e "${PADDING}${GREEN} Creating database.${NC}\n" - echo -e "${PADDING}${RED}The given database ${YELLOW}[$PGDATABASE] does not exist.${NC}\n" - - psql -v ON_ERROR_STOP=1 --username "$PGUSER" --dbname "$PGDATABASE" <<-EOSQL - CREATE DATABASE "$PGDATABASE"; - GRANT ALL PRIVILEGES ON DATABASE "$PGDATABASE" TO "$PGUSER"; -EOSQL - - echo -e "${PADDING}${GREEN}The given database${NC} ${YELLOW}[$PGDATABASE]${NC} created successfully.\n" - echo -e "${PADDING}${GREEN}All privileges granted to ${YELLOW}[$PGUSER]${NC} in ${YELLOW}[$PGDATABASE]${NC}\n" -fi - -echo -e "${PADDING}" -echo -e "${BLUE}====================[ Database Setup Finished ]====================${NC}\n" diff --git a/docker-compose.yml b/docker-compose.yml index 69e0a575..a5aa6548 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,3 +1,4 @@ +# Define the source of the secrets on the host machine. secrets: postgres_user: file: ./database/infra/secrets/postgres_user @@ -9,6 +10,10 @@ secrets: volumes: caddy_data: caddy_config: + # --- DB: Define a named volume at the top level. + # Docker will manage its lifecycle. + oullin_db_data: + driver: local networks: caddy_net: @@ -93,52 +98,67 @@ services: - oullin_net api-db: + # Ensure the database always restarts on server reboot or crash. restart: always - image: postgres:17.4-alpine + + # --- Use this lightweight and more secure 'alpine' image. + # A specific version (e.g., 16) is pinned to avoid unexpected updates. + image: postgres:17.3-alpine container_name: oullin_db + env_file: - .env networks: - oullin_net + + # --- Use Docker Secrets instead of .env files for credentials. + # The given postgres image automatically reads from files specified by these _FILE variables. environment: - # --- Postgres CLI env vars. - PGUSER: ${ENV_DB_USER_NAME} - PGDATABASE: ${ENV_DB_DATABASE_NAME} - PGPASSWORD: ${ENV_DB_USER_PASSWORD} - # --- Docker postgres-image env vars. - POSTGRES_USER: ${ENV_DB_USER_NAME} - POSTGRES_DB: ${ENV_DB_DATABASE_NAME} - POSTGRES_PASSWORD: ${ENV_DB_USER_PASSWORD} + POSTGRES_USER_FILE: /run/secrets/postgres_user + POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password + POSTGRES_DB_FILE: /run/secrets/postgres_db + PGDATA: /var/lib/postgresql/data/pgdata + + # --- Securing port binding. + # Binds the port ONLY to my VPS's localhost (127.0.0.1). + # This prevents any direct access to the public internet. + # My applications running on the same VPS can connect to it. + # The ':-5432' provides a fallback default port if ENV_DB_PORT is not set. ports: - - "${ENV_DB_PORT}:${ENV_DB_PORT}" + - "127.0.0.1:${ENV_DB_PORT:-5432}:5432" + + # --- Define which secrets this service has access to. + # These secrets are mounted securely in memory at /run/secrets/ secrets: - postgres_user - postgres_password - postgres_db volumes: - - ./database/infra/ssl/server.crt:/etc/ssl/certs/server.crt - - ./database/infra/ssl/server.key:/etc/ssl/private/server.key - - ./database/infra/data:/var/lib/postgresql/data - - ./database/infra/config/postgresql.conf:/etc/postgresql/postgresql.conf - - ./database/infra/docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d + # Use a Docker Named Volume for data persistence. + # This decouples my critical data from the host's file structure, making it + # more robust, portable, and managed entirely by Docker. + - oullin_db_data:/var/lib/postgresql/data + # Mount SSL certs and config files as read-only (:ro) for security. + - ./database/infra/ssl/server.crt:/etc/ssl/certs/server.crt:ro + - ./database/infra/ssl/server.key:/etc/ssl/private/server.key:ro + - ./database/infra/config/postgresql.conf:/etc/postgresql/postgresql.conf:ro + logging: driver: "json-file" options: max-file: 20 max-size: 10M + + # --- This command sets the key permissions and explicitly tells + # Postgres to use my mounted configuration file for greater reliability. command: > - sh -c "chown postgres:postgres /etc/ssl/private/server.key && chmod 600 /etc/ssl/private/server.key && exec docker-entrypoint.sh postgres" + sh -c "chown postgres:postgres /etc/ssl/private/server.key && chmod 600 /etc/ssl/private/server.key && exec docker-entrypoint.sh -c 'config_file=/etc/postgresql/postgresql.conf'" + # --- Healthcheck. + # Docker will use this to verify whether the database is running and healthy + # and will restart the container if it fails. healthcheck: interval: 10s timeout: 5s retries: 5 - test: [ - "CMD-SHELL", - "pg_isready", - "--username=${ENV_DB_USER_NAME}", - "--dbname=${ENV_DB_DATABASE_NAME}", - "--host=postgres", - "--port=${ENV_DB_PORT}", - "--version" - ] + test: ["CMD-SHELL", "pg_isready -U $$(cat /run/secrets/db_user) -d $$(cat /run/secrets/db_name)"] From a81a80da332d244325544c98df4dd35c7fda0feb Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 15:46:27 +0800 Subject: [PATCH 04/13] wip --- config/makefile/db.mk | 124 +++++++++++++----------- database/infra/scripts/run-migration.sh | 16 +++ docker-compose.yml | 19 ++++ 3 files changed, 104 insertions(+), 55 deletions(-) create mode 100644 database/infra/scripts/run-migration.sh diff --git a/config/makefile/db.mk b/config/makefile/db.mk index 05ae92a6..83af716d 100644 --- a/config/makefile/db.mk +++ b/config/makefile/db.mk @@ -1,83 +1,97 @@ -# --- Metadata -.PHONY: db\:local db\:up db\:ping db\:bash db\:fresh db\:logs -.PHONY: db\:delete db\:secure db\:secure\:show db\:chmod db\:seed -.PHONY: db\:migrate db\:rollback db\:migrate\:create db\:migrate\:force -# --- Docker -DB_DOCKER_SERVICE_NAME := "api-db" +DB_DOCKER_SERVICE_NAME := api-db DB_DOCKER_CONTAINER_NAME := oullin_db +DB_MIGRATE_SERVICE_NAME := db-migrate # --- Paths +# Define root paths for clarity. Assume ROOT_PATH is exported or defined. DB_SEEDER_ROOT_PATH := $(ROOT_PATH)/database/seeder DB_INFRA_ROOT_PATH := $(ROOT_PATH)/database/infra DB_INFRA_SSL_PATH := $(DB_INFRA_ROOT_PATH)/ssl -DB_INFRA_DATA_PATH := $(DB_INFRA_ROOT_PATH)/data -# --- SSL +# --- SSL Certificate Files DB_INFRA_SERVER_CRT := $(DB_INFRA_SSL_PATH)/server.crt DB_INFRA_SERVER_CSR := $(DB_INFRA_SSL_PATH)/server.csr DB_INFRA_SERVER_KEY := $(DB_INFRA_SSL_PATH)/server.key -# --- Migrations -DB_MIGRATE_PATH := $(DB_INFRA_ROOT_PATH)/migrations -DB_MIGRATE_VOL_MAP := $(DB_MIGRATE_PATH):$(DB_MIGRATE_PATH) - -db\:local: - # --- Works with your local PG installation. - cd $(EN_DB_BIN_DIR) && \ - ./psql -h $(ENV_DB_HOST) -U $(ENV_DB_USER_NAME) -d $(ENV_DB_DATABASE_NAME) -p $(ENV_DB_PORT) - -db\:seed: - go run $(DB_SEEDER_ROOT_PATH)/main.go - db\:up: - docker compose up $(DB_DOCKER_SERVICE_NAME) -d && \ - make db:logs + @echo "--> Starting database service..." + docker compose up $(DB_DOCKER_SERVICE_NAME) -d -db\:ping: - docker port $(DB_DOCKER_CONTAINER_NAME) - -db\:bash: - docker exec -it $(DB_DOCKER_CONTAINER_NAME) bash - -db\:fresh: - make db:delete && make db:up +db\:down: + @echo "--> Stopping database service..." + docker compose stop $(DB_DOCKER_SERVICE_NAME) db\:logs: + @echo "--> Tailing logs for $(DB_DOCKER_CONTAINER_NAME)..." docker logs -f $(DB_DOCKER_CONTAINER_NAME) -db\:delete: - docker compose down $(DB_DOCKER_SERVICE_NAME) --remove-orphans && \ - sudo rm -rf $(DB_INFRA_DATA_PATH) && \ - docker ps - -db\:secure: - rm -rf $(DB_INFRA_SERVER_CRT) && rm -rf $(DB_INFRA_SERVER_CSR) && rm -rf $(DB_INFRA_SERVER_KEY) && \ - openssl genpkey -algorithm RSA -out $(DB_INFRA_SERVER_KEY) && \ - openssl req -new -key $(DB_INFRA_SERVER_KEY) -out $(DB_INFRA_SERVER_CSR) && \ - openssl x509 -req -days 365 -in $(DB_INFRA_SERVER_CSR) -signkey $(DB_INFRA_SERVER_KEY) -out $(DB_INFRA_SERVER_CRT) && \ - make db:chmod +db\:bash: + @echo "--> Opening a bash shell in $(DB_DOCKER_CONTAINER_NAME)..." + docker exec -it $(DB_DOCKER_CONTAINER_NAME) bash -db\:chmod: - sudo chmod 600 $(DB_INFRA_SERVER_KEY) && sudo chmod 644 $(DB_INFRA_SERVER_CRT) -db\:secure\:show: - docker exec -it $(DB_DOCKER_CONTAINER_NAME) ls -l /etc/ssl/private/server.key && \ - docker exec -it $(DB_DOCKER_CONTAINER_NAME) ls -l /etc/ssl/certs/server.crt +# ============================================================================== +# SECURE MIGRATION COMMANDS +# These commands leverage the 'db-migrate' service defined in docker-compose.yml, +# which uses a custom script and Docker Secrets for maximum security. +# ============================================================================== db\:migrate: - @printf "\n$(BLUE)[DB]$(NC) Migration has started.\n" - @docker run -v $(DB_MIGRATE_VOL_MAP) --network $(ROOT_NETWORK) migrate/migrate -verbose -path=$(DB_MIGRATE_PATH) -database $(ENV_DB_URL) up - @printf "$(GREEN)[DB]$(NC) Migration has finished.\n\n" + @printf "\n--> Applying all available 'up' migrations...\n" + @docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) up + @printf "--> Migration finished.\n\n" db\:rollback: - @printf "\n$(RED)[DB]$(NC) Migration rollback has started.\n" - @docker run -v $(DB_MIGRATE_VOL_MAP) --network $(ROOT_NETWORK) migrate/migrate -verbose -path=$(DB_MIGRATE_PATH) -database $(ENV_DB_URL) down 1 - @printf "$(GREEN)[DB]$(NC) Migration rollback has finished.\n\n" + @printf "\n--> Rolling back the last applied migration...\n" + # The 'down 1' arguments are passed directly to our secure entrypoint script. + @docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) down 1 + @printf "--> Migration rollback finished.\n\n" -# --- Migrations db\:migrate\:create: - docker run -v $(DB_MIGRATE_VOL_MAP) --network $(ROOT_NETWORK) migrate/migrate create -ext sql -dir $(DB_MIGRATE_PATH) -seq $(name) + @echo "--> Creating new migration file named: $(name)" + # We override the service's default command to use 'create'. + # The arguments are passed to our secure entrypoint script via "$$@". + @docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) create -ext sql -dir /migrations -seq $(name) db\:migrate\:force: - docker run -v $(DB_MIGRATE_VOL_MAP) --network $(ROOT_NETWORK) migrate/migrate migrate -path $(DB_MIGRATE_PATH) -database $(ENV_DB_URL) force $(version) + @printf "\n--> Forcing migration to version $(version)...\n" + @docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) force $(version) + @printf "--> Force migration finished.\n\n" + + +# ============================================================================== +# SETUP & CONVENIENCE COMMANDS +# ============================================================================== + +db\:fresh: + @echo "--> Recreating database from a fresh state (all data will be lost)..." + make db:delete + make db:up + +db\:delete: + @echo "--> Stopping services and PERMANENTLY DELETING associated volumes..." + # The -v flag is crucial here; it removes the named volumes, deleting all data. + docker compose down -v --remove-orphans + +db\:secure: + @echo "--> Generating new self-signed SSL certificates..." + rm -f $(DB_INFRA_SERVER_CRT) $(DB_INFRA_SERVER_CSR) $(DB_INFRA_SERVER_KEY) + openssl genpkey -algorithm RSA -out $(DB_INFRA_SERVER_KEY) + openssl req -new -key $(DB_INFRA_SERVER_KEY) -out $(DB_INFRA_SERVER_CSR) -subj "/CN=oullin-db-ssl" + openssl x509 -req -days 365 -in $(DB_INFRA_SERVER_CSR) -signkey $(DB_INFRA_SERVER_KEY) -out $(DB_INFRA_SERVER_CRT) + @echo "--> SSL certificates created. The container will set its own key permissions on startup." + +db\:seed: + @echo "--> Running database seeder..." + # This assumes your Go seeder can connect to the Dockerized database. + # Ensure your .env file points to the correct DB host and port. + go run $(DB_SEEDER_ROOT_PATH)/main.go + +db\:local: + @echo "--> Connecting to local PostgreSQL instance..." + # This command is for connecting to a non-Dockerized local DB, as per your original file. + # It is kept for convenience if you ever run Postgres outside of Docker. + cd $(EN_DB_BIN_DIR) && \ + ./psql -h $(ENV_DB_HOST) -U $(ENV_DB_USER_NAME) -d $(ENV_DB_DATABASE_NAME) -p $(ENV_DB_PORT) + diff --git a/database/infra/scripts/run-migration.sh b/database/infra/scripts/run-migration.sh new file mode 100644 index 00000000..89200504 --- /dev/null +++ b/database/infra/scripts/run-migration.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +# Exit immediately if a command exits with a non-zero status. +set -e + +# Read the credentials from the Docker Secret files +DB_USER=$(cat /run/secrets/postgres_user) +DB_PASSWORD=$(cat /run/secrets/postgres_password) +DB_NAME=$(cat /run/secrets/postgres_db) + +# Construct the database URL using the values from the secrets +DATABASE_URL="postgres://${DB_USER}:${DB_PASSWORD}@api-db:5432/${DB_NAME}?sslmode=disable" + +# Execute the migrate tool, passing the constructed URL and any other arguments +# The "$@" passes along any arguments from the docker-compose command (like "up", "down 1", etc.) +migrate -path /migrations -database "${DATABASE_URL}" "$@" diff --git a/docker-compose.yml b/docker-compose.yml index a5aa6548..787968e4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -97,6 +97,25 @@ services: - caddy_net - oullin_net + api-db-migrate: + image: migrate/migrate:v4.18.3 + container_name: oullin_db_migrate + networks: + - oullin_net + volumes: + - ./database/infra/migrations:/migrations + - ./database/infra/scripts/run-migration.sh:/run-migration.sh + secrets: + - postgres_user + - postgres_password + - postgres_db + entrypoint: /run-migration.sh + command: "" + depends_on: + api-db: + condition: service_healthy + restart: no + api-db: # Ensure the database always restarts on server reboot or crash. restart: always From a817b3721591c54ad6ebd224f93865d45f5ad8c1 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 16:08:27 +0800 Subject: [PATCH 05/13] wip --- database/infra/scripts/healthcheck.sh | 19 +++++++++++++++++++ docker-compose.yml | 10 +++++----- 2 files changed, 24 insertions(+), 5 deletions(-) create mode 100755 database/infra/scripts/healthcheck.sh diff --git a/database/infra/scripts/healthcheck.sh b/database/infra/scripts/healthcheck.sh new file mode 100755 index 00000000..ad3bf8bf --- /dev/null +++ b/database/infra/scripts/healthcheck.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +# Exit immediately if any command fails. +set -e + +# Read the secrets into variables. This is more robust than direct command substitution. +DB_USER=$(cat /run/secrets/postgres_user) +DB_NAME=$(cat /run/secrets/postgres_db) + +# Explicitly check if the user variable is empty. If it is, fail immediately. +# This prevents the "role -d does not exist" error. +if [ -z "$DB_USER" ]; then + echo "Healthcheck Error: The postgres_user secret is empty or could not be read." >&2 + exit 1 +fi + +# Execute the final command. 'exec' replaces the shell process, which is slightly more efficient. +# The variables are double-quoted to handle any special characters safely. +exec pg_isready -U "$DB_USER" -d "$DB_NAME" diff --git a/docker-compose.yml b/docker-compose.yml index 787968e4..a42d3812 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -159,8 +159,9 @@ services: - oullin_db_data:/var/lib/postgresql/data # Mount SSL certs and config files as read-only (:ro) for security. - ./database/infra/ssl/server.crt:/etc/ssl/certs/server.crt:ro - - ./database/infra/ssl/server.key:/etc/ssl/private/server.key:ro + - ./database/infra/ssl/server.key:/etc/ssl/private/server.key - ./database/infra/config/postgresql.conf:/etc/postgresql/postgresql.conf:ro + - ./database/infra/scripts/healthcheck.sh:/healthcheck.sh:ro logging: driver: "json-file" @@ -173,11 +174,10 @@ services: command: > sh -c "chown postgres:postgres /etc/ssl/private/server.key && chmod 600 /etc/ssl/private/server.key && exec docker-entrypoint.sh -c 'config_file=/etc/postgresql/postgresql.conf'" - # --- Healthcheck. - # Docker will use this to verify whether the database is running and healthy - # and will restart the container if it fails. + # --- The test simply executes our robust script. All complex logic is inside it. + # We use CMD instead of CMD-SHELL because our file is an executable. healthcheck: + test: [ "CMD", "/healthcheck.sh" ] interval: 10s timeout: 5s retries: 5 - test: ["CMD-SHELL", "pg_isready -U $$(cat /run/secrets/db_user) -d $$(cat /run/secrets/db_name)"] From a615019f5f77f1d20c177d003478dfbce0c0573a Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 16:32:12 +0800 Subject: [PATCH 06/13] agnostic db creds --- config/makefile/db.mk | 5 +++++ docker-compose.yml | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/config/makefile/db.mk b/config/makefile/db.mk index 83af716d..c4eeabd7 100644 --- a/config/makefile/db.mk +++ b/config/makefile/db.mk @@ -8,12 +8,17 @@ DB_MIGRATE_SERVICE_NAME := db-migrate DB_SEEDER_ROOT_PATH := $(ROOT_PATH)/database/seeder DB_INFRA_ROOT_PATH := $(ROOT_PATH)/database/infra DB_INFRA_SSL_PATH := $(DB_INFRA_ROOT_PATH)/ssl +DB_INFRA_SCRIPTS_PATH := $(DB_INFRA_ROOT_PATH)/scripts # --- SSL Certificate Files DB_INFRA_SERVER_CRT := $(DB_INFRA_SSL_PATH)/server.crt DB_INFRA_SERVER_CSR := $(DB_INFRA_SSL_PATH)/server.csr DB_INFRA_SERVER_KEY := $(DB_INFRA_SSL_PATH)/server.key +db\:sh: + chmod +x $(DB_INFRA_SCRIPTS_PATH)/healthcheck.sh && \ + chmod +x $(DB_INFRA_SCRIPTS_PATH)/run-migration.sh + db\:up: @echo "--> Starting database service..." docker compose up $(DB_DOCKER_SERVICE_NAME) -d diff --git a/docker-compose.yml b/docker-compose.yml index a42d3812..3d2815dd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,11 +1,11 @@ # Define the source of the secrets on the host machine. secrets: postgres_user: - file: ./database/infra/secrets/postgres_user + file: ${POSTGRES_USER_SECRET_PATH:-./database/infra/secrets/postgres_user} postgres_password: - file: ./database/infra/secrets/postgres_password + file: ${POSTGRES_PASSWORD_SECRET_PATH:-./database/infra/secrets/postgres_password} postgres_db: - file: ./database/infra/secrets/postgres_db + file: ${POSTGRES_DB_SECRET_PATH:-./database/infra/secrets/postgres_db} volumes: caddy_data: @@ -177,7 +177,7 @@ services: # --- The test simply executes our robust script. All complex logic is inside it. # We use CMD instead of CMD-SHELL because our file is an executable. healthcheck: - test: [ "CMD", "/healthcheck.sh" ] + test: ["CMD", "/healthcheck.sh"] interval: 10s timeout: 5s retries: 5 From 07dbf3ee4e85ce99e506102d4936c220ef6a4803 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 16:42:05 +0800 Subject: [PATCH 07/13] clear db makefile --- config/makefile/db.mk | 69 ++++++------------------- database/infra/scripts/run-migration.sh | 0 2 files changed, 15 insertions(+), 54 deletions(-) mode change 100644 => 100755 database/infra/scripts/run-migration.sh diff --git a/config/makefile/db.mk b/config/makefile/db.mk index c4eeabd7..04cd5be5 100644 --- a/config/makefile/db.mk +++ b/config/makefile/db.mk @@ -1,4 +1,4 @@ - +# --- Docker Services DB_DOCKER_SERVICE_NAME := api-db DB_DOCKER_CONTAINER_NAME := oullin_db DB_MIGRATE_SERVICE_NAME := db-migrate @@ -16,87 +16,48 @@ DB_INFRA_SERVER_CSR := $(DB_INFRA_SSL_PATH)/server.csr DB_INFRA_SERVER_KEY := $(DB_INFRA_SSL_PATH)/server.key db\:sh: - chmod +x $(DB_INFRA_SCRIPTS_PATH)/healthcheck.sh && \ + chmod +x $(DB_INFRA_SCRIPTS_PATH)/healthcheck.sh chmod +x $(DB_INFRA_SCRIPTS_PATH)/run-migration.sh db\:up: - @echo "--> Starting database service..." docker compose up $(DB_DOCKER_SERVICE_NAME) -d db\:down: - @echo "--> Stopping database service..." docker compose stop $(DB_DOCKER_SERVICE_NAME) db\:logs: - @echo "--> Tailing logs for $(DB_DOCKER_CONTAINER_NAME)..." docker logs -f $(DB_DOCKER_CONTAINER_NAME) db\:bash: - @echo "--> Opening a bash shell in $(DB_DOCKER_CONTAINER_NAME)..." docker exec -it $(DB_DOCKER_CONTAINER_NAME) bash - -# ============================================================================== -# SECURE MIGRATION COMMANDS -# These commands leverage the 'db-migrate' service defined in docker-compose.yml, -# which uses a custom script and Docker Secrets for maximum security. -# ============================================================================== - -db\:migrate: - @printf "\n--> Applying all available 'up' migrations...\n" - @docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) up - @printf "--> Migration finished.\n\n" - -db\:rollback: - @printf "\n--> Rolling back the last applied migration...\n" - # The 'down 1' arguments are passed directly to our secure entrypoint script. - @docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) down 1 - @printf "--> Migration rollback finished.\n\n" - -db\:migrate\:create: - @echo "--> Creating new migration file named: $(name)" - # We override the service's default command to use 'create'. - # The arguments are passed to our secure entrypoint script via "$$@". - @docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) create -ext sql -dir /migrations -seq $(name) - -db\:migrate\:force: - @printf "\n--> Forcing migration to version $(version)...\n" - @docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) force $(version) - @printf "--> Force migration finished.\n\n" - - -# ============================================================================== -# SETUP & CONVENIENCE COMMANDS -# ============================================================================== - db\:fresh: - @echo "--> Recreating database from a fresh state (all data will be lost)..." make db:delete make db:up db\:delete: - @echo "--> Stopping services and PERMANENTLY DELETING associated volumes..." - # The -v flag is crucial here; it removes the named volumes, deleting all data. docker compose down -v --remove-orphans db\:secure: - @echo "--> Generating new self-signed SSL certificates..." rm -f $(DB_INFRA_SERVER_CRT) $(DB_INFRA_SERVER_CSR) $(DB_INFRA_SERVER_KEY) openssl genpkey -algorithm RSA -out $(DB_INFRA_SERVER_KEY) openssl req -new -key $(DB_INFRA_SERVER_KEY) -out $(DB_INFRA_SERVER_CSR) -subj "/CN=oullin-db-ssl" openssl x509 -req -days 365 -in $(DB_INFRA_SERVER_CSR) -signkey $(DB_INFRA_SERVER_KEY) -out $(DB_INFRA_SERVER_CRT) - @echo "--> SSL certificates created. The container will set its own key permissions on startup." db\:seed: - @echo "--> Running database seeder..." - # This assumes your Go seeder can connect to the Dockerized database. - # Ensure your .env file points to the correct DB host and port. go run $(DB_SEEDER_ROOT_PATH)/main.go -db\:local: - @echo "--> Connecting to local PostgreSQL instance..." - # This command is for connecting to a non-Dockerized local DB, as per your original file. - # It is kept for convenience if you ever run Postgres outside of Docker. - cd $(EN_DB_BIN_DIR) && \ - ./psql -h $(ENV_DB_HOST) -U $(ENV_DB_USER_NAME) -d $(ENV_DB_DATABASE_NAME) -p $(ENV_DB_PORT) +# -------------------------------------------------------------------------------------------------------------------- # +# --- Migrations +# -------------------------------------------------------------------------------------------------------------------- # +db\:migrate: + docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) up +db\:rollback: + docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) down 1 + +db\:migrate\:create: + docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) create -ext sql -dir /migrations -seq $(name) + +db\:migrate\:force: + docker-compose run --rm $(DB_MIGRATE_SERVICE_NAME) force $(version) diff --git a/database/infra/scripts/run-migration.sh b/database/infra/scripts/run-migration.sh old mode 100644 new mode 100755 From ae7c55995cdfb20a951b128730ce4a7428e19e54 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 16:45:49 +0800 Subject: [PATCH 08/13] typo --- config/makefile/db.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/makefile/db.mk b/config/makefile/db.mk index 04cd5be5..cdd414c1 100644 --- a/config/makefile/db.mk +++ b/config/makefile/db.mk @@ -1,7 +1,7 @@ # --- Docker Services DB_DOCKER_SERVICE_NAME := api-db DB_DOCKER_CONTAINER_NAME := oullin_db -DB_MIGRATE_SERVICE_NAME := db-migrate +DB_MIGRATE_SERVICE_NAME := api-db-migrate # --- Paths # Define root paths for clarity. Assume ROOT_PATH is exported or defined. From c26d1ccb9ce0303dfb49c9008304429e0e348c45 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 16:49:49 +0800 Subject: [PATCH 09/13] PHONY --- config/makefile/db.mk | 3 ++ database/infra/ssl/server.crt | 35 +++++++++++------------ database/infra/ssl/server.csr | 28 +++++++++---------- database/infra/ssl/server.key | 52 +++++++++++++++++------------------ 4 files changed, 58 insertions(+), 60 deletions(-) diff --git a/config/makefile/db.mk b/config/makefile/db.mk index cdd414c1..abdcfd07 100644 --- a/config/makefile/db.mk +++ b/config/makefile/db.mk @@ -1,3 +1,6 @@ +.PHONY: db\:sh db\:up db\:down db\:logs db\:bash db\:fresh +.PHONY: db\:secure db\:seed db\:migrate db\:migrate\:create db\:migrate\:force db\:rollback + # --- Docker Services DB_DOCKER_SERVICE_NAME := api-db DB_DOCKER_CONTAINER_NAME := oullin_db diff --git a/database/infra/ssl/server.crt b/database/infra/ssl/server.crt index 712050da..f32c6ec0 100644 --- a/database/infra/ssl/server.crt +++ b/database/infra/ssl/server.crt @@ -1,21 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIDXzCCAkegAwIBAgIUWxAMKcyluk3SNEt4TcADDjHJXkIwDQYJKoZIhvcNAQEL -BQAwWDELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCVNpbmdhcG9yZTESMBAGA1UEBwwJ -U2luZ2Fwb3JlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwHhcN -MjUwNjEyMDU0MDU5WhcNMjYwNjEyMDU0MDU5WjBYMQswCQYDVQQGEwJTRzESMBAG -A1UECAwJU2luZ2Fwb3JlMRIwEAYDVQQHDAlTaW5nYXBvcmUxITAfBgNVBAoMGElu -dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBAMTiv4dRLuAQxDTnqGpNsbzVcpURFQVVPrMHh0NErl+2lFJX0TsFT+RH -yZ7vLHIdDZml+q20wcjSufme1o9N6xfQgulR/gIC2+23nRZm346Djeln8jrKXuhc -hqJvXJ5kJHohqvqakJcZr917dCPgAj8+Oi1b0bqKvc9EFmj/13E1CNg/93SZMZ/b -5sKsb5lLnrFrPj3zOQ00s8nsHbKcgroQqn2/+fuB+VsqvWIOPvc3hp+LNW3oKB87 -SZoup8BcimFt0010dHW01mnUwEyWQKYbAW3Xo7VIG8nXlrYdnVxrTFMLFfIH4ovy -9/IcpQLjY8kThDOJpFMnlEEjsZM4b88CAwEAAaMhMB8wHQYDVR0OBBYEFDnRqEBr -jtJNNQ5Q64hJI2NrAEGvMA0GCSqGSIb3DQEBCwUAA4IBAQBdEYLNEA2hC63zu8Mw -n3LFU2xqFhSSB9HtsevEg7aurK8vVMCgsB6leqAIIw+/6eOyjz68qi587LijhrNU -Lgr91uNjTG2p0XFey/y3BdAQUQDE5Cq5rjiMRjFdVQ2U6rZ7htgN34vbfarMTNTc -o+Wp3qQMRYupN6dQfQBNRZRCtGYmgr/TD57l8nq2vAD0EOZGyDI3dFIOX0n5Rgtw -0KPf1ETRtmIF5Mvu8sRwwBhwyCML51w96nl6LTafe3aWPiA+s2lNrjTYeo5Fo1OW -U3cmz6QU2V7g3D66Q/uR41j31vXD/YmdP/4rMPs4HMh6czQe2lX0AbQt2gsZOMLH -nMMy +MIIC3zCCAcegAwIBAgIUXlaSxCWlFCDRoFRl/8l3DMcjpdMwDQYJKoZIhvcNAQEL +BQAwGDEWMBQGA1UEAwwNb3VsbGluLWRiLXNzbDAeFw0yNTA2MjcwODQ4MjZaFw0y +NjA2MjcwODQ4MjZaMBgxFjAUBgNVBAMMDW91bGxpbi1kYi1zc2wwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3cPhltyNaQs4WMcZI7iAwwCGvJpqVp2dh +kcAnpiAaMmDrZ9h9UmjuykbsLZ3RX8FCg24x8+9SxQ74hQCMxvteXzLxLiafA2Js +OZxo5525oF6n3aQ4XLzgGChGN03DkwbUfSVsDknUGckgYEF5tWwxFsIj1dqUD7YK +uf181DgNBu2i65nJVFykprSgteGWhYX5j+LJLf6zMgdtoSwQEhpw+BmJhpFDtyOm +YzkZ/FBMqAwXMwcBXuwodQS9jju4JVrX/weJaO8NPKkQUuPVsWoe42KRyax8Fl7J +As9vdGEmNiR8mHjefmXQ9du/ZFK5x8lGgsC2w1Xxz9KMmKRK+nLlAgMBAAGjITAf +MB0GA1UdDgQWBBRAGDkpPnop/4bkOuQWGtmKPbFQ9zANBgkqhkiG9w0BAQsFAAOC +AQEAD/KdBU3KRNUc5nuDAt1f8A0lyfiWLI3oDzKzHrQJcBiIq6Pr13Bm0AR8iE7N +W/kae4P6jMHkT59G+rY5oyyiUZVd2MRTIAoOxygZKWYxhY8/w2pysEvRwt9K0EUE +L7DmUA6Ej9TpaoqsJxXudvIj0yYEAivGbX2bwUjYQ7e/ZEPiOWZuG59WxEpOOvYa +ArcwuDJWLy7PQGrYPemq3+5CWK8J90Bbfo+XaMoxwxoJeQfsi5Rv7h1mgoQw/0Sq +3rE6AGABB1qITaiNeEs7R70usZRbD/0vp7LCjTDWcB+57CyYH0XyroZMjB6ppZaA +S5KG2GORDjqu+CKJjn2ne0YxWQ== -----END CERTIFICATE----- diff --git a/database/infra/ssl/server.csr b/database/infra/ssl/server.csr index d970e25b..cab7c1a3 100644 --- a/database/infra/ssl/server.csr +++ b/database/infra/ssl/server.csr @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE REQUEST----- -MIICnTCCAYUCAQAwWDELMAkGA1UEBhMCU0cxEjAQBgNVBAgMCVNpbmdhcG9yZTES -MBAGA1UEBwwJU2luZ2Fwb3JlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0 -eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE4r+HUS7gEMQ0 -56hqTbG81XKVERUFVT6zB4dDRK5ftpRSV9E7BU/kR8me7yxyHQ2ZpfqttMHI0rn5 -ntaPTesX0ILpUf4CAtvtt50WZt+Og43pZ/I6yl7oXIaib1yeZCR6Iar6mpCXGa/d -e3Qj4AI/PjotW9G6ir3PRBZo/9dxNQjYP/d0mTGf2+bCrG+ZS56xaz498zkNNLPJ -7B2ynIK6EKp9v/n7gflbKr1iDj73N4afizVt6CgfO0maLqfAXIphbdNNdHR1tNZp -1MBMlkCmGwFt16O1SBvJ15a2HZ1ca0xTCxXyB+KL8vfyHKUC42PJE4QziaRTJ5RB -I7GTOG/PAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAw3nsoZiDVo7JxZu3fopX -7Ms/mV+BC9eEchwfxoYb5wxP3N59FJyeD6EgBXl95D+64JYUPN3eJKR8y5oZdmPb -I+W8zsYR2j49KYl4ml5enP516LG4eeraoHxYk8P/4ediOpNqHqi5cSx8S2/WCs8E -zXj36eVgJ5JkvRqRIVJwN97GM25/jkRYKd7bgDS/rsZrx4GZ9zjtHwNWO2cqGlNR -uTcxZmq6rDwFY9y6OAyB7C+7RdtbpX7tWVLVEg/Jhe18nR6fBYuo7WQzM6TUt/B7 -IZsABy6wllGEq3TpKJcfgJWQfO97kiS5BQM9AKGsViPEa/XyKxX+5JbHliQ3K9ci -oA== +MIICXTCCAUUCAQAwGDEWMBQGA1UEAwwNb3VsbGluLWRiLXNzbDCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBALdw+GW3I1pCzhYxxkjuIDDAIa8mmpWnZ2GR +wCemIBoyYOtn2H1SaO7KRuwtndFfwUKDbjHz71LFDviFAIzG+15fMvEuJp8DYmw5 +nGjnnbmgXqfdpDhcvOAYKEY3TcOTBtR9JWwOSdQZySBgQXm1bDEWwiPV2pQPtgq5 +/XzUOA0G7aLrmclUXKSmtKC14ZaFhfmP4skt/rMyB22hLBASGnD4GYmGkUO3I6Zj +ORn8UEyoDBczBwFe7Ch1BL2OO7glWtf/B4lo7w08qRBS49Wxah7jYpHJrHwWXskC +z290YSY2JHyYeN5+ZdD1279kUrnHyUaCwLbDVfHP0oyYpEr6cuUCAwEAAaAAMA0G +CSqGSIb3DQEBCwUAA4IBAQAAxwg4Y2e16tACOm4iFETAkT7zhmZHG3zWiXPrTM5a +kSGGbQNkbpCqBxB+8V6PEXOUVI7CwSz7O/qq46Y4Py+qHwjhH2NKSUiXuAne92Z7 +FKawYaK8LLafISZrGl/FfUE9wIyILnYfKl/RJa21Rj66nZlUfbVhA8NfIeHHz5Am +Gma8LEkhPt4cX6fdEsw6fsyGOpxc3WAoEk73p0AjahvnyS5MFINasftvdAs1H8ef +8wgIQbVblS+NSwcDc3hnSsm9itdcmzG6hpyD1aaJkX7Y/+zWJnhyW6EEVPJWGqNj +c4ENieqTtCOWKG1fV/tRd2UpGT2T95+2JpJISD26TPcJ -----END CERTIFICATE REQUEST----- diff --git a/database/infra/ssl/server.key b/database/infra/ssl/server.key index f069e610..1e3bc15e 100644 --- a/database/infra/ssl/server.key +++ b/database/infra/ssl/server.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDE4r+HUS7gEMQ0 -56hqTbG81XKVERUFVT6zB4dDRK5ftpRSV9E7BU/kR8me7yxyHQ2ZpfqttMHI0rn5 -ntaPTesX0ILpUf4CAtvtt50WZt+Og43pZ/I6yl7oXIaib1yeZCR6Iar6mpCXGa/d -e3Qj4AI/PjotW9G6ir3PRBZo/9dxNQjYP/d0mTGf2+bCrG+ZS56xaz498zkNNLPJ -7B2ynIK6EKp9v/n7gflbKr1iDj73N4afizVt6CgfO0maLqfAXIphbdNNdHR1tNZp -1MBMlkCmGwFt16O1SBvJ15a2HZ1ca0xTCxXyB+KL8vfyHKUC42PJE4QziaRTJ5RB -I7GTOG/PAgMBAAECggEAPQPgQzk/g6TuiU65fKgzSsgDSHsQvqRaV/UfUBN6zqKw -eIxKhTXyOlac/yoz5fFnA5TSiP6Zh3j2tYsqByMolirCRzhntYvZSGQ8xHKBGZNf -aVQTV3Db1LrH5pMIavWx8D9600sPQCRvwf2+UlfbmmnYcbIg3uScSh1ZrJSM2cIA -lifcZfkBlN4/Z7dm09XHcM9+tTmMvc+L5DwYjvmRhNByoFJ0w4kAgDA5I9YTL1mh -TP7u4ABEt2QG4Yic4T1o0pc/dbSGqCYSdizyow6ybtUCScIp1kOKZNdLt8PX+E2m -ZrOVIUHiLdJhwogmGXWXV/emV49j8CuA0sD/5TNEAQKBgQDmnKgBut406Ef7enld -jE1baq5YnZsIUI+ex7b+2Um9ivQS0HXF27mZ6uK6wCknWU8D4wZ0oo8bRUUnwAir -+CTX0e5RJ7AJRFWRtsQNCGUyRR0gANEQ4mE2fzmKdqkGiXFUKV++1EFax4UZ9LnP -UyPI0GKoMJL2zrC6c4aZYSJVAQKBgQDaj5XPYmNKL82LQqsipeeowugpgXwwixRv -YvX2GOZDbVqQW0U/uHPyUWQNK0uUiTOAAYNrLALM3+bGwF2deeOF48WQdFHJpLhz -daNBstfsM3iI4ZzgT8vjZV5JXfBetNsuFLh5+FopsKh1b3v8T+Gtm02hw1BHH3un -OuxYH7G0zwKBgQC4ZkOhPn835xTH7aLmPq4Mjz1h9oRlHaX53NBi7/Sa72VDNhU2 -ZQAAJ2Ws1sMRh8Q642niEapEsBsgMdm9SOqM+HyLwCRvBIk3vuD9Wt0wWTt0v7Js -wdfh79Fe+oslgvlvxrWcrbSkli3EF4AMW/qdNKPuwQiC+bsvG/lg497EAQKBgQCO -qU6mMZiR4iYOkpPWZ+iQtbiI7yY7IW1TT4sw+gvDU2vb8ld/Qk0cjJf8KJiK+guN -sG8x02Z4iGXAsevpUJh82rIommSQdF6Zrt3DkpNycB5raqjVmgCCC7bBuPmfN/oh -WBEaPEvODqvHC+AoT5QFl+vSfQS3iAtUmxeOZhG+7QKBgQC2JBiOMKQOW0rYsM1l -Ujx1uBXDM7QQCWHsUN10PHAnveQIcI1isqEv0/3ORqEygex28pcVoyiAedOXqbxK -cvUVx4rq59UZZNAMnHDu9Dm51oREznpIfbJuAMHWaWrx0pxoTnC7ofDw7gt7GphX -FEnxdXYANHYh0S2EiXIsS8oNlA== +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3cPhltyNaQs4W +McZI7iAwwCGvJpqVp2dhkcAnpiAaMmDrZ9h9UmjuykbsLZ3RX8FCg24x8+9SxQ74 +hQCMxvteXzLxLiafA2JsOZxo5525oF6n3aQ4XLzgGChGN03DkwbUfSVsDknUGckg +YEF5tWwxFsIj1dqUD7YKuf181DgNBu2i65nJVFykprSgteGWhYX5j+LJLf6zMgdt +oSwQEhpw+BmJhpFDtyOmYzkZ/FBMqAwXMwcBXuwodQS9jju4JVrX/weJaO8NPKkQ +UuPVsWoe42KRyax8Fl7JAs9vdGEmNiR8mHjefmXQ9du/ZFK5x8lGgsC2w1Xxz9KM +mKRK+nLlAgMBAAECggEAF5wnrFfE6hIdGkgvwCU96WhhLXzneomASdOLis7b5ONF +DCdiesbHkKxiMnWwkUkkw53M6gr+a4XHZn8f0f6uTbgtA1OwTtkNquZDVlExQLn+ +VNa3EzYEbUdOr7LghGKBB4pP7bdtEyp6c3tQEg0irrLCLACTUGkxQfIsSQu7Zxmb +qWjMPDNX3llG8Fe5m87O1Kn4UoHzksgZHTzo+1dioRDITqYpUMPWI498TgdXlf7u +ayzH8mr65eGs4kQuzBxvYP0rRl0mlWU5TGQvVFDDr1KlLvPVzGz3PEdNjpac9l+O +q4LJ5MhW5DvWr4gxvrtqcl0/q/Zc8yqcblamTXQ0QQKBgQD+4aLQH1NRG7yxon7U +xVyQXPmsrx+AGz15JW+PztlclzpN7/0Pl38hh+kMugeKHfK0wFcgmBupvR10RvG4 +EoMAHO6Y4FadNRkXstu4Lxm1oDNqjMnZzWP8odDY5jfRkroAOa5ttgbigXp3h28c +ouR0Zzyr9EstwTTimWF9VGUstQKBgQC4PxHtHNR1jkgWTpdhsGZl87oVy5BbymBM +7cf8k8MEEO9gHkXMH3O9Td1Ue0gYipd25lixx1lf9CvtsxDnTn45Lm/vU77cClfe +pa7mrlQ1Db76ASTywRDIB513ftJKKqvpKxsq4vV5ZilUB+r5msh3cnqtFBvtQ9R2 +VxgN+3Q7cQKBgQCEXcPDF/GZ9rCpA72gXBq1MkPLxWqzifID30gvw/moFzWFUjP3 +C/NPA5kpLddKiEEKU7UrzTLYlMkeINXZhWuY/G2A4Ui5/eBZKV7oKTXN2DO7iwAs +53ics6CVdAHbCbsk8M/AVD8BFML4HlK66XGBbjfZCVadnXAMmiFCCDk+3QKBgFf+ +p00ba80JOxyMRHh/iyg+Ey29nyB3sy6KkezrlUQn4muBicxHaTuMKJzklDZEWrqK +oOmnT+Qn9aL81qHiNx6QMx2WXZ0xw22uq624rLb57a/xQ/g8hQtDt80OYNjTMG+Y +Cs2cv6hPRoW/klXLutpxbm2jIQNcVeh/CBoFcinBAoGACQfApcPTA05j8WXfIpla +VR+lpN9msvArCw3XPkwOMvVGATpTckvutC3wo6QnRaTrlXm1q26hcmElb4Sd32Xn +KxQt2QpHTfsqi3in/kuqZAKl4l+Ah1Qt5++pTJ8o2bsRA9fqkWr2dSyCB3E3IjbJ +R3uIEjvEUKqYUCu8SoEQhm4= -----END PRIVATE KEY----- From 4d469bf0d7f9a00cd9ddbf344411b71d1b653c57 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 16:53:26 +0800 Subject: [PATCH 10/13] format --- config/makefile/infra.mk | 6 ------ 1 file changed, 6 deletions(-) diff --git a/config/makefile/infra.mk b/config/makefile/infra.mk index 93bb4cff..1759c9d2 100644 --- a/config/makefile/infra.mk +++ b/config/makefile/infra.mk @@ -4,25 +4,19 @@ ___API__SUPERVISOR := oullin-api supv\:api\:status: - @printf "\n$(YELLOW)[supervisor]$(NC) - $(CYAN)$(___API__SUPERVISOR) status.$(NC)" @sudo supervisorctl status $(___API__SUPERVISOR) supv\:api\:start: - @printf "\n$(YELLOW)[supervisor]$(NC) - $(CYAN)$(___API__SUPERVISOR) start command sent.$(NC)" @sudo supervisorctl start $(___API__SUPERVISOR) supv\:api\:stop: - @printf "\n$(YELLOW)[supervisor]$(NC) - $(CYAN)$(___API__SUPERVISOR) stop command sent.$(NC)" @sudo supervisorctl stop $(___API__SUPERVISOR) supv\:api\:restart: - @printf "\n$(YELLOW)[supervisor]$(NC) - $(CYAN)$(___API__SUPERVISOR) restart command sent.$(NC)" @sudo supervisorctl restart $(___API__SUPERVISOR) supv\:api\:logs: - @printf "\n$(YELLOW)[supervisor]$(NC) - $(CYAN)$(___API__SUPERVISOR) logs. (Press Ctrl+C to exit)$(NC)" @sudo tail -f /var/log/supervisor/$(___API__SUPERVISOR).log supv\:api\:logs-err: - @printf "\n$(YELLOW)[supervisor]$(NC) - $(CYAN)$(___API__SUPERVISOR) error logs. (Press Ctrl+C to exit)$(NC)" @sudo tail -f /var/log/supervisor/$(___API__SUPERVISOR).err.log From 6541fcfb0b944046750c1b8a02869ed7fa32d78f Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 16:56:06 +0800 Subject: [PATCH 11/13] we do not use local data anymore --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index e8588ecc..4272630e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,6 @@ # --- [API]: Root .env .env.production -database/infra/data tmp # --- [API]: Storage From f516152c7e3697630c5cb81fb8ff84b7833b2ec0 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 17:08:31 +0800 Subject: [PATCH 12/13] fix host --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 3d2815dd..fe7be2dc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -74,7 +74,7 @@ services: - .env environment: # This ensures the API connects to the correct database container. - ENV_DB_HOST: postgres + ENV_DB_HOST: api-db # This ensures the Go web server listens for connections from other # containers (like Caddy), not just from within itself. ENV_HTTP_HOST: 0.0.0.0 From 6cd5b960f87d711970ce9cd0a4862c944bbbc597 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 27 Jun 2025 17:40:37 +0800 Subject: [PATCH 13/13] fresh --- config/makefile/app.mk | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/config/makefile/app.mk b/config/makefile/app.mk index 7c92242a..747664f8 100644 --- a/config/makefile/app.mk +++ b/config/makefile/app.mk @@ -4,12 +4,14 @@ format: gofmt -w -s . fresh: - rm -rf $(DB_INFRA_DATA_PATH) && \ docker compose down --remove-orphans && \ docker container prune -f && \ docker image prune -f && \ docker volume prune -f && \ docker network prune -f && \ + docker system prune -a --volumes -f && \ + docker ps -aq | xargs --no-run-if-empty docker stop && \ + docker ps -aq | xargs --no-run-if-empty docker rm && \ docker ps audit: