feat(01-01): add five-service compose stack and postgres init script
- Rewrite docker-compose.yml with postgres, minio, redis, backend, celery-worker, frontend - Use postgres:17-alpine, minio/minio:latest, redis:7-alpine with health checks - backend and celery-worker depend on all three infra services (service_healthy) - Add docker/postgres/initdb.d/01-init-users.sql to provision docuvault_app and docuvault_migrate - Remove ./backend/data:/app/data volume mount per D-04 - Add top-level postgres_data and minio_data named volumes - Add .gitignore to exclude .env from version control (D-11)
This commit is contained in:
curo1305
@@ -0,0 +1,12 @@
|
||||
-- docker/postgres/initdb.d/01-init-users.sql
|
||||
-- Runs as the POSTGRES_USER (postgres superuser) on first container start only.
|
||||
-- Note: Table-level grants (USAGE ON SCHEMA public, SELECT/INSERT/UPDATE/DELETE ON ALL TABLES,
|
||||
-- ALTER DEFAULT PRIVILEGES) are issued by the Alembic initial migration (Plan 03), not here.
|
||||
|
||||
-- Migration user: DDL privileges (CREATE TABLE, ALTER TABLE, CREATE INDEX)
|
||||
CREATE USER docuvault_migrate WITH PASSWORD 'changeme_migrate';
|
||||
GRANT ALL PRIVILEGES ON DATABASE docuvault TO docuvault_migrate;
|
||||
|
||||
-- App user: runtime DML only (SELECT, INSERT, UPDATE, DELETE) — no DDL
|
||||
CREATE USER docuvault_app WITH PASSWORD 'changeme_app';
|
||||
GRANT CONNECT ON DATABASE docuvault TO docuvault_app;
|
||||
Reference in New Issue
Block a user