Added CT: Postgresql

CT-Build/Debian.Jenkinsfile

@@ -7,7 +7,7 @@ pipeline {
         string defaultValue: '192.168.200.11', description: 'Proxy server for packages, when enabled', name: 'ProxyServer'
         booleanParam description: 'will disable use of proxy server', name: 'DisProxy'
         checkboxParameter(name: 'ImgVariantList', format: 'JSON', displayNodePath: "//Variants/Variant", valueNodePath: "//Variants/Variant", description: 'Select the variant(s) that should be build',
-            pipelineSubmitContent: '{"Variants": [{"Variant": "minimal"},{"Variant": "default"},{"Variant": "jenkinsbuilder"},{"Variant": "imgbuilder"},{"Variant": "jenkins"},{"Variant": "mysql"},{"Variant": "pihole"},{"Variant": "collabora"},{"Variant": "jellyfin"},{"Variant": "domoticz"},{"Variant": "omadaV3"},{"Variant": "docker"},{"Variant": "smb"},{"Variant": "x2go"},{"Variant": "aptcacherng"},{"Variant": "nfs"},{"Variant": "duplicati"},{"Variant": "fileshelter"},{"Variant": "esphome"}]}')
+            pipelineSubmitContent: '{"Variants": [{"Variant": "minimal"},{"Variant": "default"},{"Variant": "jenkinsbuilder"},{"Variant": "imgbuilder"},{"Variant": "jenkins"},{"Variant": "mysql"},{"Variant": "pihole"},{"Variant": "collabora"},{"Variant": "jellyfin"},{"Variant": "domoticz"},{"Variant": "omadaV3"},{"Variant": "docker"},{"Variant": "smb"},{"Variant": "x2go"},{"Variant": "aptcacherng"},{"Variant": "nfs"},{"Variant": "duplicati"},{"Variant": "fileshelter"},{"Variant": "esphome"},{"Variant": "postgresql"}]}')
     }
     options {
         skipDefaultCheckout()

CT-Build/Debian.yaml

@@ -1092,6 +1092,7 @@ files:
   - mysql
   - pihole
   - docker
+  - postgresql
   
   #FilesForJenkinsVariant
 - path: /root/ReadMe
@@ -1192,6 +1193,13 @@ files:
   variants:
   - esphome
 
+#FileForPostgresql
+- path: /opt/Setup
+  generator: copy
+  source: CT-Files/postgresql
+  variants:
+  - postgresql
+
 packages:
   manager: apt
   update: true
@@ -1216,6 +1224,7 @@ packages:
     - nfs
     - duplicati
     - fileshelter
+    - postgresql
 
   #Https Repo pkgs    
   - packages:
@@ -1238,6 +1247,7 @@ packages:
     - duplicati
     - fileshelter
     - esphome
+    - postgresql
 
   #Minimal pkgs
   - packages:
@@ -1531,6 +1541,17 @@ packages:
     variants:
     - esphome
 
+#postgresql pkgs
+  - packages:
+    - postgresql
+    - pgadmin4-server
+    - nano
+    - uwsgi
+    - uwsgi-plugin-python3
+    action: install
+    variants:
+    - postgresql
+
   repositories:
   - name: sources.list
     url: |-
@@ -1609,6 +1630,15 @@ packages:
     variants:
     - fileshelter
 
+#postgresql Repo
+  - name: postgresql.list
+    url: |-
+      deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] https://apt.postgresql.org/pub/repos/apt {{ image.release }}-pgdg main
+      deb [signed-by=/usr/share/keyrings/pgadmin-keyring.gpg] https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt/{{ image.release }} pgadmin4 main
+    variants:
+    - postgresql
+
+
 actions:
 - trigger: post-unpack
   action: |-
@@ -1664,6 +1694,7 @@ actions:
   - duplicati
   - fileshelter
   - esphome
+  - postgresql
 
 #Move App update script for ProxmoxHelper/ProxMoxToolKit, if CT has this script
 - trigger: post-files
@@ -1783,6 +1814,14 @@ actions:
   variants:
   - fileshelter
 
+#postgresql and pgadmin Repo key
+- trigger: post-unpack
+  action: |-
+    #!/bin/sh
+    curl --retry 7 --retry-delay 5 -L -s https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor > /usr/share/keyrings/postgresql-keyring.gpg
+    curl --retry 7 --retry-delay 5 -L -s https://www.pgadmin.org/static/packages_pgadmin_org.pub | gpg --dearmor > /usr/share/keyrings/pgadmin-keyring.gpg
+  variants:
+  - postgresql
 
 mappings:
   architecture_map: debian

CT-Files/postgresql/Configs/pgadmin-config_local.py

@@ -0,0 +1,22 @@
+#pgAdmin Custom config
+
+##########################################################################
+# Misc stuff
+##########################################################################
+
+# Languages we support in the UI
+LANGUAGES = {
+    'en': 'English'  
+}
+
+##########################################################################
+# External Database Settings
+##########################################################################
+CONFIG_DATABASE_URI = 'postgresql://pgadmin:DBPassword@localhost:5432/pgadmin'
+
+##########################################################################
+# In server mode, SHARED_STORAGE settings
+##########################################################################
+
+# Locations
+SHARED_STORAGE = [{ 'name': 'Shared-Storage', 'path': '/var/lib/pgadmin/storage/shared', 'restricted_access': True}]

CT-Files/postgresql/Configs/pgadmin-server-import.json

@@ -0,0 +1,17 @@
+{
+    "Servers": {
+        "1": {
+            "Name": "localhost",
+            "Group": "Servers",
+            "Host": "localhost",
+            "Port": 5432,
+            "MaintenanceDB": "postgres",
+            "Username": "postgres",
+            "ConnectionParameters": {
+                "sslmode": "prefer",
+                "passfile": "Shared-Storage:/pgpassfile"
+            },
+            "Tags": []
+        }
+    }
+}

CT-Files/postgresql/Configs/pgadmin-user-preferences.json

@@ -0,0 +1,6 @@
+{
+    "preferences":
+        {
+            "misc:themes:theme": "system"
+        }
+}

CT-Files/postgresql/Configs/pgadmin-uwsgi.ini

@@ -0,0 +1,12 @@
+[uwsgi]
+http-socket= :80
+chdir = /usr/pgadmin4/web/
+module = pgAdmin4:application
+threads = 25
+processes = 1
+wsgi-file = pgAdmin4.wsgi
+mount = /pgadmin=pgAdmin4:app
+manage-script-name = true
+chmod-socket = 660
+plugins = python3
+home = /usr/pgadmin4/venv

CT-Files/postgresql/Configs/pgadmin.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=pgAdmin uwsgi service
+
+[Service]
+ExecStart=/bin/uwsgi-core \
+        --ini /etc/uwsgi/apps-available/pgadmin.ini
+User=pgadmin
+Group=www-data
+Restart=on-failure
+KillSignal=SIGQUIT
+Type=notify
+StandardError=journal
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target

CT-Files/postgresql/Configs/pgpassfile

@@ -0,0 +1,2 @@
+localhost:5432:*:postgres:Password
+127.0.0.1:5432:*:postgres:Password

CT-Files/postgresql/Scripts/FirstRun.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+read -p "Enter your e-mail for pgAdmin login: " PostgressAdminMail
+read -p "Enter new password for pgAdmin and postgresql database admin: " -s NewPostgressPassword
+echo
+echo "Please wait..."
+
+#Configure Postgresql
+su postgres -c "psql -c \"alter user postgres with password '$NewPostgressPassword';\""
+
+#Configure pgAdmin
+##Create pgadmin db for storing pgAdmin config 
+PGADMIN_DB_PASSWORD=$(dd bs=20 count=1 if=/dev/urandom | base64 | tr +/ _.)
+su postgres -c "psql -c \"CREATE ROLE pgadmin WITH LOGIN NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT NOREPLICATION NOBYPASSRLS CONNECTION LIMIT 25 PASSWORD '$PGADMIN_DB_PASSWORD';\""
+su postgres -c "psql -c \"CREATE DATABASE pgadmin WITH OWNER = pgadmin ENCODING = 'UTF8' LOCALE_PROVIDER = 'libc' CONNECTION LIMIT = -1 IS_TEMPLATE = False;\""
+sed -i "s/DBPassword/$PGADMIN_DB_PASSWORD/" /usr/pgadmin4/web/config_local.py
+
+##Setup the pgAdmin base
+export PGADMIN_SETUP_EMAIL=$PostgressAdminMail
+export PGADMIN_SETUP_PASSWORD=$NewPostgressPassword
+su -pc "/usr/pgadmin4/venv/bin/python3 /usr/pgadmin4/web/setup.py setup-db" pgadmin 
+systemctl restart pgadmin
+
+## add localhost postges server as connection is pgAdmin
+sed -i "s/Password/$NewPostgressPassword/" /opt/Setup/Configs/pgpassfile
+mv /opt/Setup/Configs/pgpassfile /var/lib/pgadmin/storage/shared/pgpassfile
+chown pgadmin: /var/lib/pgadmin/storage/shared/pgpassfile
+chmod 600 /var/lib/pgadmin/storage/shared/pgpassfile
+/usr/pgadmin4/venv/bin/python3 /usr/pgadmin4/web/setup.py load-servers /opt/Setup/Configs/pgadmin-server-import.json --user $PostgressAdminMail
+
+## Set user preferences (i.e. set the theme to system)
+/usr/pgadmin4/venv/bin/python3 /usr/pgadmin4/web/setup.py set-prefs $PostgressAdminMail --input-file /opt/Setup/Configs/pgadmin-user-preferences.json 
+
+##Clean-up
+rm /root/ReadMe /opt/Setup/Configs/pgadmin-server-import.json /opt/Setup/Configs/pgadmin-user-preferences.json
+

CT-Files/postgresql/Scripts/Init.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+#Setup postgresql
+printf "\n#User entries (Make sure to reload postgressql after updating this file) \n# TYPE  DATABASE        USER            ADDRESS                 METHOD\n" >> /etc/postgresql/17/main/pg_hba.conf
+sed -i "s|#listen_addresses = 'localhost'|listen_addresses = '*'   |" /etc/postgresql/17/main/postgresql.conf
+
+#Setup pgadmin
+adduser --system --shell /bin/false --ingroup www-data --disabled-password  --disabled-login  --home /var/lib/www/pgadmin pgadmin
+mkdir -p /var/log/pgadmin /var/lib/pgadmin/storage/shared
+chown pgadmin: /var/log/pgadmin /var/lib/pgadmin -R
+mv /opt/Setup/Configs/pgadmin-uwsgi.ini /etc/uwsgi/apps-available/pgadmin.ini
+mv /opt/Setup/Configs/pgadmin-config_local.py /usr/pgadmin4/web/config_local.py
+
+#Setup uwsgi service for pgadmin
+mv /opt/Setup/Configs/pgadmin.service /lib/systemd/system/pgadmin.service
+chmod +x /lib/systemd/system/pgadmin.service
+setcap 'cap_net_bind_service=+ep' /bin/uwsgi-core

Readme.md

@@ -35,6 +35,7 @@ This can be done on a privileged Debian CT (make sure to enable the Fuse, Nestin
 | duplicati | Debian | Duplicati backup software |
 | fileshelter | Debian | FileShelter file shareing software |
 | esphome | Debian | ESPHome software to manage wifi-MCUs|
+| postgresql | Debian | PostgreSQL server with pgAdmin|
 | elkarbackupALP  `(Deprecated, Requires PHP  7.4)`| Alpine | ElkarBackup rsyncsnapshot server |
 | gitea | Alpine | Gitea server |
 | nginx | Alpine | Nginx server for reverse-proxy use |
@@ -274,6 +275,10 @@ lxc.mount.entry: /dev/ttyACM-Zwave dev/ttyACM-Zwave none bind,optional,create=fi
 ## esphome
 * Available on http://`<ip>`:6052
 
+## postgresql
+* Run the FistRun script  in the container `ash /opt/Setup/Scripts/FirstRun.sh`
+* After this pgAdmin is available on http://`<ip>`:80,
+
 ## uptimekuma
 * Available on http://`<ip>`:80