Skip to content

Commit

Permalink
Merge branch 'master' into enable-image-overrides
Browse files Browse the repository at this point in the history
  • Loading branch information
josegonzalez authored Nov 25, 2024
2 parents 627ebb5 + 88ad80c commit e844659
Show file tree
Hide file tree
Showing 8 changed files with 113 additions and 4 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1 +1 @@
FROM postgres:17.0
FROM postgres:17.1
38 changes: 37 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# dokku postgres [![Build Status](https://img.shields.io/github/actions/workflow/status/dokku/dokku-postgres/ci.yml?branch=master&style=flat-square "Build Status")](https://github.com/dokku/dokku-postgres/actions/workflows/ci.yml?query=branch%3Amaster) [![IRC Network](https://img.shields.io/badge/irc-libera-blue.svg?style=flat-square "IRC Libera")](https://webchat.libera.chat/?channels=dokku)

Official postgres plugin for dokku. Currently defaults to installing [postgres 17.0](https://hub.docker.com/_/postgres/).
Official postgres plugin for dokku. Currently defaults to installing [postgres 17.1](https://hub.docker.com/_/postgres/).

## Requirements

Expand All @@ -24,8 +24,10 @@ postgres:backup-deauth <service> # remove backup authenticatio
postgres:backup-schedule <service> <schedule> <bucket-name> [--use-iam] # schedule a backup of the postgres service
postgres:backup-schedule-cat <service> # cat the contents of the configured backup cronfile for the service
postgres:backup-set-encryption <service> <passphrase> # set encryption for all future backups of postgres service
postgres:backup-set-public-key-encryption <service> <public-key-id> # set GPG Public Key encryption for all future backups of postgres service
postgres:backup-unschedule <service> # unschedule the backup of the postgres service
postgres:backup-unset-encryption <service> # unset encryption for future backups of the postgres service
postgres:backup-unset-public-key-encryption <service> # unset GPG Public Key encryption for future backups of the postgres service
postgres:clone <service> <new-service> [--clone-flags...] # create container <new-name> then copy data from <name> into <new-name>
postgres:connect <service> # connect to the service via the postgres connection tool
postgres:create <service> [--create-flags...] # create a postgres service
Expand Down Expand Up @@ -103,9 +105,17 @@ dokku postgres:create lollipop
Official Postgres "$DOCKER_BIN" image ls does not include postgis extension (amongst others). The following example creates a new postgres service using `postgis/postgis:13-3.1` image, which includes the `postgis` extension.

```shell
# use the appropriate image-version for your use-case
dokku postgres:create postgis-database --image "postgis/postgis" --image-version "13-3.1"
```

To use pgvector instead, run the following:

```shell
# use the appropriate image-version for your use-case
dokku postgres:create pgvector-database --image "pgvector/pgvector" --image-version "pg17"
```

### print the service information

```shell
Expand Down Expand Up @@ -718,6 +728,19 @@ Set the GPG-compatible passphrase for encrypting backups for backups:
dokku postgres:backup-set-encryption lollipop
```

### set GPG Public Key encryption for all future backups of postgres service

```shell
# usage
dokku postgres:backup-set-public-key-encryption <service> <public-key-id>
```

Set the `GPG` Public Key for encrypting backups:

```shell
dokku postgres:backup-set-public-key-encryption lollipop
```

### unset encryption for future backups of the postgres service

```shell
Expand All @@ -731,6 +754,19 @@ Unset the `GPG` encryption passphrase for backups:
dokku postgres:backup-unset-encryption lollipop
```

### unset GPG Public Key encryption for future backups of the postgres service

```shell
# usage
dokku postgres:backup-unset-public-key-encryption <service>
```

Unset the `GPG` Public Key encryption for backups:

```shell
dokku postgres:backup-unset-public-key-encryption lollipop
```

### schedule a backup of the postgres service

```shell
Expand Down
2 changes: 2 additions & 0 deletions bin/generate
Original file line number Diff line number Diff line change
Expand Up @@ -290,7 +290,9 @@ def usage_backup(
"backup-deauth",
"backup",
"backup-set-encryption",
"backup-set-public-key-encryption",
"backup-unset-encryption",
"backup-unset-public-key-encryption",
"backup-schedule",
"backup-schedule-cat",
"backup-unschedule",
Expand Down
23 changes: 23 additions & 0 deletions common-functions
Original file line number Diff line number Diff line change
Expand Up @@ -308,6 +308,10 @@ service_backup() {
BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e ENCRYPTION_KEY=$(cat "$BACKUP_ENCRYPTION_CONFIG_ROOT/ENCRYPTION_KEY")"
fi

if [[ -f "$BACKUP_ENCRYPTION_CONFIG_ROOT/ENCRYPT_WITH_PUBLIC_KEY_ID" ]]; then
BACKUP_PARAMETERS="$BACKUP_PARAMETERS -e ENCRYPT_WITH_PUBLIC_KEY_ID=$(cat "$BACKUP_ENCRYPTION_CONFIG_ROOT/ENCRYPT_WITH_PUBLIC_KEY_ID")"
fi

# shellcheck disable=SC2086
"$DOCKER_BIN" container run --rm $BACKUP_PARAMETERS "$PLUGIN_S3BACKUP_IMAGE"
}
Expand Down Expand Up @@ -433,6 +437,16 @@ service_backup_set_encryption() {
echo "$ENCRYPTION_KEY" >"${SERVICE_BACKUP_ENCRYPTION_ROOT}/ENCRYPTION_KEY"
}

service_backup_set_public_key_encryption() {
declare desc="set up backup GPG Public Key encryption"
declare SERVICE="$1" ENCRYPT_WITH_PUBLIC_KEY_ID="$2"
local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}"
local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/"

mkdir "$SERVICE_BACKUP_ENCRYPTION_ROOT"
echo "$ENCRYPT_WITH_PUBLIC_KEY_ID" >"${SERVICE_BACKUP_ENCRYPTION_ROOT}/ENCRYPT_WITH_PUBLIC_KEY_ID"
}

service_backup_unschedule() {
declare desc="unschedule the backup of the service"
declare SERVICE="$1"
Expand All @@ -450,6 +464,15 @@ service_backup_unset_encryption() {
rm -rf "$SERVICE_BACKUP_ENCRYPTION_ROOT"
}

service_backup_unset_encryption() {
declare desc="remove backup encryption"
declare SERVICE="$1"
local SERVICE_ROOT="${PLUGIN_DATA_ROOT}/${SERVICE}"
local SERVICE_BACKUP_ENCRYPTION_ROOT="${SERVICE_ROOT}/backup-encryption/"

rm -rf "$SERVICE_BACKUP_ENCRYPTION_ROOT"
}

service_container_rm() {
declare desc="stop a service and remove the running container"
declare SERVICE="$1"
Expand Down
2 changes: 1 addition & 1 deletion config
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ fi

export PLUGIN_BUSYBOX_IMAGE=${PLUGIN_BUSYBOX_IMAGE:=busybox:1.34.1-uclibc}
export PLUGIN_AMBASSADOR_IMAGE=${PLUGIN_AMBASSADOR_IMAGE:=dokku/ambassador:0.5.0}
export PLUGIN_S3BACKUP_IMAGE=${PLUGIN_S3BACKUP_IMAGE:=dokku/s3backup:0.14.0}
export PLUGIN_S3BACKUP_IMAGE=${PLUGIN_S3BACKUP_IMAGE:=dokku/s3backup:0.16.0}
export PLUGIN_WAIT_IMAGE=${PLUGIN_WAIT_IMAGE:=dokku/wait:0.6.0}

export POSTGRES_CONFIG_OPTIONS=${POSTGRES_CONFIG_OPTIONS:=""}
2 changes: 1 addition & 1 deletion plugin.toml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
[plugin]
description = "dokku postgres service plugin"
version = "1.39.0"
version = "1.40.0"
[plugin.config]
25 changes: 25 additions & 0 deletions subcommands/backup-set-public-key-encryption
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/usr/bin/env bash
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/config"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"

service-backup-set-public-key-encryption-cmd() {
#E set the GPG Public Key for encrypting backups
#E dokku $PLUGIN_COMMAND_PREFIX:backup-set-public-key-encryption lollipop
#A service, service to run command against
#A public-key-id, a GPG Public Key ID (or fingerprint) to use for encryption. Must be uploaded to the GPG keyserver beforehand.
declare desc="set GPG Public Key encryption for all future backups of $PLUGIN_SERVICE service"
local cmd="$PLUGIN_COMMAND_PREFIX:backup-set-public-key-encryption" argv=("$@")
[[ ${argv[0]} == "$cmd" ]] && shift 1
declare SERVICE="$1" PUBLIC_KEY_ID="$2"
is_implemented_command "$cmd" || dokku_log_fail "Not yet implemented"

[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a valid name for the service"
[[ -z "$PUBLIC_KEY_ID" ]] && dokku_log_fail "Please specify a valid GPG Public Key ID (or fingerprint)"
verify_service_name "$SERVICE"
service_backup_set_public_key_encryption "$SERVICE" "$PUBLIC_KEY_ID"
}

service-backup-set-public-key-encryption-cmd "$@"
23 changes: 23 additions & 0 deletions subcommands/backup-unset-public-key-encryption
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#!/usr/bin/env bash
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/config"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$(dirname "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")/functions"

service-backup-unset-public-key-encryption-cmd() {
#E unset the GPG Public Key encryption for backups
#E dokku $PLUGIN_COMMAND_PREFIX:backup-unset-public-key-encryption lollipop
#A service, service to run command against
declare desc="unset GPG Public Key encryption for future backups of the $PLUGIN_SERVICE service"
local cmd="$PLUGIN_COMMAND_PREFIX:backup-unset-public-key-encryption" argv=("$@")
[[ ${argv[0]} == "$cmd" ]] && shift 1
declare SERVICE="$1"
is_implemented_command "$cmd" || dokku_log_fail "Not yet implemented" # TODO: [22.03.2024 by Mykola]

[[ -z "$SERVICE" ]] && dokku_log_fail "Please specify a valid name for the service"
verify_service_name "$SERVICE"
service_backup_unset_public_key_encryption "$SERVICE" # TODO: [22.03.2024 by Mykola]
}

service-backup-unset-encryption-cmd "$@"

0 comments on commit e844659

Please sign in to comment.