LBP
/
ChristianLempa_Boilerplates
oglindă de https://github.com/ChristianLempa/boilerplates.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150
							services:
  {{ service_name }}:
    image: docker.io/library/postgres:17.6
    {#
      If not in swarm mode, apply restart policy and container_name,
      else swarm mode handles restarts via deploy.restart_policy
    #}
    {% if not swarm_enabled %}
    restart: {{ restart_policy }}
    container_name: {{ container_name }}
    {% endif %}
    {#
      Set container hostname
    #}
    hostname: {{ container_hostname }}
    {#
      Environment variables for PostgreSQL configuration
      - POSTGRES_INITDB_ARGS: Database initialization arguments (e.g., --data-checksums)
      - POSTGRES_HOST_AUTH_METHOD: Authentication method (optional)
      - POSTGRES_USER: Database superuser name
      - POSTGRES_PASSWORD: Database password (from env or secret file)
      - POSTGRES_DB: Default database name
      - TZ: Timezone
    #}
    environment:
      - POSTGRES_INITDB_ARGS={{ postgres_initdb_args }}
      {% if postgres_host_auth_method %}
      - POSTGRES_HOST_AUTH_METHOD={{ postgres_host_auth_method }}
      {% endif %}
      - POSTGRES_USER={{ database_user }}
      {% if postgres_secrets_enabled %}
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
      {% else %}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      {% endif %}
      - POSTGRES_DB={{ database_name }}
      - TZ={{ container_timezone }}
    {#
      Network configuration:
      - Databases typically use bridge networking for internal communication
      - Port exposure controlled separately for security
    #}
    {% if network_mode == 'bridge' or network_mode == '' %}
    networks:
      {{ network_name }}:
    {% endif %}
    {#
      Port mappings (only expose if needed):
      - PostgreSQL default port 5432
      Note: Swarm mode uses 'host' mode for port publishing
    #}
    {% if network_mode == 'bridge' or network_mode == '' %}
    ports:
      {% if swarm_enabled %}
      - target: 5432
        published: {{ database_port }}
        protocol: tcp
        mode: host
      {% else %}
      - "{{ database_port }}:5432"
      {% endif %}
    {% endif %}
    {#
      Volume configuration for persistent data
      - When volume_mode is 'mount': bind mount from host path
      - When volume_mode is 'local', 'nfs', or empty: use docker-managed volumes
    #}
    volumes:
      {% if volume_mode == 'mount' %}
      - {{ volume_mount_path }}:/var/lib/postgresql/data:rw
      {% else %}
      - {{ service_name }}-data:/var/lib/postgresql/data
      {% endif %}
    {#
      Use Docker secrets for password management (Swarm or Compose with secrets enabled)
    #}
    {% if postgres_secrets_enabled %}
    secrets:
      - postgres_password
    {% endif %}
    {#
      Health check to monitor PostgreSQL availability
    #}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U {{ database_user }}"]
      start_period: 30s
      interval: 10s
      timeout: 10s
      retries: 5
    {#
      Deploy configuration for Swarm mode:
      - Single replica (PostgreSQL doesn't support multi-replica without replication setup)
      - For HA, use external replication tools or PostgreSQL streaming replication
    #}
    {% if swarm_enabled %}
    deploy:
      mode: replicated
      replicas: 1
      restart_policy:
        condition: on-failure
    {% endif %}

{#
  Docker secrets definition (when secrets are enabled)
#}
{% if postgres_secrets_enabled %}
secrets:
  postgres_password:
    file: secret.postgres_password.txt
{% endif %}

{#
  Volume definitions:
  - When volume_mode is 'local' (default): use docker-managed local volumes
  - When volume_mode is 'nfs': configure NFS-backed volumes
  - When volume_mode is 'mount': no volume definition needed (bind mounts used directly)
#}
{% if volume_mode == 'local' %}
volumes:
  {{ service_name }}-data:
    driver: local
{% elif volume_mode == 'nfs' %}
volumes:
  {{ service_name }}-data:
    driver: local
    driver_opts:
      type: nfs
      o: addr={{ volume_nfs_server }},{{ volume_nfs_options }}
      device: ":{{ volume_nfs_path }}"
{% endif %}

{#
  Network definitions:
  - Bridge network for service communication
  - Use overlay network in Swarm mode for multi-host communication
#}
{% if network_mode == 'bridge' or network_mode == '' %}
networks:
  {{ network_name }}:
    {% if network_external %}
    external: true
    {% else %}
    {% if swarm_enabled %}
    driver: overlay
    attachable: true
    {% else %}
    driver: bridge
    {% endif %}
    {% endif %}
{% endif %}