f4aa6972e1
One Postgres 16 instance runs in the infra stack (docker-compose).
Each app can be given its own isolated schema with a dedicated,
scoped Postgres user via the new Database card on the app detail page.
What was added:
infra/
docker-compose.yml — postgres:16-alpine service + hiy-pg-data
volume; POSTGRES_URL injected into server
.env.example — POSTGRES_PASSWORD entry
server/
Cargo.toml — sqlx postgres feature
src/db.rs — databases table (SQLite) migration
src/models.rs — Database model
src/main.rs — PgPool (lazy) added to AppState;
/api/apps/:id/database routes registered
src/routes/mod.rs — databases module
src/routes/databases.rs — GET / POST / DELETE handlers:
provision — creates schema + scoped PG user, sets search_path,
injects DATABASE_URL env var
deprovision — DROP OWNED BY + DROP ROLE + DROP SCHEMA CASCADE,
removes SQLite record
src/routes/ui.rs — app_detail queries databases table, renders
db_card based on provisioning state
templates/app_detail.html — {{db_card}} placeholder +
provisionDb / deprovisionDb JS
Apps connect via:
postgres://hiy-<app>:<pw>@postgres:5432/hiy
search_path is set on the role so no URL option is needed.
https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH
13 lines
489 B
Text
13 lines
489 B
Text
# Your domain — apps will be served at <name>.yourdomain.com
|
|
DOMAIN_SUFFIX=yourdomain.com
|
|
|
|
# Optional: email for Let's Encrypt expiry notices.
|
|
# If you want this, uncomment the `email` line in proxy/Caddyfile instead.
|
|
|
|
# Dashboard login credentials (required in production).
|
|
HIY_ADMIN_USER=admin
|
|
HIY_ADMIN_PASS=changeme
|
|
|
|
# Postgres admin password — used by the shared cluster.
|
|
# App schemas get their own scoped users; this password never leaves the server.
|
|
POSTGRES_PASSWORD=changeme
|