From b4cddb337a7d0109dc7c1fd6b3dd3a4be768efd3 Mon Sep 17 00:00:00 2001
From: Anton Vakhrushev <anwinged@ya.ru>
Date: Mon, 4 Aug 2025 09:15:37 +0300
Subject: [PATCH] Miniflux: run postgres as app user

---
 files/miniflux/docker-compose.yml.j2 | 7 +++++--
 playbook-miniflux.yml                | 1 +
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/files/miniflux/docker-compose.yml.j2 b/files/miniflux/docker-compose.yml.j2
index 5c16228..06b3f33 100644
--- a/files/miniflux/docker-compose.yml.j2
+++ b/files/miniflux/docker-compose.yml.j2
@@ -35,15 +35,18 @@ services:
   miniflux_postgres:
     image: postgres:16.3-bookworm
     container_name: miniflux_postgres
+    user: "{{ user_create_result.uid }}:{{ user_create_result.group }}"
     environment:
       - POSTGRES_USER={{ miniflux_postgres_user }}
-      - POSTGRES_PASSWORD={{ miniflux_postgres_password }}
+      - POSTGRES_PASSWORD_FILE=/secrets/miniflux_postgres_password
       - POSTGRES_DB={{ miniflux_postgres_database }}
     networks:
       - "miniflux_network"
       - "monitoring_network"
     volumes:
-      - {{ postgres_data_dir }}:/var/lib/postgresql/data
+      - "/etc/passwd:/etc/passwd:ro"
+      - "{{ secrets_dir }}:/secrets:ro"
+      - "{{ postgres_data_dir }}:/var/lib/postgresql/data"
     healthcheck:
       test: ["CMD", "pg_isready", "--username={{ miniflux_postgres_user }}", "--dbname={{ miniflux_postgres_database }}"]
       interval: 10s
diff --git a/playbook-miniflux.yml b/playbook-miniflux.yml
index 74e6a65..03f362f 100644
--- a/playbook-miniflux.yml
+++ b/playbook-miniflux.yml
@@ -46,6 +46,7 @@
           - "miniflux_admin_password"
           - "miniflux_oidc_client_id"
           - "miniflux_oidc_client_secret"
+          - "miniflux_postgres_password"
 
     - name: "Copy docker compose file"
       ansible.builtin.template: