add postgres with ssl

.gitignore

@@ -64,6 +64,8 @@ photoprism/backup/
 photoprism/config/hub.yml
 photoprism/serial
 photoprism/sidecar/
+postgres/*.pem
+postgres/data/
 postgis/PG_VERSION
 postgis/base/
 postgis/core

compose.postgres.yaml

@@ -0,0 +1,23 @@
+services:
+  postgres:
+    container_name: postgres
+    image: postgres:17.5-alpine3.22
+    user: postgres
+    ports:
+      - 11111:5432
+    environment:
+      - POSTGRES_PASSWORD=postgres
+      - POSTGRES_USER=postgres
+      - POSTGRES_DB=postgres
+    volumes:
+      - /opt/postgres/entrypoint.sh:/entrypoint.sh
+      - /opt/postgres/postgresql.conf:/etc/postgresql/postgresql.conf
+      - /opt/postgres/data:/var/lib/postgresql/data
+      - /opt/postgres/cert.pem:/cert.pem
+      - /opt/postgres/key.pem:/key.pem
+    entrypoint: ["/bin/bash", "/entrypoint.sh"]
+
+    command:
+        - postgres
+        - -c
+        - config_file=/etc/postgresql/postgresql.conf

compose.yaml

@@ -50,3 +50,4 @@ include:
 - compose.postgis.yaml
 - compose.timescaledb.yaml
 - compose.influxdb.yaml
+- compose.postgres.yaml

postgres/entrypoint.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+chmod 0400 /cert.pem
+chown postgres:postgres /cert.pem
+
+chmod 0400 /key.pem
+chown postgres:postgres /key.pem
+
+exec "$@"

postgres/postgresql.conf

@@ -0,0 +1,4 @@
+ssl = on
+ssl_cert_file = '/cert.pem'
+ssl_key_file = '/key.pem'
+listen_addresses = '0.0.0.0'