Rename project from PloughGres to Postgre-TLS

- Updated all references from ploughgres to postgre_tls - Changed container name to postgre-tls-db - Updated database and user names - Added Docker registry configuration for git.nixc.us - Created build-push.sh script for image management - Updated documentation to reflect new project name - Configured for unstable/stable image tags
2025-07-14 14:17:00 -04:00 · 2025-07-14 14:17:00 -04:00 · 1f4d57471c
parent 5203f014a0
commit 1f4d57471c
7 changed files with 97 additions and 37 deletions
--- a/README.md
+++ b/README.md
@ -2,6 +2,12 @@

 A secure PostgreSQL Docker container with enforced SSL/TLS encryption, certificate verification, and advanced security features.

+## Docker Images
+
+This project builds and publishes Docker images to the git.nixc.us registry:
+- **Unstable**: `git.nixc.us/postgre-tls:unstable` (latest development)
+- **Stable**: `git.nixc.us/postgre-tls:stable` (stable releases)
+
 ## Features

 - **SSL/TLS Encryption**: TLSv1.3 with 256-bit AES-GCM encryption
@ -42,16 +48,26 @@ The setup provides enterprise-grade security with:

 You can also connect manually using psql:
 ```bash
-psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca_crt"
+psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca_crt"
 ```

 For non-interactive connection, set the PGPASSWORD environment variable:
 ```bash
 export PGPASSWORD=$(cat secrets/postgres_password || echo "change_me_in_production")
-psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca_crt"
+psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca_crt"
 ```

 ## Project Structure

 ```
+Postgre-TLS/
+├── docker-compose.yml    # Container configuration
+├── Dockerfile           # Container image definition
+├── start.sh            # Initialization and startup script
+├── connect.sh          # SSL connection test script
+├── postgresql.conf     # PostgreSQL configuration
+├── USAGE.md           # Usage guide and commands
+├── data/              # PostgreSQL data directory
+├── secrets/           # SSL certificates and passwords
+└── logs/              # Container logs
 ```
--- a/USAGE.md
+++ b/USAGE.md
@ -1,4 +1,4 @@
-# PloughGres Usage Guide
+# Postgre-TLS Usage Guide

 ## Quick Start

@ -21,7 +21,7 @@

 ### Database Management
 - **View container status:** `docker ps`
- **View container logs:** `docker logs ploughgres-db`
+- **View container logs:** `docker logs postgre_tls-db`
 - **Access PostgreSQL shell:** `./connect.sh`
 - **Restart container:** `docker-compose restart`

@ -29,8 +29,8 @@
 The setup uses TLSv1.3 with 256-bit encryption. Connection details:
 - **Host:** localhost
 - **Port:** 5432
- **Database:** ploughgres
- **User:** ploughgres_user
+- **Database:** postgre_tls
+- **User:** postgre_tls_user
 - **SSL Mode:** verify-full (certificate verification enabled)

 ### Data Persistence
@ -49,7 +49,7 @@ The setup uses TLSv1.3 with 256-bit encryption. Connection details:
 ## Troubleshooting

 ### Container Issues
- **Container won't start:** Check `docker logs ploughgres-db`
+- **Container won't start:** Check `docker logs postgre_tls-db`
 - **Port conflicts:** Ensure port 5432 is available
 - **Permission issues:** Check file permissions in `secrets/` directory

--- a/build-push.sh
+++ b/build-push.sh
@ -0,0 +1,43 @@
+#!/bin/bash
+set -e
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m'
+
+# Configuration
+REGISTRY="git.nixc.us"
+IMAGE_NAME="postgre-tls"
+TAG_UNSTABLE="unstable"
+TAG_STABLE="stable"
+
+echo -e "${GREEN}[Postgre-TLS] Building and pushing Docker images...${NC}"
+
+# Build the image
+echo -e "${YELLOW}[Postgre-TLS] Building Docker image...${NC}"
+docker build -t ${REGISTRY}/${IMAGE_NAME}:${TAG_UNSTABLE} .
+
+# Tag for stable if requested
+if [ "$1" == "stable" ]; then
+    echo -e "${YELLOW}[Postgre-TLS] Tagging as stable...${NC}"
+    docker tag ${REGISTRY}/${IMAGE_NAME}:${TAG_UNSTABLE} ${REGISTRY}/${IMAGE_NAME}:${TAG_STABLE}
+fi
+
+# Push unstable
+echo -e "${YELLOW}[Postgre-TLS] Pushing unstable image...${NC}"
+docker push ${REGISTRY}/${IMAGE_NAME}:${TAG_UNSTABLE}
+
+# Push stable if tagged
+if [ "$1" == "stable" ]; then
+    echo -e "${YELLOW}[Postgre-TLS] Pushing stable image...${NC}"
+    docker push ${REGISTRY}/${IMAGE_NAME}:${TAG_STABLE}
+fi
+
+echo -e "${GREEN}[Postgre-TLS] Docker images built and pushed successfully!${NC}"
+echo -e "${YELLOW}[Postgre-TLS] Available images:${NC}"
+echo "- ${REGISTRY}/${IMAGE_NAME}:${TAG_UNSTABLE}"
+if [ "$1" == "stable" ]; then
+    echo "- ${REGISTRY}/${IMAGE_NAME}:${TAG_STABLE}"
+fi 
--- a/connect.sh
+++ b/connect.sh
@ -14,7 +14,7 @@ PASSWORD=$([ -f secrets/postgres_password ] && cat secrets/postgres_password ||
 export PGPASSWORD="$PASSWORD"

 # Test basic connection
-OUTPUT=$(psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca.crt" \
+OUTPUT=$(psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca.crt" \
    -c "SELECT version(), current_user, current_database();" -t) || {
  echo -e "${RED}[Postgre-TLS] Connection failed!${NC}"
  exit 1
@ -23,7 +23,7 @@ echo "$OUTPUT"

 # Check SSL details
 echo -e "\n${GREEN}[Postgre-TLS] SSL Connection Details:${NC}"
-SSL_DETAILS=$(psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca.crt" \
+SSL_DETAILS=$(psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca.crt" \
    -c "SELECT ssl, version as ssl_version, cipher as ssl_cipher, bits as ssl_bits FROM pg_stat_ssl WHERE pid = pg_backend_pid();" -t) || {
  echo -e "${RED}[Postgre-TLS] Failed to get SSL details!${NC}"
  exit 1
@ -32,25 +32,25 @@ echo "$SSL_DETAILS"

 # Test non-SSL connection (should fail)
 echo -e "\n${YELLOW}[Postgre-TLS] Testing non-SSL connection (expected to fail):${NC}"
-psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=disable" -c "SELECT 1;" 2>&1 | grep "SSL" || echo -e "${GREEN}Non-SSL connection correctly refused.${NC}"
+psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=disable" -c "SELECT 1;" 2>&1 | grep "SSL" || echo -e "${GREEN}Non-SSL connection correctly refused.${NC}"

 # Advanced database operations over SSL
 echo -e "\n${GREEN}[Postgre-TLS] Performing advanced tests over SSL:${NC}"

 # Create test table
-psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca.crt" -c "CREATE TABLE IF NOT EXISTS test_table (id SERIAL PRIMARY KEY, data TEXT);" || { echo -e "${RED}Failed to create test table!${NC}"; exit 1; }
+psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca.crt" -c "CREATE TABLE IF NOT EXISTS test_table (id SERIAL PRIMARY KEY, data TEXT);" || { echo -e "${RED}Failed to create test table!${NC}"; exit 1; }
 echo "Test table created."

 # Insert data
-psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca.crt" -c "INSERT INTO test_table (data) VALUES ('Hello, SSL World!');" || { echo -e "${RED}Failed to insert data!${NC}"; exit 1; }
+psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca.crt" -c "INSERT INTO test_table (data) VALUES ('Hello, SSL World!');" || { echo -e "${RED}Failed to insert data!${NC}"; exit 1; }
 echo "Data inserted."

 # Query data
-QUERY_RESULT=$(psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca.crt" -c "SELECT data FROM test_table WHERE id = (SELECT MAX(id) FROM test_table);" -t) || { echo -e "${RED}Failed to query data!${NC}"; exit 1; }
+QUERY_RESULT=$(psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca.crt" -c "SELECT data FROM test_table WHERE id = (SELECT MAX(id) FROM test_table);" -t) || { echo -e "${RED}Failed to query data!${NC}"; exit 1; }
 echo "Queried data: $QUERY_RESULT"

 # Drop test table
-psql "host=localhost port=5432 dbname=ploughgres user=ploughgres_user sslmode=verify-full sslrootcert=secrets/ca.crt" -c "DROP TABLE test_table;" || { echo -e "${RED}Failed to drop test table!${NC}"; exit 1; }
+psql "host=localhost port=5432 dbname=postgre_tls user=postgre_tls_user sslmode=verify-full sslrootcert=secrets/ca.crt" -c "DROP TABLE test_table;" || { echo -e "${RED}Failed to drop test table!${NC}"; exit 1; }
 echo "Test table dropped."

 # Check if all tests passed
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,11 +1,12 @@
 services:
  postgres:
    build: .
-    container_name: postgretls-db
+    image: git.nixc.us/postgre-tls:unstable
+    container_name: postgre-tls-db
    restart: unless-stopped
    environment:
-      POSTGRES_DB: ploughgres
-      POSTGRES_USER: ploughgres_user
+      POSTGRES_DB: postgre_tls
+      POSTGRES_USER: postgre_tls_user
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-change_me_in_production}
      # Enable SSL/TLS
      POSTGRES_INITDB_ARGS: "--auth-local=password --auth-host=scram-sha-256"
@ -14,21 +15,21 @@ services:
    ports:
      - "5432:5432"
    volumes:
-      - postgretls_data:/var/lib/postgresql/data
-      - postgretls_logs:/var/log/postgresql
+      - postgre_tls_data:/var/lib/postgresql/data
+      - postgre_tls_logs:/var/log/postgresql
      - ./secrets:/run/secrets:ro
    healthcheck:
-      test: ["CMD-SHELL", "pg_isready -U ploughgres_user -d ploughgres"]
+      test: ["CMD-SHELL", "pg_isready -U postgre_tls_user -d postgre_tls"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
-      - postgretls-network
+      - postgre-tls-network

 volumes:
-  postgretls_data:
-  postgretls_logs:
+  postgre_tls_data:
+  postgre_tls_logs:

 networks:
-  postgretls-network:
+  postgre-tls-network:
    driver: bridge 
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -121,8 +121,8 @@ load_secrets() {
    fi
    
    # Set default values for other variables
-    export POSTGRES_DB="${POSTGRES_DB:-ploughgres}"
-    export POSTGRES_USER="${POSTGRES_USER:-ploughgres_user}"
+    export POSTGRES_DB="${POSTGRES_DB:-postgre_tls}"
+    export POSTGRES_USER="${POSTGRES_USER:-postgre_tls_user}"
 }

 # Function to initialize database with encryption
@ -135,7 +135,7 @@ initialize_database() {
    
    # Initialize the database with proper encoding and authentication
    # Create the main database during initdb
-    export POSTGRES_DB="${POSTGRES_DB:-ploughgres}"
+    export POSTGRES_DB="${POSTGRES_DB:-postgre_tls}"
    su-exec postgres initdb \
        --pgdata="$PGDATA" \
        --username="$POSTGRES_USER" \
--- a/start.sh
+++ b/start.sh
@ -14,17 +14,17 @@ mkdir -p secrets

 # Generate SSL certificates if missing
 if [ ! -f "secrets/ca.crt" ] || [ ! -f "secrets/server.crt" ] || [ ! -f "secrets/server.key" ]; then
-    echo -e "${YELLOW}[PloughGres] Generating SSL certificates for local development...${NC}"
+    echo -e "${YELLOW}[Postgre-TLS] Generating SSL certificates for local development...${NC}"
    
    openssl genrsa -out secrets/ca.key 2048
    
    openssl req -new -x509 -key secrets/ca.key -out secrets/ca.crt -days 365 \
-        -subj "/C=US/ST=State/L=City/O=PloughGres/CN=PloughGres-CA" -batch
+        -subj "/C=US/ST=State/L=City/O=Postgre-TLS/CN=Postgre-TLS-CA" -batch
    
    openssl genrsa -out secrets/server.key 2048
    
    openssl req -new -key secrets/server.key -out secrets/server.csr \
-        -subj "/C=US/ST=State/L=City/O=PloughGres/CN=localhost" -batch
+        -subj "/C=US/ST=State/L=City/O=Postgre-TLS/CN=localhost" -batch
    
    openssl x509 -req -in secrets/server.csr \
        -CA secrets/ca.crt -CAkey secrets/ca.key \
@ -38,24 +38,24 @@ if [ ! -f "secrets/ca.crt" ] || [ ! -f "secrets/server.crt" ] || [ ! -f "secrets
    # Remove CA private key for security
    rm secrets/ca.key
    
-    echo -e "${GREEN}[PloughGres] SSL certificates generated in secrets/${NC}"
+    echo -e "${GREEN}[Postgre-TLS] SSL certificates generated in secrets/${NC}"
 fi

 # Generate password if missing
 if [ ! -f "secrets/postgres_password" ]; then
-    echo -e "${YELLOW}[PloughGres] Generating random password for PostgreSQL...${NC}"
+    echo -e "${YELLOW}[Postgre-TLS] Generating random password for PostgreSQL...${NC}"
    openssl rand -base64 32 > secrets/postgres_password
    chmod 600 secrets/postgres_password
-    echo -e "${GREEN}[PloughGres] Generated password stored in secrets/postgres_password${NC}"
-    echo -e "${YELLOW}[PloughGres] Your PostgreSQL password is:${NC}"
+    echo -e "${GREEN}[Postgre-TLS] Generated password stored in secrets/postgres_password${NC}"
+    echo -e "${YELLOW}[Postgre-TLS] Your PostgreSQL password is:${NC}"
    cat secrets/postgres_password
    echo ""
 fi

 # Manage container
-echo -e "${YELLOW}[PloughGres] Managing Docker container...${NC}"
+echo -e "${YELLOW}[Postgre-TLS] Managing Docker container...${NC}"
 docker-compose down -v || true  # Graceful down with volume removal
 docker-compose build
 docker-compose up -d
-echo -e "${GREEN}[PloughGres] Container started successfully!${NC}"
-echo -e "${YELLOW}[PloughGres] Run ./connect.sh to test the connection.${NC}" 
+echo -e "${GREEN}[Postgre-TLS] Container started successfully!${NC}"
+echo -e "${YELLOW}[Postgre-TLS] Run ./connect.sh to test the connection.${NC}"