eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Use explicit PostgreSQL superuser name and fix check mode (#17)

Browse source 
## Summary
- Add `postgresql_superuser` variable (`eblume`) to prevent PostgreSQL from inheriting OS username during initdb
- Update all psql/createdb commands to use explicit `-U` flag
- Add `check_mode: false` to op commands so 1Password fetches run during `--check` mode
- Add PostgreSQL and Miniflux health checks to indri-services-check

## Test plan
- [x] Renamed existing superuser from `erichblume` to `eblume`
- [x] Ran `mise run provision-indri -- --tags postgresql --check --diff` successfully
- [x] Verified connection as `eblume` superuser via Tailscale
- [x] Ran `mise run indri-services-check` - all services healthy

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/17
This commit is contained in:
Erich Blume 2026-01-16 14:41:36 -08:00
commit 812b78bf61
4 changed files with 21 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

5
mise-tasks/indri-services-check
View file

@ -52,6 +52,8 @@ check_service "transmission-metrics" "ssh indri 'launchctl list | grep transmiss
check_service "kiwix-serve" "ssh indri 'launchctl list | grep kiwix | grep -v \"^-\"'"
check_service "forgejo" "ssh indri 'brew services list | grep forgejo | grep started'"
check_service "devpi" "ssh indri 'launchctl list | grep devpi | grep -v \"^-\"'"
check_service "postgresql" "ssh indri 'brew services list | grep postgresql | grep started'"
check_service "miniflux" "ssh indri 'brew services list | grep miniflux | grep started'"
echo ""
echo "HTTP endpoints (via Tailscale):"
@ -61,10 +63,13 @@ check_http "Grafana" "http://indri:3000/api/health"
check_http "Kiwix" "http://indri:5501/"
check_http "Forgejo" "http://indri:3001/"
check_http "Devpi" "http://indri:3141/+api"
check_http "Miniflux" "https://feed.tail8d86e.ts.net/healthcheck"
# Transmission RPC is localhost-only by design, check via SSH
check_service "Transmission RPC" "ssh indri 'curl -sf http://127.0.0.1:9091/transmission/rpc'"
# Check that transmission metrics are being collected
check_service "Transmission metrics" "ssh indri 'test -f /opt/homebrew/var/node_exporter/textfile/transmission.prom'"
# PostgreSQL uses TCP not HTTP, check via pg_isready
check_service "PostgreSQL" "ssh indri '/opt/homebrew/opt/postgresql@18/bin/pg_isready -h localhost'"
echo ""
if [ $FAILED -eq 0 ]; then