From 095849cf5c24efa4d81a58954aab703df5785657 Mon Sep 17 00:00:00 2001
From: Bernhard Radermacher <bwr@celsius.bwr.net>
Date: Fri, 27 Feb 2026 10:48:28 +0100
Subject: [PATCH] wip

---
 Dockerfile      | 22 +-----------
 authorized_keys |  1 -
 entrypoint.sh   | 89 +++++++++++++++++++++++++++++++++++++------------
 id_ed25519      |  7 ----
 4 files changed, 68 insertions(+), 51 deletions(-)
 delete mode 100644 authorized_keys
 delete mode 100644 id_ed25519

diff --git a/Dockerfile b/Dockerfile
index 6c53705..863b835 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:trixie-slim
+FROM pendragon.zone/docker/pg15
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
@@ -8,26 +8,6 @@ RUN apt-get update && \
             && \
     rm -rf /var/lib/apt/lists/*
 
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends \
-            openssh-server \
-            sudo \
-            && \
-    rm -rf /var/lib/apt/lists/* && \
-    echo "postgres   ALL = (ALL) NOPASSWD:ALL" >> /etc/sudoers && \
-    echo "X11Forwarding no" >> /etc/ssh/sshd_config && \
-    echo "PasswordAuthentication no" >> /etc/ssh/sshd_config && \
-    echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config && \
-    mkdir -p /var/lib/postgresql/.ssh && \
-    chmod 700 /var/lib/postgresql/.ssh && \
-    chown postgres: /var/lib/postgresql/.ssh && \
-    chmod g-w,o-w /var/lib/postgresql
-
-COPY --chmod=600 --chown=postgres:postgres authorized_keys id_ed25519 /var/lib/postgresql/.ssh/
-COPY --chmod=600 --chown=postgres:postgres pool_hba.conf /etc/pgpool2/
-# COPY --chmod=600 --chown=postgres:postgres pgpool.conf /etc/pgpool2/
 COPY --chmod=755 entrypoint.sh /usr/local/bin/
 
 ENTRYPOINT ["entrypoint.sh"]
-
-
diff --git a/authorized_keys b/authorized_keys
deleted file mode 100644
index 8f1fa7f..0000000
--- a/authorized_keys
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILfsb4w8ZYhu/A1HFR/e59WpbKxejE8DkbdCpj6y/mbO postgres docker swarm
\ No newline at end of file
diff --git a/entrypoint.sh b/entrypoint.sh
index b15b75a..6cc934f 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -2,32 +2,77 @@
 
 set -Eeo pipefail
 
-sudo service ssh start
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
 
+docker_setup_env() {
+	file_env 'PGPOOL_ADMIN_USERNAME'
+	file_env 'PGPOOL_ADMIN_PASSWORD'
+	file_env 'POSTGRES_PGPOOL_USERNAME'
+	file_env 'POSTGRES_PGPOOL_PASSWORD'
+}
+
+if [ "$(id -u)" = '0' ]; then
+	exec gosu postgres "$BASH_SOURCE"
+fi
+
+install --directory --owner postgres --group postgres --mode 700 /var/lib/postgresql/.ssh
+cp /ssh/* /var/lib/postgresql/.ssh/
+chmod 600  /var/lib/postgresql/.ssh/*
+
+docker_setup_env
+
+printf "%s:%s\n" "$PGPOOL_ADMIN_USERNAME" (pg_md5 "$PGPOOL_ADMIN_PASSWORD") > /etc/pgpool2/pcp.conf
 {
-  printf "listen_addresses = '*'\n"
-  printf "port = 5432\n"
-  printf "unix_socket_directories = '/run'\n"
-  printf "pcp_socket_dir = '/run'\n"
-  printf "enable_pool_hba = off\n"
-  printf "allow_clear_text_frontend_auth = on\n"
-  printf "process_management_mode = 'dynamic'\n"
-  printf "backend_clustering_mode = 'raw'\n"
-  printf "health_check_timeout = 5\n"
-  printf "health_check_period = 5\n"
-  printf "health_check_user = 'pgpool'\n"
-  printf "health_check_password = '%s'\n" "$PGPOOL_PASSWORD"
+  printf "localhost:9898:%s:%s\n" "$PGPOOL_ADMIN_USERNAME" "$PGPOOL_ADMIN_PASSWORD"
+  printf "pgpool:9898:%s:%s\n" "$PGPOOL_ADMIN_USERNAME" "$PGPOOL_ADMIN_PASSWORD"
+} > ~/.pcppass
+chmod 600 /etc/pgpool2/pcp.conf ~/.pcppass
 
-  IFS=':'
-  n=0
-  for backend in $PGPOOL_BACKEND
-  do
-    printf "backend_hostname%d = '%s'\n" $n $backend
-    printf "backend_port%d = 5432\n" $n
-  ((n+=1))
-  done
-} > /etc/pgpool2/pgpool.conf
 
+#
+#
+#{
+#  printf "listen_addresses = '*'\n"
+#  printf "port = 5432\n"
+#  printf "unix_socket_directories = '/run'\n"
+#  printf "pcp_socket_dir = '/run'\n"
+#  printf "enable_pool_hba = off\n"
+#  printf "allow_clear_text_frontend_auth = on\n"
+#  printf "process_management_mode = 'dynamic'\n"
+#  printf "backend_clustering_mode = 'raw'\n"
+#  printf "health_check_timeout = 5\n"
+#  printf "health_check_period = 5\n"
+#  printf "health_check_user = 'pgpool'\n"
+#  printf "health_check_password = '%s'\n" "$PGPOOL_PASSWORD"
+#
+#  IFS=':'
+#  n=0
+#  for backend in $PGPOOL_BACKEND
+#  do
+#    printf "backend_hostname%d = '%s'\n" $n $backend
+#    printf "backend_port%d = 5432\n" $n
+#  ((n+=1))
+#  done
+#} > /etc/pgpool2/pgpool.conf
+
+
+sudo service ssh start
 sudo /usr/sbin/pgpool
 
 while true
diff --git a/id_ed25519 b/id_ed25519
deleted file mode 100644
index 2f40cc8..0000000
--- a/id_ed25519
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACC37G+MPGWIbvwNRxUf3ufVqWysXoxPA5G3QqY+sv5mzgAAAJgP2LF4D9ix
-eAAAAAtzc2gtZWQyNTUxOQAAACC37G+MPGWIbvwNRxUf3ufVqWysXoxPA5G3QqY+sv5mzg
-AAAEBhVUtZmAbot+VXJpY/IueHrCQeTDgClUTCepMJa1mqZbfsb4w8ZYhu/A1HFR/e59Wp
-bKxejE8DkbdCpj6y/mbOAAAAFXBvc3RncmVzIGRvY2tlciBzd2FybQ==
------END OPENSSH PRIVATE KEY-----