#!/bin/sh
# 01-databases.sh — provision per-app databases and roles on first start.
#
# Runs ONLY when the data directory is empty (first container start).
# Modifying this file later has no effect unless you wipe sql-data first.
#
# Env vars used here come from the sql service's `environment:` block;
# values are sourced from cloud/.env (or the standalone stack's .env).

set -eu

psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
    -- gitea
    CREATE ROLE gitea LOGIN PASSWORD '${GITEA_DB_PASSWORD}';
    CREATE DATABASE gitea OWNER gitea;

    -- keycloak
    CREATE ROLE keycloak LOGIN PASSWORD '${KEYCLOAK_DB_PASSWORD}';
    CREATE DATABASE keycloak OWNER keycloak;

    -- mlflow
    CREATE ROLE mlflow LOGIN PASSWORD '${MLFLOW_DB_PASSWORD}';
    CREATE DATABASE mlflow OWNER mlflow;
EOSQL