From 00944f0eb5bb7621b982594ebd078c94d17db506 Mon Sep 17 00:00:00 2001
From: R3D347HR4Y <redeathray@gmail.com>
Date: Sat, 13 Jun 2026 14:32:47 +0200
Subject: [PATCH] feat(deploy): enhance database management and configuration

- Updated .env.example to clarify database password usage for OpenWebUI.
- Modified compose-up.sh to ensure databases are created if they do not exist after bringing services up.
- Added ensure-databases.sh script to check and create necessary Postgres databases.
- Adjusted health check for Nextcloud service in docker-compose to point to the correct status endpoint.
- Updated OpenWebUI's DATABASE_URL to use environment variables for Postgres credentials.
---
 .env.example                                  |  7 ++--
 deploy/compose-up.sh                          |  7 +++-
 deploy/ensure-databases.sh                    | 32 +++++++++++++++++++
 deploy/nextcloud/docker-compose.nextcloud.yml |  2 +-
 deploy/openwebui/docker-compose.openwebui.yml |  2 +-
 5 files changed, 44 insertions(+), 6 deletions(-)
 create mode 100755 deploy/ensure-databases.sh

diff --git a/.env.example b/.env.example
index ed2325b..3c0dde4 100644
--- a/.env.example
+++ b/.env.example
@@ -176,7 +176,7 @@ AI_ASSISTANT_ENABLED=false
 OPENWEBUI_URL=http://openwebui:8080
 AI_ASSISTANT_PUBLIC_PATH=/ai
 ULTIMAIL_MCP_URL=http://ultimail-mcp:3100
-OPENWEBUI_DB_PASSWORD=changeme-openwebui
+# OpenWebUI utilise POSTGRES_USER/POSTGRES_PASSWORD (base openwebui créée dans init-db.sh)
 
 # -----------------------------------------------------------------------------
 # Jitsi Meet (Visioconference)
@@ -221,8 +221,9 @@ IMMICH_ML_URL=http://immich-ml:3003
 # Endpoints vérifiés par /healthz (surchargables pour déploiements externes)
 HEALTH_NEXTCLOUD_URL={{NEXTCLOUD_URL}}/status.php
 HEALTH_IMMICH_URL={{IMMICH_API_URL}}/server-info/ping
-# Par défaut on retire /meet de JITSI_PUBLIC_URL pour viser /about/health
-HEALTH_JITSI_URL=https://{{DOMAIN}}/about/health
+# Stack Docker locale : probe interne jitsi-web
+# Déploiement externe : https://{{DOMAIN}}/about/health (ou JITSI_PUBLIC_URL sans /meet + /about/health)
+HEALTH_JITSI_URL=http://jitsi-web:80/about/health
 HEALTH_HTTP_TIMEOUT=3s
 # Grafana local (monitoring)
 GRAFANA_ADMIN_USER=admin
diff --git a/deploy/compose-up.sh b/deploy/compose-up.sh
index baf4aa0..18b282c 100755
--- a/deploy/compose-up.sh
+++ b/deploy/compose-up.sh
@@ -58,4 +58,9 @@ if [[ "$(to_bool "${AI_ASSISTANT_ENABLED:-false}")" == "true" ]]; then
   compose_files+=("-f" "deploy/openwebui/docker-compose.openwebui.yml")
 fi
 
-exec docker compose --env-file .env.resolved "${compose_files[@]}" "$@"
+docker compose --env-file .env.resolved "${compose_files[@]}" "$@"
+status=$?
+if [[ $status -eq 0 && "${1:-}" == "up" ]]; then
+  "$ROOT/deploy/ensure-databases.sh" || true
+fi
+exit $status
diff --git a/deploy/ensure-databases.sh b/deploy/ensure-databases.sh
new file mode 100755
index 0000000..4538dfc
--- /dev/null
+++ b/deploy/ensure-databases.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+# Ensure auxiliary Postgres databases exist (idempotent).
+# Safe to run after postgres is healthy — init-db.sh only runs on first volume init.
+set -euo pipefail
+
+ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$ROOT"
+
+if [[ ! -f .env.resolved ]]; then
+  echo "Missing .env.resolved — run ./deploy/compose-up.sh first" >&2
+  exit 1
+fi
+
+# shellcheck disable=SC1091
+set -a
+source .env.resolved
+set +a
+
+postgres_container="$(docker compose --env-file .env.resolved -f deploy/docker-compose.yml ps -q postgres 2>/dev/null || true)"
+if [[ -z "$postgres_container" ]]; then
+  echo "postgres container not running — skip ensure-databases" >&2
+  exit 0
+fi
+
+for db in authentik nextcloud immich openwebui; do
+  exists="$(docker exec "$postgres_container" psql -U "$POSTGRES_USER" -d "$POSTGRES_DB" -Atc \
+    "SELECT 1 FROM pg_database WHERE datname = '${db}'" 2>/dev/null || true)"
+  if [[ "$exists" != "1" ]]; then
+    echo "Creating database ${db}..."
+    docker exec "$postgres_container" psql -U "$POSTGRES_USER" -d "$POSTGRES_DB" -c "CREATE DATABASE ${db};"
+  fi
+done
diff --git a/deploy/nextcloud/docker-compose.nextcloud.yml b/deploy/nextcloud/docker-compose.nextcloud.yml
index 94dabe9..77a92f8 100644
--- a/deploy/nextcloud/docker-compose.nextcloud.yml
+++ b/deploy/nextcloud/docker-compose.nextcloud.yml
@@ -64,7 +64,7 @@ services:
     networks:
       - ulti-net
     healthcheck:
-      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/ >/dev/null 2>&1 || exit 1"]
+      test: ["CMD-SHELL", "wget -qO- http://127.0.0.1/status.php >/dev/null 2>&1 || exit 1"]
       interval: 30s
       timeout: 10s
       retries: 5
diff --git a/deploy/openwebui/docker-compose.openwebui.yml b/deploy/openwebui/docker-compose.openwebui.yml
index 2b6ce44..8192a72 100644
--- a/deploy/openwebui/docker-compose.openwebui.yml
+++ b/deploy/openwebui/docker-compose.openwebui.yml
@@ -13,7 +13,7 @@ services:
       OPENAI_API_BASE_URL: http://ultid:8080/api/v1/ai
       OPENAI_API_KEY: ulti-gateway
       WEBUI_URL: http://${DOMAIN:-localhost}/ai
-      DATABASE_URL: postgresql://openwebui:${OPENWEBUI_DB_PASSWORD:-changeme}@postgres:5432/openwebui
+      DATABASE_URL: postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/openwebui
       USER_PERMISSIONS_CHAT_TEMPORARY_ENFORCED: "false"
     volumes:
       - openwebui_data:/app/backend/data