first commit

postgres/audit/init.sql

@@ -0,0 +1,55 @@
+-- =============================================================================
+-- postgres/audit/init.sql
+-- Runs once on first container start (postgres-audit).
+-- Creates login users for audit_writer and audit_maintainer roles.
+-- Role privileges are granted by V2 Flyway migration.
+-- =============================================================================
+
+-- audit_writer_login: login user that maps to audit_writer role
+-- Used by HAPI audit datasource. INSERT only on audit schema.
+CREATE USER audit_writer_login WITH
+    NOSUPERUSER
+    NOCREATEDB
+    NOCREATEROLE
+    NOINHERIT           -- does not automatically inherit role privileges
+    LOGIN
+    CONNECTION LIMIT 20 -- hard cap: prevents connection exhaustion
+    PASSWORD 'PLACEHOLDER_REPLACED_BY_ENTRYPOINT';
+-- NOTE: Actual password is set by the postgres Docker entrypoint
+-- reading AUDIT_DB_WRITER_PASSWORD from environment. This CREATE USER
+-- is a template — the entrypoint rewrites the password on init.
+-- In practice, use the POSTGRES_* env vars pattern and manage user
+-- creation via an init script that reads env vars:
+
+-- Grant the audit_writer role to the login user
+-- (role created by V2 migration — this runs after migration on first start)
+-- This GRANT is idempotent — safe to re-run.
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'audit_writer') THEN
+        GRANT audit_writer TO audit_writer_login;
+    END IF;
+END
+$$;
+
+-- audit_maintainer_login: login user for partition maintenance cron job
+CREATE USER audit_maintainer_login WITH
+    NOSUPERUSER
+    NOCREATEDB
+    NOCREATEROLE
+    NOINHERIT
+    LOGIN
+    CONNECTION LIMIT 5
+    PASSWORD 'PLACEHOLDER_REPLACED_BY_ENTRYPOINT';
+
+DO $$
+BEGIN
+    IF EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'audit_maintainer') THEN
+        GRANT audit_maintainer TO audit_maintainer_login;
+    END IF;
+END
+$$;
+
+-- Grant connect on database to both login users
+GRANT CONNECT ON DATABASE auditdb TO audit_writer_login;
+GRANT CONNECT ON DATABASE auditdb TO audit_maintainer_login;

postgres/audit/postgresql.conf

@@ -0,0 +1,55 @@
+# =============================================================================
+# postgres/audit/postgresql.conf
+# PostgreSQL 15 configuration for the audit database.
+# Container memory limit: 1GB (lighter than FHIR store).
+# Workload: INSERT-heavy (audit events), occasional SELECT (analytics).
+#
+# For 1GB container:
+#   shared_buffers       = 256MB
+#   effective_cache_size = 768MB
+#   work_mem             = 4MB
+#   maintenance_work_mem = 100MB
+# =============================================================================
+
+max_connections = 20
+superuser_reserved_connections = 3
+
+shared_buffers       = 256MB
+effective_cache_size = 768MB
+work_mem             = 4MB
+maintenance_work_mem = 100MB
+
+wal_buffers              = 8MB
+checkpoint_completion_target = 0.9
+synchronous_commit       = on
+
+random_page_cost         = 1.1
+effective_io_concurrency = 200
+
+# Logging
+log_destination           = stderr
+logging_collector         = off
+log_min_messages          = WARNING
+log_min_error_statement   = ERROR
+log_min_duration_statement = 500
+log_line_prefix           = '%t [%p] %u@%d '
+log_checkpoints           = on
+log_lock_waits            = on
+log_temp_files            = 0
+
+# Autovacuum — partitioned tables need careful autovacuum tuning.
+# Each monthly partition is a separate physical table for autovacuum purposes.
+autovacuum             = on
+autovacuum_max_workers = 3
+autovacuum_naptime     = 60s
+
+timezone     = 'UTC'
+log_timezone = 'UTC'
+
+lc_messages = 'en_US.UTF-8'
+lc_monetary = 'en_US.UTF-8'
+lc_numeric  = 'en_US.UTF-8'
+lc_time     = 'en_US.UTF-8'
+
+track_io_timing = on
+track_counts    = on