didericis
21 lines
704 B
SQL
21 lines
704 B
SQL
-- Set up a read-only Postgres user that can SELECT only what the sidecar needs.
|
|
-- Run as a superuser against the Gitea database.
|
|
--
|
|
-- psql -U postgres -d gitea -f setup.sql
|
|
--
|
|
-- Replace 'CHANGE_ME' with a real password and update DATABASE_URL accordingly.
|
|
|
|
CREATE USER heatmap_ro WITH PASSWORD 'CHANGE_ME';
|
|
|
|
GRANT CONNECT ON DATABASE gitea TO heatmap_ro;
|
|
GRANT USAGE ON SCHEMA public TO heatmap_ro;
|
|
|
|
-- Only two tables. If Gitea ever renames them, the service breaks loudly,
|
|
-- which is what we want.
|
|
GRANT SELECT ON "action" TO heatmap_ro;
|
|
GRANT SELECT ON "user" TO heatmap_ro;
|
|
|
|
-- Sanity check: confirm the user can read what we expect.
|
|
-- \c gitea heatmap_ro
|
|
-- SELECT count(*) FROM "action";
|