lldap using postgres

rotate_postgres.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+# --- CONFIGURATION ---
+POSTGRES_ID=119
+LLDAP_ID=126
+SECRETS_FILE="/root/secrets/postgres.env"
+
+if [ -f "$SECRETS_FILE" ]; then
+    source "$SECRETS_FILE"
+else
+    echo "Error: Secrets file not found!"
+    exit 1
+fi
+
+echo "Syncing PostgreSQL credentials..."
+
+# 1. Create User if not exists (Literal Heredoc)
+pct exec $POSTGRES_ID -- su - postgres -c "psql" <<'EOF'
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'lldap_admin') THEN
+        CREATE ROLE lldap_admin WITH LOGIN;
+    END IF;
+END $$;
+EOF
+
+# 2. Update Password
+pct exec $POSTGRES_ID -- su - postgres -c "psql -c \"ALTER ROLE $DB_USER WITH PASSWORD '$DB_PASS';\""
+
+# 3. Create Database (Standard Shell Logic instead of \gexec)
+DB_EXISTS=$(pct exec $POSTGRES_ID -- su - postgres -c "psql -tAc \"SELECT 1 FROM pg_database WHERE datname='$DB_NAME'\"")
+
+if [ "$DB_EXISTS" != "1" ]; then
+    echo "Database $DB_NAME not found. Creating..."
+    pct exec $POSTGRES_ID -- su - postgres -c "psql -c \"CREATE DATABASE $DB_NAME OWNER $DB_USER;\""
+else
+    echo "Database $DB_NAME already exists."
+fi
+
+# 4. Final Permissions
+pct exec $POSTGRES_ID -- su - postgres -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;\""
+
+# 5. Update LLDAP config
+CONFIG_PATH="/etc/lldap/lldap_config.toml"
+NEW_URL="postgres://$DB_USER:$DB_PASS@$DB_HOST:$DB_PORT/$DB_NAME"
+
+echo "Updating LLDAP config in LXC $LLDAP_ID..."
+pct exec $LLDAP_ID -- sed -i "s|^database_url = .*|database_url = \"$NEW_URL\"|" "$CONFIG_PATH"
+
+# 6. Restart and Log Check
+echo "Restarting LLDAP service..."
+pct exec $LLDAP_ID -- systemctl restart lldap
+sleep 3
+
+STATUS=$(pct exec $LLDAP_ID -- systemctl is-active lldap)
+echo "--------------------------------"
+echo "LLDAP Status: $STATUS"
+
+if [ "$STATUS" != "active" ]; then
+    echo "Showing last 10 lines of LLDAP logs:"
+    pct exec $LLDAP_ID -- journalctl -u lldap -n 10 --no-pager
+fi