Mirror of https://github.com/roostorg/coop
github.com/roostorg/coop
1import { dirname, join as pathJoin } from 'path';
2import { fileURLToPath } from 'url';
3
4import { makePostgresDatabaseConfig } from './pg-base.js';
5
6const __dirname = dirname(fileURLToPath(import.meta.url));
7const relativePath = (it: string) => pathJoin(__dirname, it);
8
9// Opt-in TLS for managed Postgres providers that only accept `hostssl`
10// connections. `rejectUnauthorized: false` since some providers issue a
11// self-signed per-cluster CA we don't ship. Local docker Postgres has no
12// TLS, so this stays off by default.
13const ssl =
14 process.env.API_SERVER_DATABASE_SSL === 'true'
15 ? { require: true, rejectUnauthorized: false }
16 : undefined;
17
18export default makePostgresDatabaseConfig({
19 defaultScriptFormat: 'sql',
20 scriptsDirectory: relativePath('../scripts/api-server-pg'),
21 maintenanceDatabase:
22 process.env.API_SERVER_DATABASE_MAINTENANCE_NAME ?? 'postgres',
23 driverOpts: {
24 database: process.env.API_SERVER_DATABASE_NAME!,
25 username: process.env.API_SERVER_DATABASE_USER!,
26 password: process.env.API_SERVER_DATABASE_PASSWORD!,
27 host: process.env.API_SERVER_DATABASE_HOST!,
28 port: parseInt(process.env.API_SERVER_DATABASE_PORT ?? '5432'),
29 logging: console.log,
30 dialect: 'postgres',
31 schema: 'public',
32 pool: { max: 20 },
33 // Sequelize's pg dialect ignores a top-level `ssl` field; TLS must live
34 // under `dialectOptions.ssl`. Spread conditionally so the key is omitted
35 // entirely when off (exactOptionalPropertyTypes).
36 ...(ssl ? { dialectOptions: { ssl } } : {}),
37 },
38});