loomio (not yet working), and new config for postgres and redis

loomio/db-init-job.yaml

@@ -0,0 +1,64 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: loomio-db-init
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      - name: db-init
+        image: postgres:15-alpine
+        env:
+        - name: PGHOST
+          value: "{{ .db.host }}"
+        - name: PGPORT
+          value: "{{ .db.port }}"
+        - name: PGUSER
+          value: postgres
+        - name: PGPASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: postgres-secrets
+              key: postgres.password
+        - name: LOOMIO_DB_NAME
+          value: "{{ .db.name }}"
+        - name: LOOMIO_DB_USER
+          value: "{{ .db.user }}"
+        - name: LOOMIO_DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: loomio-secrets
+              key: dbPassword
+        command:
+        - sh
+        - -c
+        - |
+          echo "Creating database and user for Loomio..."
+
+          # Check if database exists, create if not
+          psql -tc "SELECT 1 FROM pg_database WHERE datname = '$LOOMIO_DB_NAME'" | grep -q 1 || \
+            psql -c "CREATE DATABASE \"$LOOMIO_DB_NAME\""
+
+          # Check if user exists, create or update password
+          psql -tc "SELECT 1 FROM pg_user WHERE usename = '$LOOMIO_DB_USER'" | grep -q 1 && \
+            psql -c "ALTER USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'" || \
+            psql -c "CREATE USER \"$LOOMIO_DB_USER\" WITH PASSWORD '$LOOMIO_DB_PASSWORD'"
+
+          # Grant all privileges
+          psql -c "GRANT ALL PRIVILEGES ON DATABASE \"$LOOMIO_DB_NAME\" TO \"$LOOMIO_DB_USER\""
+
+          # Connect to the database and grant schema permissions
+          psql -d "$LOOMIO_DB_NAME" -c "GRANT ALL ON SCHEMA public TO \"$LOOMIO_DB_USER\""
+
+          echo "Database initialization complete!"
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 999  # postgres user
+          runAsGroup: 999
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: [ALL]
+          readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault