P
PostgreSQL
official ● signeddoze/postgres A real PostgreSQL server per instance — no Docker. Declare roles, schemas, extensions and grants in HCL and doze converges them: creating what's new, updating what changed, dropping what you removed. Boots on first connect, reaps when idle.
Usage
Drop it in doze.hcl and run doze up.
doze.hcl
postgres "app" {
version = 18
owner = "app"
role "app" {
password = "app"
connection_limit = 20
}
schema "analytics" { owner = "app" }
extension "pgvector" {}
}
Engine versions
Choose one with version =. doze fetches & verifies it, then pins it in doze.lock.
1415161718
Configuration
Arguments and nested blocks the engine accepts.
| Name | Type | Default | Description |
|---|---|---|---|
| version REQ | number | — | Engine major to run — 14, 15, 16, 17 or 18. |
| owner | string | — | Owner role for the instance's default database. |
| encoding | string | UTF8 | Character-set encoding for the database. |
| locale | string | — | Locale (LC_COLLATE + LC_CTYPE) for the database. |
| connection_limit | number | -1 | Max concurrent connections to the database. |
| comment | string | — | COMMENT applied to the database. |
| shared_buffers | string | — | shared_buffers server setting, e.g. "256MB". |
| max_connections | number | — | max_connections server setting. |
| extensions | list(string) | — | Shorthand list of extensions to CREATE (or use extension blocks). |
| settings | map(string) | — | Arbitrary postgresql.conf settings, applied verbatim. |
role"<name>" { }
nested block · repeatableA login role / user, converged on the server.
| Name | Type | Default | Description |
|---|---|---|---|
| password | string | — | Login password. |
| login | bool | true | Whether the role may log in. |
| superuser | bool | false | Grant SUPERUSER. |
| createdb | bool | false | Allow creating databases. |
| createrole | bool | false | Allow creating other roles. |
| replication | bool | false | Allow streaming replication. |
| connection_limit | number | -1 | Per-role connection cap. |
| member_of | list(string) | — | Roles this role is granted membership in. |
| valid_until | string | — | Password expiry timestamp. |
| config | map(string) | — | Per-role ALTER ROLE … SET settings. |
schema"<name>" { }
nested block · repeatableA schema within the database.
| Name | Type | Default | Description |
|---|---|---|---|
| owner | string | — | Role that owns the schema. |
extension"<name>" { }
nested block · repeatableA Postgres extension to install (pgvector, postgis, …).
| Name | Type | Default | Description |
|---|---|---|---|
| version | string | — | Specific extension version. |
| schema | string | — | Schema to install the extension into. |
| cascade | bool | false | CREATE EXTENSION … CASCADE for dependencies. |
| optional | bool | false | Skip (don't fail) if the extension is unavailable. |
grant"<role>" { }
nested block · repeatableA privilege grant to a role.
| Name | Type | Default | Description |
|---|---|---|---|
| privileges REQ | list(string) | — | Privileges to grant (SELECT, INSERT, ALL, …). |
| database | string | — | Target database. |
| schema | string | — | Target schema. |
| objects | string | — | Object class the grant applies to (tables, sequences, …). |
| with_grant_option | bool | false | Allow the grantee to re-grant. |