This system provides automated PostgreSQL version upgrades for multiple services in the home server infrastructure.
- Authentik: Authentication service
- Kresus: Banking application (supports multiple databases: k-db and k-db1)
- Nextcloud: File sharing and collaboration platform
Set these variables in inventories/group_vars/all.yml:
# PostgreSQL versions for all services
authentik_postgres_version: "15"
kresus_postgres_version: "15"
nextcloud_postgres_version: "15"
# Backup retention (in days)
postgres_backup_retention_days: 7Each service can override the global version:
# In role defaults or group_vars
authentik_postgres_version: "16" # Upgrade Authentik to PostgreSQL 16
kresus_postgres_version: "15" # Keep Kresus on PostgreSQL 15
nextcloud_postgres_version: "16" # Upgrade Nextcloud to PostgreSQL 16- Checks if PostgreSQL container exists
- Extracts current version from container image
- Compares with target version
- Creates backup directory with proper permissions (999:999)
- Dumps existing database using
pg_dump - Saves timestamped SQL dump file
- Stops all related services
- Removes old PostgreSQL container and volumes
- Cleans up old database directories
- Creates new docker-compose file with updated PostgreSQL version
- Deploys new services with
docker-compose up
- Waits for new PostgreSQL container to be ready
- Finds latest database dump
- Restores data using
psql - Restarts services after successful restoration
- Displays upgrade completion message
- Removes old backup files based on retention policy
- Keeps only recent backups to save disk space
playbooks/
├── tasks/
│ ├── upgrade_postgres_service.yml # Reusable upgrade logic
│ └── restore_postgres_service.yml # Reusable restore logic
└── roles/
├── authentik/
│ └── tasks/main.yml # Calls shared upgrade tasks
├── kresus/
│ └── tasks/main.yml # Handles multiple databases
└── nextcloud/
└── tasks/main.yml # Integrated with existing logic
To upgrade only Authentik to PostgreSQL 16:
# In inventories/group_vars/all.yml
authentik_postgres_version: "16"Then run:
ansible-playbook -i inventories/inventory.yml playbooks/install.yml --tags authentikUpdate all versions in group_vars/all.yml:
authentik_postgres_version: "16"
kresus_postgres_version: "16"
nextcloud_postgres_version: "16"Then run the full playbook:
ansible-playbook -i inventories/inventory.yml playbooks/install.yml- Automatic backups: Always creates database dump before upgrade
- Version checking: Only runs upgrade if versions actually differ
- Graceful failure handling: Uses
failed_when: falsefor cleanup tasks - Proper permissions: Ensures backup files have correct ownership
- Retention policy: Automatically cleans up old backups
- Bash pipefail: Ensures pipeline failures are properly detected
Backups are stored in:
- Authentik:
{{ docker_volumes_path }}/authentik-db-backup/ - Kresus k-db:
{{ docker_volumes_path }}/kresus-k-db-backup/ - Kresus k-db1:
{{ docker_volumes_path }}/kresus-k-db1-backup/ - Nextcloud:
{{ docker_volumes_path }}/nextcloud-db-backup/
The system displays detailed information about:
- Whether container exists
- Current and target versions
- Whether upgrade is needed
If automatic restore fails, you can manually restore using:
# Find latest backup
ls -la {{ docker_volumes_path }}/service-name-db-backup/
# Restore manually
cat /path/to/backup.sql | docker exec -i container-name psql -U username -d databaseAfter upgrade, verify the new version:
docker exec container-name psql -U username -d database -c "SELECT version();"community.dockercollection- Docker and docker-compose installed on target host
- Proper user permissions for Docker operations
- Sufficient disk space for database dumps