From 24d246bf80422ec74a1dc687037a32ca6fd6f38e Mon Sep 17 00:00:00 2001
From: Thalles Passos <contato@thalles.me>
Date: Sat, 27 Sep 2025 09:09:48 -0300
Subject: [PATCH 1/4] add postgres 18

---
 Dockerfile.18 | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 Dockerfile.18

diff --git a/Dockerfile.18 b/Dockerfile.18
new file mode 100644
index 0000000..1354cc4
--- /dev/null
+++ b/Dockerfile.18
@@ -0,0 +1,15 @@
+ARG POSTGRES_VERSION=18
+FROM postgres:${POSTGRES_VERSION}
+
+# Install OpenSSL and sudo
+RUN apt-get update && apt-get install -y openssl sudo
+
+# Allow the postgres user to execute certain commands as root without a password
+RUN echo "postgres ALL=(root) NOPASSWD: /usr/bin/mkdir, /bin/chown, /usr/bin/openssl" > /etc/sudoers.d/postgres
+
+# Add init scripts while setting permissions
+COPY --chmod=755 init-ssl.sh /docker-entrypoint-initdb.d/init-ssl.sh
+COPY --chmod=755 wrapper.sh /usr/local/bin/wrapper.sh
+
+ENTRYPOINT ["wrapper.sh"]
+CMD ["postgres", "-p", "5432", "-c", "listen_addresses=*"]
\ No newline at end of file

From 68c6adbbdf2987593533db2aacb6ccb8960d9549 Mon Sep 17 00:00:00 2001
From: Thalles Passos <contato@thalles.me>
Date: Sat, 27 Sep 2025 09:52:42 -0300
Subject: [PATCH 2/4] Update init-ssl.sh

---
 init-ssl.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/init-ssl.sh b/init-ssl.sh
index 87abaa3..f240c45 100644
--- a/init-ssl.sh
+++ b/init-ssl.sh
@@ -4,7 +4,7 @@
 set -e
 
 # Set up needed variables
-SSL_DIR="/var/lib/postgresql/data/certs"
+SSL_DIR="/var/lib/postgresql/certs"
 
 SSL_SERVER_CRT="$SSL_DIR/server.crt"
 SSL_SERVER_KEY="$SSL_DIR/server.key"
@@ -54,4 +54,4 @@ ssl = on
 ssl_cert_file = '$SSL_SERVER_CRT'
 ssl_key_file = '$SSL_SERVER_KEY'
 ssl_ca_file = '$SSL_ROOT_CRT'
-EOF
\ No newline at end of file
+EOF

From 393984a0d3713397959b4f24b9ae36944b3ebeb9 Mon Sep 17 00:00:00 2001
From: Thalles Passos <contato@thalles.me>
Date: Sat, 27 Sep 2025 09:52:58 -0300
Subject: [PATCH 3/4] Update wrapper.sh

---
 wrapper.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/wrapper.sh b/wrapper.sh
index db8455a..e235adc 100644
--- a/wrapper.sh
+++ b/wrapper.sh
@@ -3,7 +3,7 @@
 # exit as soon as any of these commands fail, this prevents starting a database without certificates or with the wrong volume mount path
 set -e
 
-EXPECTED_VOLUME_MOUNT_PATH="/var/lib/postgresql/data"
+EXPECTED_VOLUME_MOUNT_PATH="/var/lib/postgresql"
 
 # check if the Railway volume is mounted to the correct path
 # we do this by checking the current mount path (RAILWAY_VOLUME_MOUNT_PATH) agiant the expected mount path
@@ -25,7 +25,7 @@ if [[ ! "$PGDATA" =~ ^"$EXPECTED_VOLUME_MOUNT_PATH" ]]; then
 fi
 
 # Set up needed variables
-SSL_DIR="/var/lib/postgresql/data/certs"
+SSL_DIR="/var/lib/postgresql/certs"
 INIT_SSL_SCRIPT="/docker-entrypoint-initdb.d/init-ssl.sh"
 POSTGRES_CONF_FILE="$PGDATA/postgresql.conf"
 
@@ -67,4 +67,4 @@ if [[ "$LOG_TO_STDOUT" == "true" ]]; then
     /usr/local/bin/docker-entrypoint.sh "$@" 2>&1
 else
     /usr/local/bin/docker-entrypoint.sh "$@"
-fi
\ No newline at end of file
+fi

From 75a2b08e339057db3ac19d2bbfae253505ee366b Mon Sep 17 00:00:00 2001
From: Thalles Passos <contato@thalles.me>
Date: Sat, 27 Sep 2025 10:03:01 -0300
Subject: [PATCH 4/4] support new volume mount path

---
 init-ssl.sh |  2 +-
 wrapper.sh  | 48 +++++++++++++++++++++++++++++++++++++-----------
 2 files changed, 38 insertions(+), 12 deletions(-)

diff --git a/init-ssl.sh b/init-ssl.sh
index f240c45..26ee30e 100644
--- a/init-ssl.sh
+++ b/init-ssl.sh
@@ -4,7 +4,7 @@
 set -e
 
 # Set up needed variables
-SSL_DIR="/var/lib/postgresql/certs"
+SSL_DIR="$PGDATA/certs"
 
 SSL_SERVER_CRT="$SSL_DIR/server.crt"
 SSL_SERVER_KEY="$SSL_DIR/server.key"
diff --git a/wrapper.sh b/wrapper.sh
index e235adc..f5a1951 100644
--- a/wrapper.sh
+++ b/wrapper.sh
@@ -3,24 +3,50 @@
 # exit as soon as any of these commands fail, this prevents starting a database without certificates or with the wrong volume mount path
 set -e
 
-EXPECTED_VOLUME_MOUNT_PATH="/var/lib/postgresql"
+EXPECTED_VOLUME_MOUNT_PATHS=("/var/lib/postgresql" "/var/lib/postgresql/data")
 
-# check if the Railway volume is mounted to the correct path
-# we do this by checking the current mount path (RAILWAY_VOLUME_MOUNT_PATH) agiant the expected mount path
-# if the paths are different, we print an error message and exit
+# Function to check if a path matches any of the expected volume mount paths
+# Usage: check_path_matches "exact" "/path/to/check" - for exact match
+# Usage: check_path_matches "starts_with" "/path/to/check" - for prefix match
+check_path_matches() {
+  local match_type="$1"
+  local path_to_check="$2"
+  
+  for expected_path in "${EXPECTED_VOLUME_MOUNT_PATHS[@]}"; do
+    if [ "$match_type" = "exact" ]; then
+      if [ "$path_to_check" = "$expected_path" ]; then
+        return 0  # true - path matches
+      fi
+    elif [ "$match_type" = "starts_with" ]; then
+      if [[ "$path_to_check" =~ ^"$expected_path" ]]; then
+        return 0  # true - path starts with expected path
+      fi
+    fi
+  done
+  
+  return 1  # false - no match found
+}
+
+# check if the Railway volume is mounted to one of the correct paths
+# we do this by checking the current mount path (RAILWAY_VOLUME_MOUNT_PATH) against the expected mount paths
+# if the paths don't match any of the expected paths, we print an error message and exit
 # only perform this check if this image is deployed to Railway by checking for the existence of the RAILWAY_ENVIRONMENT variable
-if [ -n "$RAILWAY_ENVIRONMENT" ] && [ "$RAILWAY_VOLUME_MOUNT_PATH" != "$EXPECTED_VOLUME_MOUNT_PATH" ]; then
-  echo "Railway volume not mounted to the correct path, expected $EXPECTED_VOLUME_MOUNT_PATH but got $RAILWAY_VOLUME_MOUNT_PATH"
-  echo "Please update the volume mount path to the expected path and redeploy the service"
+if [ -n "$RAILWAY_ENVIRONMENT" ] && ! check_path_matches "exact" "$RAILWAY_VOLUME_MOUNT_PATH"; then
+  echo "Railway volume not mounted to any of the correct paths"
+  echo "Expected one of: ${EXPECTED_VOLUME_MOUNT_PATHS[*]}"
+  echo "But got: $RAILWAY_VOLUME_MOUNT_PATH"
+  echo "Please update the volume mount path to one of the expected paths and redeploy the service"
   exit 1
 fi
 
-# check if PGDATA starts with the expected volume mount path
+# check if PGDATA starts with one of the expected volume mount paths
 # this ensures data files are stored in the correct location
 # if not, print error and exit to prevent data loss or access issues
-if [[ ! "$PGDATA" =~ ^"$EXPECTED_VOLUME_MOUNT_PATH" ]]; then
-  echo "PGDATA variable does not start with the expected volume mount path, expected to start with $EXPECTED_VOLUME_MOUNT_PATH"
-  echo "Please update the PGDATA variable to start with the expected volume mount path and redeploy the service"
+if ! check_path_matches "starts_with" "$PGDATA"; then
+  echo "PGDATA variable does not start with any of the expected volume mount paths"
+  echo "Expected to start with one of: ${EXPECTED_VOLUME_MOUNT_PATHS[*]}"
+  echo "But got: $PGDATA"
+  echo "Please update the PGDATA variable to start with one of the expected volume mount paths and redeploy the service"
   exit 1
 fi