moments/asset/sql/bootstrap.sql

-- moments role and database bootstrap.
-- Run as a postgres superuser against the cluster's `postgres` database.
-- Idempotent — safe to re-run on every deploy.
--
--   psql -h magrathea.kosherinata.internal -U postgres -d postgres \
--        -f asset/sql/bootstrap.sql
--
-- After this completes, run asset/sql/bootstrap-moments.sql against the
-- newly created `moments` database to apply the in-database grants.

DO $$
BEGIN
  IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'moments_rw') THEN
    CREATE ROLE moments_rw LOGIN;
  END IF;
  IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'moments_ro') THEN
    CREATE ROLE moments_ro LOGIN;
  END IF;
END
$$;

SELECT 'CREATE DATABASE moments OWNER moments_rw'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'moments')
\gexec

GRANT CONNECT ON DATABASE moments TO moments_ro, moments_rw;