feat(postgresql): update postgresql and vectorchord extension

update notes:
- update postgresql version from 18.2 to 18.3
- update vectorchord version from 0.5.3 to 1.1.1
- add update flow and notice to postgresql.md

ansible/inventory/group_vars/all.yaml

@@ -192,19 +192,19 @@ version:
     # infra
     step: "0.30.2"
     ldap: "v0.6.3"
-    x509-exporter: "3.21.0"
-    prometheus: "v3.9.1"
+    x509-exporter: "4.1.0"
+    prometheus: "v3.11.3"
     loki: "3.7.1"
-    grafana: "12.3.3"
+    grafana: "13.0.1"
     ## Postgresql
-    postgresql: "18.2"
+    postgresql: "18.3"
     # For immich - https://github.com/immich-app/base-images/blob/main/postgres/versions.yaml
 #    pgvector: "v0.8.1"
-    vectorchord: "0.5.3"
+    vectorchord: "1.1.1"
     # Auth
     authelia: "4.39.19"
     # App
-    vaultwarden: "1.35.8"
+    vaultwarden: "1.36.0"
     gitea: "1.26.1"
     redis: "8.6.1"
     immich: "v2.7.5"

ansible/roles/infra/tasks/services/set_x509-exporter.yaml

@@ -8,9 +8,20 @@
     mode: "0770"
   loop:
     - "x509-exporter"
+    - "x509-exporter/config"
     - "x509-exporter/certs"
   become: true
 
+- name: Deploy config.yaml
+  ansible.builtin.copy:
+    src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/infra/x509-exporter/config/config.yaml"
+    dest: "{{ node['home_path'] }}/containers/x509-exporter/config/config.yaml"
+    owner: "{{ services['x509-exporter']['subuid'] }}"
+    group: "svadmins"
+    mode: "0440"
+  become: true
+  no_log: true
+
 - name: Deploy certificates
   ansible.builtin.copy:
     content: |

config/services/containers/infra/x509-exporter/config/config.yaml

@@ -0,0 +1,11 @@
+server:
+  listen: :9793
+
+sources:
+  - kind: file
+    name: homelab-certs
+    paths:
+      - /certs/*.crt
+      - /certs/*.pem
+      - /certs/*.cer
+    refreshInterval: 1m

config/services/containers/infra/x509-exporter/x509-exporter.container.j2

@@ -11,11 +11,12 @@ Image=docker.io/enix/x509-certificate-exporter:{{ version['containers']['x509-ex
 ContainerName=x509-exporter
 HostName=X509-exporter
 
+Volume=%h/containers/x509-exporter/config/config.yaml:/etc/config.yaml:ro
 Volume=%h/containers/x509-exporter/certs:/certs:ro
 
 PublishPort={{ services['x509-exporter']['ports']['http'] }}:9793
 
-Exec=--listen-address :9793 --watch-dir=/certs
+Exec=--config /etc/config.yaml
 
 [Service]
 Restart=always

docs/services/infra/postgresql.md

@@ -37,14 +37,14 @@ podman exec -it -u postgres postgresql "psql -U postgres"
 > \l
 > \q
 
-# Restor database (manually)
+# Restore database (manually)
 podman exec -u postgres postgresql "psql -U postgres -f $POSTGRESQL_BACKUP_PATH_IN_CONTAINER/script.sql"
 
 # Backup service executes
 systemctl --user start postgresql-cluster-backup.service
 
 # Stop and remove all data
-systemctl --stop postgresql
+systemctl --user stop postgresql
 sudo find "/home/infra/data/containers/postgresql/data" -mindepth 1 -delete
 
 # Restore database
@@ -62,3 +62,39 @@ postgres=# SHOW shared_preload_libraries;
  vchord.so
 (1 row)
 ```
+
+## Update and upgrade version
+
+### Update version
+
+#### Prerequisite
+
+- Shutdown all related services on [infra, auth, app] vms.
+    - [service list](../../../ansible/roles/infra/tasks/services/set_postgresql.yaml)
+    - `systemctl --user stop $SERVICE`
+
+- Run backup service unit on infra vm.
+    - `systemctl --user start postgresql-cluster-backup.service`
+    - `systemctl --user start postgresql-data-backup@$SERVICE.service`
+
+- Modify postgresql and extension version and run ansible playbook
+    - [version info](../../../ansible/inventory/group_vars/all.yaml)
+    - `ansible-playbook playbooks/infra/site.yaml --tags "postgresql"`
+
+- Check postgresql container and update extension
+
+```postgresql
+# immich example
+# extension should be checked on each database which needs the extension
+\c immich_db
+\dx
+# check the installed_version and default_version
+ALTER EXTENSION vchord UPDATE;
+REINDEX INDEX face_index;
+REINDEX INDEX clip_index;
+```
+
+- Run playbook to start all services
+    - `ansible-playbook playbooks/[infra, auth, app]/site.yaml --tags "site"`
+
+- Check all services