postiz + n8n: real DB URL + webhook-trigger approval

- postiz: set DATABASE_URL/REDIS_URL pointing at the bundled subcharts; the chart does NOT auto-wire even when postgresql.enabled=true, so the prisma db:push was failing with empty DATABASE_URL. - n8n approval workflow: swap telegramTrigger -> webhook node so it works without an n8n-stored Telegram credential. Telegram bot's webhook is set via setWebhook to https://n8n.viktorbarzin.me/webhook/instagram-approval. Parse-callback Code node tolerates both shapes ({body:{callback_query:...}} vs {callback_query:...}) so a future move back to telegramTrigger doesn't break.
2026-05-09 00:55:19 +00:00 · 2026-05-09 00:55:19 +00:00 · c6939c3d53
commit c6939c3d53
parent 5057341d09
2 changed files with 275 additions and 78 deletions
--- a/stacks/postiz/modules/postiz/main.tf
+++ b/stacks/postiz/modules/postiz/main.tf
@ -134,27 +134,16 @@ resource "helm_release" "postiz" {
      NX_ADD_PLUGINS                   = "false"
    }

-    # Empty placeholder for chart-rendered Secret. ESO patches JWT_SECRET via
-    # creationPolicy=Merge above. DATABASE_URL/REDIS_URL are auto-wired by the
-    # chart's bundled subcharts and don't need to be set here.
+    # Postiz reads DATABASE_URL/REDIS_URL from this Secret. The chart does
+    # NOT auto-wire bundled subcharts — we have to point at the in-namespace
+    # PG/Redis Services. ESO patches JWT_SECRET on top via creationPolicy=Merge.
+    # Subchart auth uses the chart defaults (postiz / postiz-password,
+    # postiz-redis-password) — both Services are ClusterIP, only routable
+    # from inside the postiz namespace, so the well-known creds are safe.
    secrets = {
-      DATABASE_URL                  = ""
-      REDIS_URL                     = ""
-      JWT_SECRET                    = ""
-      X_API_KEY                     = ""
-      X_API_SECRET                  = ""
-      LINKEDIN_CLIENT_ID            = ""
-      LINKEDIN_CLIENT_SECRET        = ""
-      REDDIT_CLIENT_ID              = ""
-      REDDIT_CLIENT_SECRET          = ""
-      GITHUB_CLIENT_ID              = ""
-      GITHUB_CLIENT_SECRET          = ""
-      RESEND_API_KEY                = ""
-      CLOUDFLARE_ACCOUNT_ID         = ""
-      CLOUDFLARE_ACCESS_KEY         = ""
-      CLOUDFLARE_SECRET_ACCESS_KEY  = ""
-      CLOUDFLARE_BUCKETNAME         = ""
-      CLOUDFLARE_BUCKET_URL         = ""
+      DATABASE_URL = "postgresql://postiz:postiz-password@postiz-postgresql:5432/postiz"
+      REDIS_URL    = "redis://default:postiz-redis-password@postiz-redis-master:6379"
+      JWT_SECRET   = ""
    }

    # Use our PVC for uploads (overrides the chart's emptyDir default).