overthinkos/postgresql
infrastructure/skills/postgresql/SKILL.md
PostgreSQL database server on port 5432 with pgvector extension and persistent data. Entrypoint supports POSTGRES_SHARED_PRELOAD_LIBRARIES for extension loading. Use when working with PostgreSQL, database configuration, or pgvector.
tools
Updated May 25, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins postgresqlInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 25, 2026, 5:24 AM165.6s1 file scanned
SKILL.md
- name:
- postgresql
- description:
- |
postgresql -- PostgreSQL database server
Layer Properties
| Property | Value |
|----------|-------|
| Dependencies | none |
| Ports | 5432 |
| Volumes | pgdata -> ~/.postgresql/data |
| Service | postgresql (supervisord, priority 10) |
| Install files | task: |
Environment Variables
| Variable | Value |
|----------|-------|
| PGDATA | ~/.postgresql/data |
| POSTGRES_HOST_AUTH_METHOD | scram-sha-256 |
| POSTGRES_SHARED_PRELOAD_LIBRARIES | (optional) — comma-separated .so names loaded at startup |
The entrypoint also reads these variables (with defaults, not set in layer.yml):
POSTGRES_USER(default:postgres) — set by consuming layers (e.g., immich setsimmich)POSTGRES_DB(default:$POSTGRES_USER) — set by consuming layersPOSTGRES_PASSWORD— required unlessPOSTGRES_HOST_AUTH_METHOD=trust
Service Environment (injected into other containers)
| Variable | Template Value | Resolved Example |
|----------|---------------|-----------------|
| PGHOST | {{.ContainerName}} | ov-postgresql |
| PGPORT | 5432 | 5432 |
Pod-aware: same-container consumers receive PGHOST=localhost, cross-container consumers receive PGHOST=ov-postgresql. When ov config runs, these are automatically injected into the global deploy.yml env for PostgreSQL service discovery.
See /ov-image:layer for env_provides field docs.
Packages
The layer is multi-distro:
- RPM (Fedora):
postgresql-server,postgresql-contrib,pgvector(vector similarity search extension) - PAC (Arch/CachyOS):
postgresql,postgresql-libs— the Archpostgresqlpackage ships the server + contrib tooling; pgvector on Arch is built from the AUR (see/ov-infrastructure:vectorchord).
Usage
# image.yml -- typically used as dependency of immich
my-image:
layers:
- postgresql
Used In Images
/ov-immich:immich/ov-immich:immich-ml
Entrypoint Features
The custom entrypoint (/usr/local/bin/postgresql-entrypoint.sh) supports:
- First-run initialization —
initdb, database creation, and/docker-entrypoint-initdb.d/scripts - Password management —
POSTGRES_PASSWORDorPOSTGRES_PASSWORD_FILE POSTGRES_SHARED_PRELOAD_LIBRARIES— when set, adds-c shared_preload_libraries=...to both the init-phase temp server and the final exec. Used by thevectorchordlayer to loadvchord.so. Generic mechanism — any extension layer can use it.
Related Layers
/ov-immich:immich-- primary consumer (depends on postgresql)/ov-infrastructure:vectorchord-- setsPOSTGRES_SHARED_PRELOAD_LIBRARIES=vchord.so/ov-infrastructure:redis-- often paired with postgresql in service stacks
Related Commands
/ov-core:ov-config— Deploy with secrets provisioning (db-password)/ov-build:secrets— Manage database credentials
When to Use This Skill
Use when the user asks about:
- PostgreSQL database setup in containers
- pgvector extension
- Database volume or
PGDATAconfiguration - Port 5432 service
- Database initialization
Related
/ov-eval:eval— declarative testing (eval:block,ov eval image,ov eval live)
Related Skills
overthinkos/agents
development
VerifiedTrustedCommunity
Claude Code multi-agent support in Overthink — sub-agents, dynamic workflows, and agent teams, and how each drives the existing `ov eval` disposable beds to test and verify. MUST be invoked before authoring or invoking an ov sub-agent / dynamic workflow / agent team, wiring agent-lifecycle hooks, or asking "which primitive should drive the R10 beds?".
SKILL.mdUpdated May 31, 2026
overthinkos/workspace-mount
tools
VerifiedTrustedCommunity
Mounts a virtiofs share tagged `workspace` at /workspace inside a VM guest via a systemd .mount unit. Use when a kind:vm entity shares a host directory into the guest and you need it auto-mounted (and re-mounted at every boot).
SKILL.mdUpdated May 30, 2026
overthinkos/android
development
VerifiedTrustedCommunity
MUST be invoked before any work involving: the `kind: android` schema kind, a `target: android` deploy, the `apk:` layer package format (installing Android apps declaratively), AndroidDeployTarget, an in-pod emulator OR a remote/physical adb-endpoint device, or nested `pod → android` deployment. The first-class Android device + app surface that sits above `ov eval adb`/`appium`.
SKILL.mdUpdated May 26, 2026
overthinkos/git-workflow
tools
VerifiedTrustedCommunity
Use when committing, branching, pushing, merging, tagging, creating PRs, or approving/merging PRs with gh — the feat/-branch, R10-gated, never-force-push landing workflow across the main repo + the plugins submodule + image/<distro> submodules. Covers sync-to-upstream, branch/worktree pruning, the fork+PR path for contributors without write access, and cross-repo @github landing order.
SKILL.mdUpdated May 25, 2026