From b5dc50b0b207cfe49e81b99cf9d48e6e11a3d715 Mon Sep 17 00:00:00 2001
From: Julian Cuni <julian.cuni@microservices.al>
Date: Sun, 3 May 2026 17:29:30 +0000
Subject: [PATCH] Bind postgres on Tailscale interface (100.66.187.183:5432)
 for pgAdmin access

---
 compose.dev.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/compose.dev.yaml b/compose.dev.yaml
index 5afe4f7..680fcac 100644
--- a/compose.dev.yaml
+++ b/compose.dev.yaml
@@ -88,6 +88,11 @@ services:
     image: timescale/timescaledb-ha:pg16.6-ts2.17.2-all
     expose:
       - '5432'
+    # Bind Postgres to the Tailscale interface only — reachable from pgAdmin
+    # via the zero-trust mesh, never from the public internet. The internal
+    # `postgres:5432` hostname for stack peers (directus, processor) is unaffected.
+    ports:
+      - '100.66.187.183:5432:5432'
     volumes:
       - postgres-data:/home/postgres/pgdata/data
     environment: