From e80505a7730ea1847011a9e9130445b53721f01d Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Tue, 2 Dec 2025 17:36:37 -0300
Subject: [PATCH] notes: add postgres centralization guidance

---
 AGENTS.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/AGENTS.md b/AGENTS.md
index 664fc6c..a8d49c8 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -62,3 +62,7 @@ Repository Guidelines
   4) Add Traefik forward-auth (oauth2-proxy) in front of Zot and any other services needing headers-based auth.
   5) Deploy Jellyfin OpenID plugin; map Keycloak users to existing Jellyfin usernames; communicate password reset path.
 - Migration caution: do not delete existing local creds until SSO validated; keep Pegasus working via Jellyfin tokens during transition.
+
+## Postgres centralization (2025-12-03)
+- Prefer a shared in-cluster Postgres deployment with per-service databases to reduce resource sprawl on Pi nodes. Use it for services that can easily point at an external DB.
+- Candidates to migrate to shared Postgres: Keycloak (realm DB), Gitea (git DB), Nextcloud (app DB), possibly Grafana (if persistence needed beyond current provisioner), Jitsi prosody/JVB state (if external DB supported). Keep tightly-coupled or lightweight embedded DBs as-is when migration is painful or not supported.