Add TimescaleDB full version support for PostgreSQL 17

- Update TimescaleDB to version 2.20.3 with full features (APACHE_ONLY=0)
- Configure PostgreSQL 17 to exclude TimescaleDB and plv8 extensions
- Add build configuration for CEP PostgreSQL 17.4.1.043
- Update gitignore to exclude tar.gz archives

Author: damonrand

.gitignore

@@ -25,3 +25,6 @@ result*
 
 db/schema.sql
 common-nix.vars.pkr.hcl
+
+# CEP PostgreSQL source archives
+*.tar.gz

CLAUDE.md

@@ -0,0 +1,133 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## CRITICAL INSTRUCTION: PostgreSQL Version Restriction
+
+**ALWAYS USE POSTGRESQL 17 ONLY**
+
+- When starting servers, ONLY use: `nix run .#start-server 17`
+- When building, ONLY target PostgreSQL 17
+- When testing, ONLY use: `nix build .#checks.psql_17 -L`
+- When building AMIs, ONLY use: `nix run .#build-test-ami 17`
+- NEVER use PostgreSQL 15 or OrioleDB 17 variants
+- If asked to work with other versions, politely decline and explain you must only work with PostgreSQL 17
+
+## Project Overview
+
+This is **Supabase's PostgreSQL distribution** - an enhanced PostgreSQL build with 40+ extensions across three major versions (PostgreSQL 15, 17, and OrioleDB 17). The project uses Nix as the primary build system for reproducible builds and provides Docker/Packer alternatives for different deployment scenarios.
+
+## Development Commands
+
+### Primary Development Environment (Nix)
+```bash
+# Enter development environment
+nix develop
+
+# Start PostgreSQL server (ONLY use version 17)
+nix run .#start-server 17
+
+# Connect client with migrations applied
+nix run .#start-client
+
+# Run database migrations
+nix run .#dbmate-tool
+
+# Run all tests
+nix flake check
+
+# Run tests for PostgreSQL 17 ONLY
+nix build .#checks.psql_17 -L
+```
+
+### CI/CD and AMI Building
+```bash
+# Trigger Nix build
+nix run .#trigger-nix-build
+
+# Build test AMI (PostgreSQL 17 ONLY)
+nix run .#build-test-ami 17
+
+# Run infrastructure tests
+nix run .#run-testinfra
+
+# Cleanup AMI
+nix run .#cleanup-ami
+```
+
+### Legacy Build System
+```bash
+# Packer-based image building
+make init
+make output-cloudimg/packer-cloudimg
+make alpine-image
+```
+
+## Architecture Overview
+
+### PostgreSQL Version Support
+- **PostgreSQL 17**: The ONLY version to use for all development and builds
+- Other versions (15, OrioleDB 17) exist in the codebase but MUST NOT be used
+
+Extension configuration is in `nix/postgresql/` but ONLY work with PostgreSQL 17.
+
+### Build System Architecture
+- **Primary**: Nix flakes (`flake.nix`) for reproducible builds
+- **Fallback**: Docker containers for development
+- **Production**: Packer + Ansible for AMI creation
+
+### Extension Management
+Extensions are organized in `nix/ext/` by category:
+- **Security**: pgsodium, vault, pgaudit
+- **Analytics**: TimescaleDB, pg_stat_monitor
+- **API**: pg_graphql, PostgREST integration
+- **Vector Search**: pgvector
+- **Geospatial**: PostGIS, pgRouting
+
+### Migration System
+- Uses **dbmate** for schema migrations
+- Located in `migrations/` directory
+- Supports all PostgreSQL versions
+- Append-only migration pattern
+
+### Testing Framework
+- **pg_regress**: PostgreSQL regression testing
+- **pgTAP**: Database unit testing in `migrations/tests/extensions/`
+- **testinfra**: Infrastructure testing with Python pytest
+- **PostgreSQL 17 testing**: All extensions tested against PostgreSQL 17 ONLY
+
+## Extension Development
+
+### Adding New Extensions
+1. Create build stage in appropriate Dockerfile
+2. Add version build args
+3. Use `checkinstall` for source-built extensions
+4. Copy package to extensions stage
+5. Add pgTAP test in `migrations/tests/extensions/`
+
+### Extension Testing
+Create test file in `migrations/tests/extensions/`:
+```sql
+BEGIN;
+create extension if not exists your_extension with schema "extensions";
+ROLLBACK;
+```
+
+## Migration Guidelines
+- **Never edit existing migrations** - always create new ones
+- **Idempotent**: All migrations must be rerunnable
+- **Role-based**: Use appropriate database roles for different migration phases
+- **PostgreSQL 17 specific**: Target PostgreSQL 17 ONLY
+
+## Security Model
+- **supabase_admin**: Superuser role for administration
+- **authenticator**: Connection pooling role
+- **Row Level Security**: Built-in RLS policies
+- **Predefined roles**: For API access patterns
+
+## Key Configuration
+- Default PostgreSQL port: `5435`
+- Default host: `localhost`
+- Superuser: `supabase_admin`
+- WAL level: `logical` with 5 replication slots
+- Large Systems Extensions enabled for ARM images

ansible/tasks/stage2-setup-postgres.yml

@@ -18,20 +18,20 @@
       set_fact:
         is_psql_15: "{{ psql_version in ['psql_15'] }}"
 
-    - name: Remove specified extensions from postgresql.conf if orioledb-17 or 17 build
+    - name: Remove specified extensions from postgresql.conf if orioledb-17 build
       ansible.builtin.command:
         cmd: >
           sed -i 's/ timescaledb,//g' 
           /etc/postgresql/postgresql.conf
-      when: is_psql_oriole or is_psql_17 and stage2_nix 
+      when: is_psql_oriole and stage2_nix 
       become: yes
 
-    - name: Remove specified extensions from supautils.conf if orioledb-17 or 17 build
+    - name: Remove specified extensions from supautils.conf if orioledb-17 build
       ansible.builtin.command:
         cmd: >
           sed -i 's/ timescaledb,//g; s/ plv8,//g' 
           /etc/postgresql-custom/supautils.conf
-      when: is_psql_oriole or is_psql_17 and stage2_nix
+      when: is_psql_oriole and stage2_nix
       become: yes
 
     - name: Remove db_user_namespace from postgresql.conf if orioledb-17 or 17 build

ansible/vars.yml

@@ -6,12 +6,14 @@ postgres_major:
   - "15"
   - "17"
   - "orioledb-17"
+  - "cep"
 
 # Full version strings for each major version
 postgres_release:
   postgresorioledb-17: "17.0.1.093-orioledb"
   postgres17: "17.4.1.043"
   postgres15: "15.8.1.100"
+  postgrescep: "17.4.1.043-cep"
 
 # Non Postgres Extensions
 pgbouncer_release: "1.19.0"

flake.nix

@@ -163,7 +163,7 @@
 
         #Where we import and build the orioledb extension, we add on our custom extensions
         # plus the orioledb option
-        #we're not using timescaledb or plv8 in the orioledb-17 version or pg 17 of supabase extensions
+        #we're not using timescaledb or plv8 in the orioledb-17 version but timescaledb is now enabled for pg 17
         orioleFilteredExtensions = builtins.filter
           (
             x:
@@ -173,7 +173,12 @@
         ) ourExtensions;
 
         orioledbExtensions = orioleFilteredExtensions ++ [ ./nix/ext/orioledb.nix ];
-        dbExtensions17 = orioleFilteredExtensions;
+        dbExtensions17 = builtins.filter
+          (
+            x:
+            x != ./nix/ext/plv8.nix &&
+            x != ./nix/ext/timescaledb-2.9.1.nix
+        ) ourExtensions;
         getPostgresqlPackage = version:
           pkgs.postgresql."postgresql_${version}";
         # Create a 'receipt' file for a given postgresql package. This is a way

nix/ext/timescaledb-2.9.1.nix

@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
     hash = "sha256-fvVSxDiGZAewyuQ2vZDb0I6tmlDXl6trjZp8+qDBtb8=";
   };
 
-  cmakeFlags = [ "-DSEND_TELEMETRY_DEFAULT=OFF" "-DREGRESS_CHECKS=OFF" "-DTAP_CHECKS=OFF" "-DAPACHE_ONLY=1" ]
+  cmakeFlags = [ "-DSEND_TELEMETRY_DEFAULT=OFF" "-DREGRESS_CHECKS=OFF" "-DTAP_CHECKS=OFF" "-DAPACHE_ONLY=0" ]
     ++ lib.optionals stdenv.isDarwin [ "-DLINTER=OFF" ];
 
   # Fix the install phase which tries to install into the pgsql extension dir,

nix/ext/timescaledb.nix

@@ -2,7 +2,7 @@
 
 stdenv.mkDerivation rec {
   pname = "timescaledb-apache";
-  version = "2.16.1";
+  version = "2.20.3";
 
   nativeBuildInputs = [ cmake ];
   buildInputs = [ postgresql openssl libkrb5 ];
@@ -11,10 +11,10 @@ stdenv.mkDerivation rec {
     owner = "timescale";
     repo = "timescaledb";
     rev = version;
-    hash = "sha256-sLxWdBmih9mgiO51zLLxn9uwJVYc5JVHJjSWoADoJ+w=";
+    hash = "sha256-Ma6h2ISMjBz14y5Pbx4T4QOMrrvUy5wkPyKawm9rpx0=";
   };
 
-  cmakeFlags = [ "-DSEND_TELEMETRY_DEFAULT=OFF" "-DREGRESS_CHECKS=OFF" "-DTAP_CHECKS=OFF" "-DAPACHE_ONLY=1" ]
+  cmakeFlags = [ "-DSEND_TELEMETRY_DEFAULT=OFF" "-DREGRESS_CHECKS=OFF" "-DTAP_CHECKS=OFF" "-DAPACHE_ONLY=0" ]
     ++ lib.optionals stdenv.isDarwin [ "-DLINTER=OFF" ];
 
   # Fix the install phase which tries to install into the pgsql extension dir,