chore: install gatekeeper with ansible

Author: staaldraad

ansible/tasks/stage2-setup-postgres.yml

@@ -94,7 +94,25 @@
   shell: |
     sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#{{postgresql_version}}_src"
   when: stage2_nix
-  
+
+- name: Check psql_version and install gatekeeper if not pg15
+  block:
+    - name: Check if psql_version is psql_15
+      set_fact:
+        is_psql_15: "{{ psql_version == 'psql_15' }}"
+
+    - name: Install gatekeeper from nix binary cache
+      become: yes
+      shell: |
+        sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#gatekeeper"
+      when: stage2_nix and not is_psql_15
+
+    - name: Create symbolic link for linux-pam to find pam_jit_pg.so
+      shell: >
+        sudo ln -s /var/lib/postgresql/.nix-profile/lib/security/pam_jit_pg.so $(find /nix/store -type d -path "/nix/store/*-linux-pam-*/lib/security" -print -quit)/pam_jit_pg.s
+      become: yes
+      when: stage2_nix and not is_psql_15
+
 - name: Set ownership and permissions for /etc/ssl/private
   become: yes
   file:

nix/packages/gatekeeper.nix

@@ -30,14 +30,14 @@ buildGoModule {
 
   buildPhase = ''
     runHook preBuild
-    go build -buildmode=c-shared -o pam_jwt_pg.so
+    go build -buildmode=c-shared -o pam_jit_pg.so
     runHook postBuild
   '';
 
   installPhase = ''
     runHook preInstall
     mkdir -p $out/lib/security
-    cp pam_jwt_pg.so $out/lib/security/
+    cp pam_jit_pg.so $out/lib/security/
     runHook postInstall
   '';