Skip to content

Commit 43363e2

Browse files
staaldraadstaaldraad
committed
chore: install gatekeeper with ansible
1 parent 9ca620b commit 43363e2

File tree

3 files changed

+22
-6
lines changed

3 files changed

+22
-6
lines changed

ansible/tasks/setup-postgres.yml

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -145,13 +145,11 @@
145145

146146
- name: create placeholder pam config
147147
file:
148-
path: '/etc/pam.d/{{ item }}'
148+
path: '/etc/pam.d/postgresql'
149149
state: touch
150150
owner: postgres
151151
group: postgres
152152
mode: 0664
153-
with_items:
154-
- 'postgresql'
155153
when: (debpkg_mode or nixpkg_mode) and not is_psql_15
156154

157155
# Add pg_hba.conf

ansible/tasks/stage2-setup-postgres.yml

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,25 @@
9494
shell: |
9595
sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#{{postgresql_version}}_src"
9696
when: stage2_nix
97-
97+
98+
- name: Check psql_version and install gatekeeper if not pg15
99+
block:
100+
- name: Check if psql_version is psql_15
101+
set_fact:
102+
is_psql_15: "{{ psql_version == 'psql_15' }}"
103+
104+
- name: Install gatekeeper from nix binary cache
105+
become: yes
106+
shell: |
107+
sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#gatekeeper"
108+
when: stage2_nix and not is_psql_15
109+
110+
- name: Create symbolic link for linux-pam to find pam_jit_pg.so
111+
shell: >
112+
sudo ln -s /var/lib/postgresql/.nix-profile/lib/security/pam_jit_pg.so $(find /nix/store -type d -path "/nix/store/*-linux-pam-*/lib/security" -print -quit)/pam_jit_pg.s
113+
become: yes
114+
when: stage2_nix and not is_psql_15
115+
98116
- name: Set ownership and permissions for /etc/ssl/private
99117
become: yes
100118
file:

nix/packages/gatekeeper.nix

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,14 +30,14 @@ buildGoModule {
3030

3131
buildPhase = ''
3232
runHook preBuild
33-
go build -buildmode=c-shared -o pam_jwt_pg.so
33+
go build -buildmode=c-shared -o pam_jit_pg.so
3434
runHook postBuild
3535
'';
3636

3737
installPhase = ''
3838
runHook preInstall
3939
mkdir -p $out/lib/security
40-
cp pam_jwt_pg.so $out/lib/security/
40+
cp pam_jit_pg.so $out/lib/security/
4141
runHook postInstall
4242
'';
4343

0 commit comments

Comments
 (0)