chore: use local socket for postgres and disable localhost access from db

staaldraad · staaldraad · commit aabe2640bc5a · 2025-02-27T15:06:37.000+01:00
diff --git a/ansible/files/postgresql_config/postgresql.service.j2 b/ansible/files/postgresql_config/postgresql.service.j2
@@ -21,5 +21,9 @@ RestartSec=5
 OOMScoreAdjust=-1000
 EnvironmentFile=-/etc/environment.d/postgresql.env
 LimitNOFILE=16384
+{% if supabase_internal is defined %}
+IPAddressDeny=localhost
+IPAddressAllow=127.0.0.53/32
+{% endif %}
 [Install]
 WantedBy=multi-user.target
diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py
@@ -106,7 +106,7 @@
     "0000000000000000000000000000000000000000000000000000000000000000"
 )
 postgrest_base_conf_content = """
-db-uri = "postgres://authenticator:postgres@localhost:5432/postgres?application_name=postgrest"
+db-uri = "postgres://authenticator:postgres@/postgres?host=/var/run/postgresql/&application_name=postgrest"
 db-schema = "public, storage, graphql_public"
 db-anon-role = "anon"
 jwt-secret = "my_jwt_secret_which_is_not_so_secret"
@@ -124,7 +124,7 @@
 GOTRUE_API_HOST=0.0.0.0
 GOTRUE_SITE_URL=
 GOTRUE_DB_DRIVER=postgres
-GOTRUE_DB_DATABASE_URL=postgres://supabase_auth_admin@localhost/postgres?sslmode=disable
+GOTRUE_DB_DATABASE_URL=postgres://supabase_auth_admin@/postgres?host=/var/run/postgresql/&sslmode=disable
 GOTRUE_JWT_ADMIN_ROLES=supabase_admin,service_role
 GOTRUE_JWT_AUD=authenticated
 GOTRUE_JWT_SECRET=my_jwt_secret_which_is_not_so_secret
