Skip to content

Commit dbc745e

Browse files
jfrochejfroche
committed
feat: deploy postgresql using system-manager
1 parent 1e498d8 commit dbc745e

File tree

12 files changed

+647
-26
lines changed

12 files changed

+647
-26
lines changed

ansible/tests/conftest.py

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -59,18 +59,21 @@ def _run_playbook(playbook_name, verbose=False):
5959
]
6060
if verbose:
6161
cmd.append("-vvv")
62-
cmd.extend([
63-
"-i",
64-
"localhost,",
65-
"--extra-vars",
66-
"@/flake/ansible/vars.yml",
67-
f"/flake/ansible/tests/{playbook_name}",
68-
])
62+
cmd.extend(
63+
[
64+
"-i",
65+
"localhost,",
66+
"--extra-vars",
67+
"@/flake/ansible/vars.yml",
68+
f"/flake/ansible/tests/{playbook_name}",
69+
]
70+
)
6971
result = host.run(" ".join(cmd))
7072
if result.failed:
7173
console.log(result.stdout)
7274
console.log(result.stderr)
7375
raise pytest.fail(
7476
f"Ansible playbook {playbook_name} failed with return code {result.rc}"
7577
)
78+
7679
return _run_playbook

ansible/tests/test_nix.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,5 +9,6 @@ def run_ansible(run_ansible_playbook):
99
def test_nix_service(host):
1010
assert host.service("nix-daemon.service").is_running
1111

12+
1213
def test_envoy_service(host):
1314
assert host.service("envoy.service").is_running

flake.lock

Lines changed: 4 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

flake.nix

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,8 @@
3333
inputs.nixpkgs.follows = "nixpkgs";
3434
};
3535
system-manager = {
36-
url = "github:numtide/system-manager";
36+
url = "github:numtide/system-manager/users";
37+
#url = "git+file:///home/jfroche/projects/numtide/system-manager/fix/return-tmpfile-error";
3738
inputs.nixpkgs.follows = "nixpkgs";
3839
};
3940
};

nix/checks.nix

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
psql_17 = self'.packages."psql_17/bin";
1414
psql_orioledb-17 = self'.packages."psql_orioledb-17/bin";
1515
pgroonga = self'.packages."psql_15/exts/pgroonga";
16-
inherit (self.supabase) defaults;
16+
inherit (self.supabase.postgres) defaults;
1717
};
1818
in
1919
{
@@ -206,7 +206,7 @@
206206
exit 1
207207
}
208208
for i in {1..60}; do
209-
if pg_isready -h ${self.supabase.defaults.host} -p ${pgPort}; then
209+
if pg_isready -h ${self.supabase.postgres.defaults.host} -p ${pgPort}; then
210210
echo "PostgreSQL is ready"
211211
break
212212
fi
@@ -220,16 +220,16 @@
220220
exit 1
221221
fi
222222
done
223-
createdb -p ${pgPort} -h ${self.supabase.defaults.host} --username=supabase_admin testing
224-
if ! psql -p ${pgPort} -h ${self.supabase.defaults.host} --username=supabase_admin -d testing -v ON_ERROR_STOP=1 -Xf ${./tests/prime.sql}; then
223+
createdb -p ${pgPort} -h ${self.supabase.postgres.defaults.host} --username=supabase_admin testing
224+
if ! psql -p ${pgPort} -h ${self.supabase.postgres.defaults.host} --username=supabase_admin -d testing -v ON_ERROR_STOP=1 -Xf ${./tests/prime.sql}; then
225225
echo "Error executing SQL file. PostgreSQL log content:"
226226
cat "$PGTAP_CLUSTER"/postgresql.log
227227
pg_ctl -D "$PGTAP_CLUSTER" stop
228228
exit 1
229229
fi
230230
SORTED_DIR=$(mktemp -d)
231231
for t in $(printf "%s\n" ${builtins.concatStringsSep " " sortedTestList}); do
232-
psql -p ${pgPort} -h ${self.supabase.defaults.host} --username=supabase_admin -d testing -f "${./tests/sql}/$t.sql" || true
232+
psql -p ${pgPort} -h ${self.supabase.postgres.defaults.host} --username=supabase_admin -d testing -f "${./tests/sql}/$t.sql" || true
233233
done
234234
rm -rf "$SORTED_DIR"
235235
pg_ctl -D "$PGTAP_CLUSTER" stop
@@ -244,7 +244,7 @@
244244
${start-postgres-server-bin}/bin/start-postgres-server ${getVersionArg pgpkg} --daemonize
245245
246246
for i in {1..60}; do
247-
if pg_isready -h ${self.supabase.defaults.host} -p ${pgPort} -U supabase_admin -q; then
247+
if pg_isready -h ${self.supabase.postgres.defaults.host} -p ${pgPort} -U supabase_admin -q; then
248248
echo "PostgreSQL is ready"
249249
break
250250
fi
@@ -255,7 +255,7 @@
255255
fi
256256
done
257257
258-
if ! psql -p ${pgPort} -h ${self.supabase.defaults.host} --no-password --username=supabase_admin -d postgres -v ON_ERROR_STOP=1 -Xf ${./tests/prime.sql}; then
258+
if ! psql -p ${pgPort} -h ${self.supabase.postgres.defaults.host} --no-password --username=supabase_admin -d postgres -v ON_ERROR_STOP=1 -Xf ${./tests/prime.sql}; then
259259
echo "Error executing SQL file"
260260
exit 1
261261
fi
@@ -266,7 +266,7 @@
266266
--dbname=postgres \
267267
--inputdir=${./tests} \
268268
--outputdir=$out/regression_output \
269-
--host=${self.supabase.defaults.host} \
269+
--host=${self.supabase.postgres.defaults.host} \
270270
--port=${pgPort} \
271271
--user=supabase_admin \
272272
${builtins.concatStringsSep " " sortedTestList}; then
@@ -276,7 +276,7 @@
276276
fi
277277
278278
echo "Running migrations tests"
279-
pg_prove -p ${pgPort} -U supabase_admin -h ${self.supabase.defaults.host} -d postgres -v ${../migrations/tests}/test.sql
279+
pg_prove -p ${pgPort} -U supabase_admin -h ${self.supabase.postgres.defaults.host} -d postgres -v ${../migrations/tests}/test.sql
280280
281281
# Copy logs to output
282282
for logfile in $(find /tmp -name postgresql.log -type f); do

nix/config.nix

Lines changed: 70 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,74 @@ let
1414
type = lib.types.str;
1515
default = "supabase_admin";
1616
};
17+
settings = lib.mkOption {
18+
type = lib.types.attrs;
19+
default = {
20+
authentication_timeout = "1min";
21+
"auto_explain.log_min_duration" = "10s";
22+
checkpoint_completion_target = "0.5";
23+
checkpoint_flush_after = "256kB";
24+
cluster_name = "main";
25+
"cron.database_name" = "postgres";
26+
default_text_search_config = "pg_catalog.english";
27+
effective_cache_size = "128MB";
28+
extra_float_digits = "0";
29+
include = "/etc/postgresql-custom/read-replica.conf";
30+
jit = "off";
31+
jit_provider = "llvmjit";
32+
lc_messages = "en_US.UTF-8";
33+
lc_monetary = "en_US.UTF-8";
34+
lc_numeric = "en_US.UTF-8";
35+
lc_time = "en_US.UTF-8";
36+
listen_addresses = "*";
37+
log_destination = "stderr";
38+
log_line_prefix = "%h %m [%p] %q%u@%d ";
39+
log_statement = "ddl";
40+
log_timezone = "UTC";
41+
max_replication_slots = "5";
42+
max_slot_wal_keep_size = "4096";
43+
max_wal_senders = "10";
44+
password_encryption = "scram-sha-256";
45+
port = 5432;
46+
row_security = "on";
47+
shared_buffers = "128MB";
48+
ssl = "off";
49+
ssl_ca_file = "";
50+
ssl_cert_file = "";
51+
ssl_ciphers = "HIGH:MEDIUM:+3DES:!aNULL";
52+
ssl_crl_dir = "";
53+
ssl_crl_file = "";
54+
ssl_dh_params_file = "";
55+
ssl_ecdh_curve = "prime256v1";
56+
ssl_key_file = "";
57+
ssl_max_protocol_version = "";
58+
ssl_min_protocol_version = "TLSv1.2";
59+
ssl_passphrase_command = "";
60+
ssl_passphrase_command_supports_reload = "off";
61+
ssl_prefer_server_ciphers = "on";
62+
timezone = "UTC";
63+
wal_level = "logical";
64+
};
65+
};
66+
authentication = lib.mkOption {
67+
type = lib.types.lines;
68+
default = ''
69+
# trust local connections
70+
local all supabase_admin scram-sha-256
71+
local all all peer map=supabase_map
72+
host all all 127.0.0.1/32 trust
73+
host all all ::1/128 trust
74+
75+
# IPv4 external connections
76+
host all all 10.0.0.0/8 scram-sha-256
77+
host all all 172.16.0.0/12 scram-sha-256
78+
host all all 192.168.0.0/16 scram-sha-256
79+
host all all 0.0.0.0/0 scram-sha-256
80+
81+
# IPv6 external connections
82+
host all all ::0/0 scram-sha-256
83+
'';
84+
};
1785
};
1886
};
1987
postgresqlVersion = lib.types.submodule {
@@ -24,7 +92,7 @@ let
2492
};
2593
supabaseSubmodule = lib.types.submodule {
2694
options = {
27-
defaults = lib.mkOption { type = postgresqlDefaults; };
95+
postgres.defaults = lib.mkOption { type = postgresqlDefaults; };
2896
supportedPostgresVersions = lib.mkOption {
2997
type = lib.types.attrsOf (lib.types.attrsOf postgresqlVersion);
3098
default = { };
@@ -38,7 +106,7 @@ in
38106
supabase = lib.mkOption { type = supabaseSubmodule; };
39107
};
40108
config.supabase = {
41-
defaults = { };
109+
postgres.defaults = { };
42110
supportedPostgresVersions = {
43111
postgres = {
44112
"15" = {

nix/packages/default.nix

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
psql_17 = self'.packages."psql_17/bin";
2525
psql_orioledb-17 = self'.packages."psql_orioledb-17/bin";
2626
pgroonga = self'.packages."psql_15/exts/pgroonga";
27-
inherit (self.supabase) defaults;
27+
inherit (self.supabase.postgres) defaults;
2828
};
2929
in
3030
{
@@ -35,7 +35,7 @@
3535
inherit (self'.packages) docker-image-ubuntu;
3636
};
3737
cleanup-ami = pkgs.callPackage ./cleanup-ami.nix { };
38-
dbmate-tool = pkgs.callPackage ./dbmate-tool.nix { inherit (self.supabase) defaults; };
38+
dbmate-tool = pkgs.callPackage ./dbmate-tool.nix { inherit (self.supabase.postgres) defaults; };
3939
docker-image-ubuntu = pkgs.callPackage ./docker-ubuntu.nix { };
4040
docs = pkgs.callPackage ./docs.nix { };
4141
supabase-groonga = pkgs.callPackage ./groonga { };
@@ -46,13 +46,14 @@
4646
pg-restore = pkgs.callPackage ./pg-restore.nix { psql_15 = self'.packages."psql_15/bin"; };
4747
pg_prove = pkgs.perlPackages.TAPParserSourceHandlerpgTAP;
4848
pg_regress = makePgRegress activeVersion;
49+
pgsodium_getkey_readonly = pkgs.callPackage ./pgsodium_getkey_readonly.nix { };
4950
run-testinfra = pkgs.callPackage ./run-testinfra.nix { };
5051
show-commands = pkgs.callPackage ./show-commands.nix { };
5152
start-client = pkgs.callPackage ./start-client.nix {
5253
psql_15 = self'.packages."psql_15/bin";
5354
psql_17 = self'.packages."psql_17/bin";
5455
psql_orioledb-17 = self'.packages."psql_orioledb-17/bin";
55-
inherit (self.supabase) defaults;
56+
inherit (self.supabase.postgres) defaults;
5657
};
5758
start-replica = pkgs.callPackage ./start-replica.nix {
5859
psql_15 = self'.packages."psql_15/bin";

nix/packages/pgsodium_getkey_readonly.nix

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
{
2+
coreutils,
3+
writeShellApplication,
4+
}:
5+
writeShellApplication {
6+
name = "pgsodium-getkey-readonly";
7+
runtimeInputs = [ coreutils ];
8+
text = ''
9+
KEY_FILE=/etc/postgresql-custom/pgsodium_root.key
10+
11+
# On the hosted platform, the root key is generated and managed for each project
12+
# If for some reason the key is missing, we want to fail loudly,
13+
# rather than generating a new one.
14+
if [[ ! -f "''${KEY_FILE}" ]]; then
15+
echo "Key file ''${KEY_FILE} does not exist." >&2
16+
exit 1
17+
fi
18+
cat "$KEY_FILE"
19+
'';
20+
}

nix/systemConfigs.nix

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,14 @@
11
{ self, inputs, ... }:
22
let
33
mkModules = system: [
4+
self.systemModules.postgres
45
({
56
services.nginx.enable = true;
67
nixpkgs.hostPlatform = system;
8+
supabase.services.postgres = {
9+
enable = true;
10+
package = self.packages.${system}."psql_17/bin";
11+
};
712
})
813
];
914

nix/systemModules/default.nix

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@
44
{
55
imports = [ ./tests ];
66
flake = {
7-
systemModules = { };
7+
systemModules = {
8+
postgres = ./postgres;
9+
};
810
};
911
}

0 commit comments

Comments
 (0)