(WIP) feat: deploy gotrue using system manager

Author: yvan-sraka

ansible/files/gotrue-optimizations.service.j2

@@ -13,7 +13,7 @@
           dest: "00-schema.sql",
         }
       - { source: "stat_extension.sql", dest: "01-extension.sql" }
-    
+
   environment:
     PATH: /usr/lib/postgresql/bin:{{ ansible_env.PATH }}
 
@@ -40,13 +40,6 @@
       import_tasks: tasks/setup-wal-g.yml
       when: debpkg_mode or nixpkg_mode or stage2_nix
 
-    - name: Install Gotrue
-      import_tasks: tasks/setup-gotrue.yml
-      tags:
-        - install-gotrue
-        - install-supabase-internal
-      when: debpkg_mode or nixpkg_mode
-  
     - name: Install PostgREST
       import_tasks: tasks/setup-postgrest.yml
       tags:
@@ -96,7 +89,7 @@
         src: files/apt_periodic
         dest: /etc/apt/apt.conf.d/10periodic
       when: debpkg_mode or nixpkg_mode
-      
+
     - name: Transfer init SQL files
       copy:
         src: files/{{ item.source }}
@@ -131,13 +124,13 @@
       tags:
         - install-supabase-internal
       when: debpkg_mode or stage2_nix
-      
+
     - name: Finalize AMI
       import_tasks: tasks/finalize-ami.yml
       tags:
         - install-supabase-internal
       when: debpkg_mode or nixpkg_mode
-      
+
     - name: Enhance fail2ban
       import_tasks: tasks/setup-fail2ban.yml
       when: debpkg_mode or nixpkg_mode
@@ -218,7 +211,7 @@
         systemctl stop postgresql.service
       when: stage2_nix
 
-    - name: Remove osquery    
+    - name: Remove osquery
       become: yes
       shell: |
         sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile remove osquery"

ansible/files/gotrue.service.j2

@@ -24,9 +24,6 @@ postgrest_release: "13.0.5"
 postgrest_arm_release_checksum: sha256:7b4eafdaf76bc43b57f603109d460a838f89f949adccd02f452ca339f9a0a0d4
 postgrest_x86_release_checksum: sha256:05be2bd48abee6c1691fc7c5d005023466c6989e41a4fc7d1302b8212adb88b5
 
-gotrue_release: 2.179.0
-gotrue_release_checksum: sha1:e985fce00b2720b747e6a04420910015c4967121
-
 aws_cli_release: "2.23.11"
 
 salt_minion_version: 3007

ansible/playbook.yml

@@ -33,8 +33,15 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
     system-manager = {
+      # FIXME: remove custom branch when this PR is merged:
+      # https://github.com/numtide/system-manager/pull/266
       url = "github:numtide/system-manager/users";
-      #url = "git+file:///home/jfroche/projects/numtide/system-manager/fix/return-tmpfile-error";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+    gotrue = {
+      # FIXME: remove custom fork when this PR is merged:
+      # https://github.com/supabase/auth/pull/2166
+      url = "github:yvan-sraka/auth";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };

ansible/tasks/setup-gotrue.yml

@@ -1,12 +1,19 @@
-{ self, inputs, ... }:
+{
+  self,
+  inputs,
+  ...
+}:
 let
   mkModules = system: [
+    self.systemModules.gotrue
     self.systemModules.postgres
+    inputs.gotrue.nixosModules.auth
     (
       { pkgs, ... }:
       {
         services.nginx.enable = true;
         nixpkgs.hostPlatform = system;
+        supabase.services.gotrue.enable = true;
         supabase.services.postgres = {
           enable = true;
           package = self.packages.${system}."psql_17/bin";

ansible/vars.yml

@@ -6,6 +6,7 @@
   flake = {
     systemModules = {
       postgres = ./postgres;
+      gotrue = ./gotrue.nix;
     };
   };
 }

flake.lock

@@ -0,0 +1,6 @@
+{ lib, ... }:
+{
+  options.networking.firewall = lib.mkOption {
+    type = lib.types.attrs;
+  };
+}