Skip to content

Commit b54556a

Browse files
yvan-srakayvan-sraka
committed
(WIP) feat: deploy gotrue using system manager
1 parent fc77a26 commit b54556a

File tree

11 files changed

+127
-125
lines changed

11 files changed

+127
-125
lines changed

ansible/files/gotrue-optimizations.service.j2

Lines changed: 0 additions & 12 deletions
This file was deleted.

ansible/files/gotrue.service.j2

Lines changed: 0 additions & 27 deletions
This file was deleted.

ansible/playbook.yml

Lines changed: 5 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
dest: "00-schema.sql",
1414
}
1515
- { source: "stat_extension.sql", dest: "01-extension.sql" }
16-
16+
1717
environment:
1818
PATH: /usr/lib/postgresql/bin:{{ ansible_env.PATH }}
1919

@@ -40,13 +40,6 @@
4040
import_tasks: tasks/setup-wal-g.yml
4141
when: debpkg_mode or nixpkg_mode or stage2_nix
4242

43-
- name: Install Gotrue
44-
import_tasks: tasks/setup-gotrue.yml
45-
tags:
46-
- install-gotrue
47-
- install-supabase-internal
48-
when: debpkg_mode or nixpkg_mode
49-
5043
- name: Install PostgREST
5144
import_tasks: tasks/setup-postgrest.yml
5245
tags:
@@ -96,7 +89,7 @@
9689
src: files/apt_periodic
9790
dest: /etc/apt/apt.conf.d/10periodic
9891
when: debpkg_mode or nixpkg_mode
99-
92+
10093
- name: Transfer init SQL files
10194
copy:
10295
src: files/{{ item.source }}
@@ -131,13 +124,13 @@
131124
tags:
132125
- install-supabase-internal
133126
when: debpkg_mode or stage2_nix
134-
127+
135128
- name: Finalize AMI
136129
import_tasks: tasks/finalize-ami.yml
137130
tags:
138131
- install-supabase-internal
139132
when: debpkg_mode or nixpkg_mode
140-
133+
141134
- name: Enhance fail2ban
142135
import_tasks: tasks/setup-fail2ban.yml
143136
when: debpkg_mode or nixpkg_mode
@@ -218,7 +211,7 @@
218211
systemctl stop postgresql.service
219212
when: stage2_nix
220213

221-
- name: Remove osquery
214+
- name: Remove osquery
222215
become: yes
223216
shell: |
224217
sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile remove osquery"

ansible/tasks/setup-gotrue.yml

Lines changed: 0 additions & 66 deletions
This file was deleted.

ansible/vars.yml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,6 @@ postgrest_release: "13.0.5"
2424
postgrest_arm_release_checksum: sha256:7b4eafdaf76bc43b57f603109d460a838f89f949adccd02f452ca339f9a0a0d4
2525
postgrest_x86_release_checksum: sha256:05be2bd48abee6c1691fc7c5d005023466c6989e41a4fc7d1302b8212adb88b5
2626

27-
gotrue_release: 2.179.0
28-
gotrue_release_checksum: sha1:e985fce00b2720b747e6a04420910015c4967121
29-
3027
aws_cli_release: "2.23.11"
3128

3229
salt_minion_version: 3007

flake.lock

Lines changed: 59 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

flake.nix

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,15 @@
3333
inputs.nixpkgs.follows = "nixpkgs";
3434
};
3535
system-manager = {
36-
url = "github:numtide/system-manager";
36+
# FIXME: remove custom branch when this PR is merged:
37+
# https://github.com/numtide/system-manager/pull/266
38+
url = "github:numtide/system-manager/users";
39+
inputs.nixpkgs.follows = "nixpkgs";
40+
};
41+
gotrue = {
42+
# FIXME: remove custom fork when this PR is merged:
43+
# https://github.com/supabase/auth/pull/2166
44+
url = "github:yvan-sraka/auth";
3745
inputs.nixpkgs.follows = "nixpkgs";
3846
};
3947
};

nix/systemConfigs.nix

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,11 @@
11
{ self, inputs, ... }:
22
let
33
mkModules = system: [
4+
self.systemModules.gotrue
45
({
56
services.nginx.enable = true;
67
nixpkgs.hostPlatform = system;
8+
supabase.services.gotrue.enable = true;
79
})
810
];
911

nix/systemModules/default.nix

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@
44
{
55
imports = [ ./tests ];
66
flake = {
7-
systemModules = { };
7+
systemModules = {
8+
gotrue = ./gotrue.nix;
9+
};
810
};
911
}

nix/systemModules/gotrue.nix

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
{
2+
lib,
3+
config,
4+
...
5+
}:
6+
let
7+
cfg = config.supabase.services.gotrue;
8+
in
9+
{
10+
options = {
11+
supabase.services.gotrue = {
12+
enable = lib.mkEnableOption "Supabase (gotrue) authentication service";
13+
};
14+
};
15+
16+
config = lib.mkIf cfg.enable {
17+
self.inputs.gotrue.module.enable = true;
18+
19+
# TODO: supabase-admin-api haven't been turned into a system-manager module yet:
20+
#
21+
# systemd.services.gotrue-optimizations = {
22+
# description = "gotrue (auth) optimizations";
23+
# wantedBy = [ "gotrue.service" ];
24+
# serviceConfig = {
25+
# Type = "oneshot";
26+
# # we don't want failures from this command to cause PG startup to fail
27+
# ExecStart = "/bin/bash -c '/opt/supabase-admin-api optimize auth --destination-config-file-path /etc/gotrue/gotrue.generated.env ; exit 0'";
28+
# ExecStartPost = "/bin/bash -c 'cp -a /etc/gotrue/gotrue.generated.env /etc/auth.d/20_generated.env ; exit 0'";
29+
# User = "postgrest";
30+
# };
31+
# };
32+
33+
# TODO: that's what the activation script was doing:
34+
# cp $out/etc/auth.env /etc/auth.d/20_generated.env
35+
# chown gotrue:gotrue /etc/auth.d/20_generated.env
36+
# chmod 600 /etc/auth.d/20_generated.env
37+
};
38+
}

0 commit comments

Comments
 (0)