Skip to content

supabase/postgres v0.12.0 #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 25 commits into from
May 15, 2020
Merged

supabase/postgres v0.12.0 #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
1482ebd
Merge pull request #6 from supabase/master
kiwicopple Apr 29, 2020
c954e9a
Final spelling
kiwicopple Apr 29, 2020
ca0ff49
Update README.md
kiwicopple Apr 29, 2020
338380f
supabase/postgres Docker version
dragarcia Apr 30, 2020
8b5dfed
adding replication slots and wal senders
awalias May 1, 2020
042d542
Update README.md
kiwicopple May 4, 2020
5091af2
added pg replication slots to ansible playbook
awalias May 4, 2020
554c090
Merge branch 'develop' of https://github.com/supabase/postgres into d…
awalias May 4, 2020
1f4c869
Standardising max_wal_senders value
dragarcia May 5, 2020
fd2c7f2
Putting a tick on setting up of max_replications_slots on README.md
dragarcia May 5, 2020
9416c3d
Docker solution to readonly user # 11
dragarcia May 5, 2020
a5cdffb
Docker solution to plpython #9
dragarcia May 5, 2020
d676a68
Docker solution to plv8 #8
dragarcia May 5, 2020
7e6f809
Packer solution to plpython #9
dragarcia May 5, 2020
da5a477
Packer solution for readonly user #11
dragarcia May 5, 2020
f94eb15
Packer solution to plv8 #8
dragarcia May 7, 2020
a97b00c
Docker solution now runs r3.0alpha version of v8 as well #8
dragarcia May 7, 2020
4a05f08
Update README.md
dragarcia May 7, 2020
424eeb8
Making sure ansible works for DO & AWS
dragarcia May 12, 2020
c0d9388
AWS marketplace approved configuration
dragarcia May 12, 2020
0683793
Cleanup: delete unnecessary files
dragarcia May 15, 2020
63d368c
Docker: Add pgAudit
dragarcia May 15, 2020
b7c2e0a
#15 Ansible: adding security updates & pgAudit
dragarcia May 15, 2020
a4d5ddb
0.12.0
dragarcia May 15, 2020
86878e8
Merge branch 'master' into develop
dragarcia May 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions amazon.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,20 @@
"aws_access_key": "",
"aws_secret_key": "",
"region": "",
"ami": "",
"name": ""
},
"builders": [{
"type": "amazon-ebs",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "{{user `region`}}",
"source_ami": "ami-0f7719e8b7ba25c61",
"instance_type": "t2.micro",
"source_ami": "{{user `ami`}}",
"instance_type": "t2.large",
"ssh_username": "ubuntu",
"ami_name": "{{user `name`}}",
"launch_block_device_mappings": [{
"device_name": "/dev/sda1",
"encrypted": true,
"kms_key_id": "44e7e739-21f1-4678-829e-d1ac63d121b4",
"iops": 400,
"volume_type": "io1",
"volume_size": 8,
Expand All @@ -35,6 +34,7 @@
"type": "shell",
"scripts": [
"scripts/01-test",
"scripts/02-credentials_cleanup.sh",
"scripts/90-cleanup.sh",
"scripts/91-log_cleanup.sh",
"scripts/99-img_check.sh"
Expand Down
77 changes: 0 additions & 77 deletions ansible/files/ACCC4CF8.asc
View file
Open in desktop

This file was deleted.

4 changes: 4 additions & 0 deletions ansible/files/apt_periodic
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
7 changes: 0 additions & 7 deletions ansible/files/kong.conf.j2
View file
Open in desktop

This file was deleted.

20 changes: 0 additions & 20 deletions ansible/files/kong.service.j2
View file
Open in desktop

This file was deleted.

5 changes: 0 additions & 5 deletions ansible/files/postgresql.service.j2
View file
Open in desktop

This file was deleted.

17 changes: 0 additions & 17 deletions ansible/files/postgrest.service.j2
View file
Open in desktop

This file was deleted.

24 changes: 0 additions & 24 deletions ansible/files/supabase.service.j2
View file
Open in desktop

This file was deleted.

12 changes: 5 additions & 7 deletions ansible/playbook.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,12 @@
file:
path: /tmp/00-schema.sql
state: absent

- name: Set up password for superadmin postgres
become: yes
become_user: postgres
postgresql_user:
name: postgres
password: "{{ postgres_superadmin_password }}"

- name: Adjust APT update intervals
copy:
src: files/apt_periodic
dest: /etc/apt/apt.conf.d/10periodic

- name: UFW - Allow SSH connections
ufw:
rule: allow
Expand Down
32 changes: 31 additions & 1 deletion ansible/tasks/setup-extensions.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,44 @@
update_cache: yes
cache_valid_time: 3600

- name: pgAudit - download & install dependencies
apt:
pkg:
- postgresql-server-dev-12
- libssl-dev
- libkrb5-dev
update_cache: yes
install_recommends: no

- name: pgAudit - download latest release
git:
repo: https://github.com/pgaudit/pgaudit.git
dest: /tmp/pgaudit
become: yes

- name: pgAudit - build
make:
chdir: /tmp/pgaudit
target: check
params:
USE_PGXS: 1
become: yes

- name: pgAudit - install
make:
chdir: /tmp/pgaudit
target: install
params:
USE_PGXS: 1
become: yes

- name: plv8 - download & install dependencies
apt:
pkg:
- build-essential
- ca-certificates
- curl
- git-core
- python
- gpp
- cpp
- pkg-config
Expand Down
17 changes: 16 additions & 1 deletion ansible/tasks/setup-system.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,30 @@
apt: update_cache=yes upgrade=yes
# SEE http://archive.vn/DKJjs#parameter-upgrade

- name: add universe repository for bionic
apt_repository:
repo: deb http://archive.ubuntu.com/ubuntu bionic universe
state: present

- name: Install essentials
apt:
pkg:
- ufw
- fail2ban
- unattended-upgrades
- python3
- python3-pip
update_cache: yes
cache_valid_time: 3600

- name: Adjust APT update intervals
copy:
src: files/apt_periodic
dest: /etc/apt/apt.conf.d/10periodic

- name: Install psycopg2 to enable ansible postgreSQL features
pip: name=psycopg2-binary
pip:
name: psycopg2-binary

- name: System - Create services.slice
template:
Expand Down
12 changes: 8 additions & 4 deletions ansible/vars.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,16 @@ postgresql_ext_install_dev_headers: yes
# Warning: Make sure the postgresql & postgis versions are compatible with one another
postgresql_ext_postgis_version: 3

postgresql_shared_preload_libraries: [pg_stat_statements]
postgresql_shared_preload_libraries: [pg_stat_statements, pgaudit]

postgresql_pg_hba_custom:
- {type: "host", database: "all", user: "all", address: "0.0.0.0/0", method: "md5" }

postgres_superadmin_password: "a1b2c3d4e5f6g7"

pgtap_release: v1.1.0
pgtap_release_checksum: sha1:cca57708e723de18735a723b774577dc52f6f31e
pgtap_release_checksum: sha1:cca57708e723de18735a723b774577dc52f6f31e

postgresql_log_destination: "csvlog"
postgresql_logging_collector: on
postgresql_log_filename: "postgresql.log"
postgresql_log_rotation_age: 0
postgresql_log_rotation_size: 0
2 changes: 1 addition & 1 deletion digitalOcean.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"region": "{{user `region`}}",
"size": "s-1vcpu-1gb",
"ssh_username": "root",
"snapshot_name": "supabase-postgresql-0.0.11"
"snapshot_name": "supabase-postgresql-0.12.0"
}],
"provisioners": [
{
Expand Down
14 changes: 14 additions & 0 deletions docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,20 @@ RUN git clone git://github.com/theory/pgtap.git \
RUN apt-get update \
&& apt-get install postgresql-plpython3-12 -y

# install pgAudit
RUN pgAuditDependencies="postgresql-server-dev-$PG_MAJOR \
libssl-dev \
libkrb5-dev \
git-core" \
&& apt-get update \
&& apt-get install -y --no-install-recommends ${pgAuditDependencies} \
&& cd /tmp \
&& git clone https://github.com/pgaudit/pgaudit.git \
&& cd pgaudit \
&& git checkout master \
&& make check USE_PGXS=1 \
&& make install USE_PGXS=1

# install plv8
ENV PLV8_VERSION=r3.0alpha

Expand Down
7 changes: 6 additions & 1 deletion docker/mnt/init-permissions.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,14 @@
set -e

echo "host replication $POSTGRES_USER 0.0.0.0/0 trust" >> $PGDATA/pg_hba.conf
echo "shared_preload_libraries = 'pg_stat_statements'" >> $PGDATA/postgresql.conf
echo "shared_preload_libraries = 'pg_stat_statements, pgaudit'" >> $PGDATA/postgresql.conf
echo "pg_stat_statements.max = 10000" >> $PGDATA/postgresql.conf
echo "pg_stat_statements.track = all" >> $PGDATA/postgresql.conf
echo "wal_level=logical" >> $PGDATA/postgresql.conf
echo "max_replication_slots=5" >> $PGDATA/postgresql.conf
echo "max_wal_senders=10" >> $PGDATA/postgresql.conf
echo "log_destination='csvlog'" >> $PGDATA/postgresql.conf
echo "logging_collector=on" >> $PGDATA/postgresql.conf
echo "log_filename='postgresql.log'" >> $PGDATA/postgresql.conf
echo "log_rotation_age=0" >> $PGDATA/postgresql.conf
echo "log_rotation_size=0" >> $PGDATA/postgresql.conf
1 change: 1 addition & 0 deletions scripts/02-credentials_cleanup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
sudo rm /home/ubuntu/.ssh/authorized_keys