hailin
/
chatai
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
chatai/postgres_15.8.1.044/ansible/playbook.yml

230 lines
6.4 KiB
YAML
Raw Permalink Blame History

- hosts: all
become: yes
pre_tasks:
- import_tasks: tasks/setup-system.yml
vars_files:
- ./vars.yml
vars:
sql_files:
- {
source: "pgbouncer_config/pgbouncer_auth_schema.sql",
dest: "00-schema.sql",
}
- { source: "stat_extension.sql", dest: "01-extension.sql" }
environment:
PATH: /usr/lib/postgresql/bin:{{ ansible_env.PATH }}
tasks:
- set_fact:
supabase_internal: true
tags:
- install-supabase-internal
- set_fact:
parallel_jobs: 16
- name: Install Postgres from source
import_tasks: tasks/setup-postgres.yml
- name: Install PgBouncer
import_tasks: tasks/setup-pgbouncer.yml
tags:
- install-pgbouncer
- install-supabase-internal
when: debpkg_mode or nixpkg_mode
- name: Install WAL-G
import_tasks: tasks/setup-wal-g.yml
when: debpkg_mode or nixpkg_mode
- name: Install Gotrue
import_tasks: tasks/setup-gotrue.yml
tags:
- install-gotrue
- install-supabase-internal
when: debpkg_mode or nixpkg_mode
- name: Install PostgREST
import_tasks: tasks/setup-postgrest.yml
tags:
- install-postgrest
- install-supabase-internal
when: debpkg_mode or nixpkg_mode
- name: Install Envoy
import_tasks: tasks/setup-envoy.yml
tags:
- install-supabase-internal
when: debpkg_mode or nixpkg_mode
- name: Install Kong
import_tasks: tasks/setup-kong.yml
tags:
- install-supabase-internal
when: debpkg_mode or nixpkg_mode
- name: Install nginx
import_tasks: tasks/setup-nginx.yml
tags:
- install-supabase-internal
when: debpkg_mode or nixpkg_mode
- name: Install Supabase specific content
import_tasks: tasks/setup-supabase-internal.yml
tags:
- install-supabase-internal
when: debpkg_mode or nixpkg_mode
- name: Fix IPv6 NDisc issues
import_tasks: tasks/fix_ipv6_ndisc.yml
tags:
- install-supabase-internal
when: debpkg_mode or nixpkg_mode
- name: Start Postgres Database without Systemd
become: yes
become_user: postgres
shell:
cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data start
when: debpkg_mode
- name: Adjust APT update intervals
copy:
src: files/apt_periodic
dest: /etc/apt/apt.conf.d/10periodic
when: debpkg_mode or nixpkg_mode
- name: Transfer init SQL files
copy:
src: files/{{ item.source }}
dest: /tmp/{{ item.dest }}
loop: "{{ sql_files }}"
when: debpkg_mode or stage2_nix
- name: Create postgres role
become: yes
become_user: postgres
shell:
cmd: /usr/lib/postgresql/bin/psql --username=supabase_admin -d postgres -c "create role postgres superuser login; alter database postgres owner to postgres;"
when: debpkg_mode or stage2_nix
- name: Execute init SQL files
become: yes
become_user: postgres
shell:
cmd: /usr/lib/postgresql/bin/psql -f /tmp/{{ item.dest }}
loop: "{{ sql_files }}"
when: debpkg_mode or stage2_nix
- name: Delete SQL scripts
file:
path: /tmp/{{ item.dest }}
state: absent
loop: "{{ sql_files }}"
when: debpkg_mode or stage2_nix
- name: First boot optimizations
import_tasks: tasks/internal/optimizations.yml
tags:
- install-supabase-internal
when: debpkg_mode or stage2_nix
- name: Finalize AMI
import_tasks: tasks/finalize-ami.yml
tags:
- install-supabase-internal
when: debpkg_mode or nixpkg_mode
- name: Enhance fail2ban
import_tasks: tasks/setup-fail2ban.yml
when: debpkg_mode or nixpkg_mode
# Install EC2 instance connect
# Only for AWS images
- name: install EC2 instance connect
become: yes
apt:
pkg:
- ec2-instance-connect
tags:
- aws-only
when: qemu_mode is undefined
# Install this at the end to prevent it from kicking in during the apt process, causing conflicts
- name: Install security tools
become: yes
apt:
pkg:
- unattended-upgrades
update_cache: yes
cache_valid_time: 3600
- name: Clean out build dependencies
import_tasks: tasks/clean-build-dependencies.yml
- name: Restart Postgres Database without Systemd
become: yes
become_user: postgres
shell:
cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data restart -o "-c shared_preload_libraries='pg_tle'"
when: debpkg_mode
- name: Run migrations
import_tasks: tasks/setup-migrations.yml
tags:
- migrations
when: debpkg_mode or stage2_nix
- name: Stop Postgres Database without Systemd
become: yes
become_user: postgres
shell:
cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data stop
when: debpkg_mode
- name: Run unit tests
import_tasks: tasks/test-image.yml
tags:
- unit-tests
when: debpkg_mode or stage2_nix
- name: Collect Postgres binaries
import_tasks: tasks/internal/collect-pg-binaries.yml
tags:
- collect-binaries
when: debpkg_mode
- name: Install osquery from nixpkgs binary cache
become: yes
shell: |
apt autoremove -y --purge snapd
when: stage2_nix
- name: Install osquery from nixpkgs binary cache
become: yes
shell: |
sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:nixos/nixpkgs/f98ec4f73c762223d62bee706726138cb6ea27cc#osquery"
when: stage2_nix
- name: Run osquery permission checks
become: yes
shell: |
sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && /usr/bin/python3 /tmp/ansible-playbook/ansible/files/permission_check.py {{ '--qemu' if qemu_mode is defined else '' }}"
when: stage2_nix
- name: Remove osquery
become: yes
shell: |
sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile remove osquery"
when: stage2_nix
- name: nix collect garbage
become: yes
shell: |
sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix-collect-garbage -d"
when: stage2_nix
Reference in New Issue View Git Blame Copy Permalink