- hosts: all become: yes pre_tasks: - import_tasks: tasks/setup-system.yml vars_files: - ./vars.yml vars: sql_files: - { source: "pgbouncer_config/pgbouncer_auth_schema.sql", dest: "00-schema.sql", } - { source: "stat_extension.sql", dest: "01-extension.sql" } environment: PATH: /usr/lib/postgresql/bin:{{ ansible_env.PATH }} tasks: - set_fact: supabase_internal: true tags: - install-supabase-internal - set_fact: parallel_jobs: 16 - name: Install Postgres from source import_tasks: tasks/setup-postgres.yml - name: Install PgBouncer import_tasks: tasks/setup-pgbouncer.yml tags: - install-pgbouncer - install-supabase-internal when: debpkg_mode or nixpkg_mode - name: Install WAL-G import_tasks: tasks/setup-wal-g.yml when: debpkg_mode or nixpkg_mode - name: Install Gotrue import_tasks: tasks/setup-gotrue.yml tags: - install-gotrue - install-supabase-internal when: debpkg_mode or nixpkg_mode - name: Install PostgREST import_tasks: tasks/setup-postgrest.yml tags: - install-postgrest - install-supabase-internal when: debpkg_mode or nixpkg_mode - name: Install Envoy import_tasks: tasks/setup-envoy.yml tags: - install-supabase-internal when: debpkg_mode or nixpkg_mode - name: Install Kong import_tasks: tasks/setup-kong.yml tags: - install-supabase-internal when: debpkg_mode or nixpkg_mode - name: Install nginx import_tasks: tasks/setup-nginx.yml tags: - install-supabase-internal when: debpkg_mode or nixpkg_mode - name: Install Supabase specific content import_tasks: tasks/setup-supabase-internal.yml tags: - install-supabase-internal when: debpkg_mode or nixpkg_mode - name: Fix IPv6 NDisc issues import_tasks: tasks/fix_ipv6_ndisc.yml tags: - install-supabase-internal when: debpkg_mode or nixpkg_mode - name: Start Postgres Database without Systemd become: yes become_user: postgres shell: cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data start when: debpkg_mode - name: Adjust APT update intervals copy: src: files/apt_periodic dest: /etc/apt/apt.conf.d/10periodic when: debpkg_mode or nixpkg_mode - name: Transfer init SQL files copy: src: files/{{ item.source }} dest: /tmp/{{ item.dest }} loop: "{{ sql_files }}" when: debpkg_mode or stage2_nix - name: Create postgres role become: yes become_user: postgres shell: cmd: /usr/lib/postgresql/bin/psql --username=supabase_admin -d postgres -c "create role postgres superuser login; alter database postgres owner to postgres;" when: debpkg_mode or stage2_nix - name: Execute init SQL files become: yes become_user: postgres shell: cmd: /usr/lib/postgresql/bin/psql -f /tmp/{{ item.dest }} loop: "{{ sql_files }}" when: debpkg_mode or stage2_nix - name: Delete SQL scripts file: path: /tmp/{{ item.dest }} state: absent loop: "{{ sql_files }}" when: debpkg_mode or stage2_nix - name: First boot optimizations import_tasks: tasks/internal/optimizations.yml tags: - install-supabase-internal when: debpkg_mode or stage2_nix - name: Finalize AMI import_tasks: tasks/finalize-ami.yml tags: - install-supabase-internal when: debpkg_mode or nixpkg_mode - name: Enhance fail2ban import_tasks: tasks/setup-fail2ban.yml when: debpkg_mode or nixpkg_mode # Install EC2 instance connect # Only for AWS images - name: install EC2 instance connect become: yes apt: pkg: - ec2-instance-connect tags: - aws-only when: qemu_mode is undefined # Install this at the end to prevent it from kicking in during the apt process, causing conflicts - name: Install security tools become: yes apt: pkg: - unattended-upgrades update_cache: yes cache_valid_time: 3600 - name: Clean out build dependencies import_tasks: tasks/clean-build-dependencies.yml - name: Restart Postgres Database without Systemd become: yes become_user: postgres shell: cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data restart -o "-c shared_preload_libraries='pg_tle'" when: debpkg_mode - name: Run migrations import_tasks: tasks/setup-migrations.yml tags: - migrations when: debpkg_mode or stage2_nix - name: Stop Postgres Database without Systemd become: yes become_user: postgres shell: cmd: /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data stop when: debpkg_mode - name: Run unit tests import_tasks: tasks/test-image.yml tags: - unit-tests when: debpkg_mode or stage2_nix - name: Collect Postgres binaries import_tasks: tasks/internal/collect-pg-binaries.yml tags: - collect-binaries when: debpkg_mode - name: Install osquery from nixpkgs binary cache become: yes shell: | apt autoremove -y --purge snapd when: stage2_nix - name: Install osquery from nixpkgs binary cache become: yes shell: | sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:nixos/nixpkgs/f98ec4f73c762223d62bee706726138cb6ea27cc#osquery" when: stage2_nix - name: Run osquery permission checks become: yes shell: | sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && /usr/bin/python3 /tmp/ansible-playbook/ansible/files/permission_check.py {{ '--qemu' if qemu_mode is defined else '' }}" when: stage2_nix - name: Remove osquery become: yes shell: | sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile remove osquery" when: stage2_nix - name: nix collect garbage become: yes shell: | sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix-collect-garbage -d" when: stage2_nix