diff --git a/ansible/playbook.yml b/ansible/playbook.yml index bcd47ac9b..bfcc2dfb4 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -34,7 +34,7 @@ tags: - install-pgbouncer - install-supabase-internal - when: debpkg_mode or nixpkg_mode + when: debpkg_mode or nixpkg_mode or stage2_nix - name: Install WAL-G import_tasks: tasks/setup-wal-g.yml diff --git a/ansible/tasks/setup-nginx.yml b/ansible/tasks/setup-nginx.yml index 77fb7707a..476663141 100644 --- a/ansible/tasks/setup-nginx.yml +++ b/ansible/tasks/setup-nginx.yml @@ -5,6 +5,7 @@ - name: nginx - system dependencies apt: pkg: + - build-essential - openssl - libpcre3-dev - libssl-dev diff --git a/ansible/tasks/setup-pgbouncer.yml b/ansible/tasks/setup-pgbouncer.yml index 4381ba24d..a914fc425 100644 --- a/ansible/tasks/setup-pgbouncer.yml +++ b/ansible/tasks/setup-pgbouncer.yml @@ -1,52 +1,10 @@ -# PgBouncer -- name: PgBouncer - download & install dependencies - apt: - pkg: - - build-essential - - libssl-dev - - pkg-config - - libevent-dev - - libsystemd-dev - update_cache: yes - cache_valid_time: 3600 - -- name: PgBouncer - download latest release - get_url: - url: "https://www.pgbouncer.org/downloads/files/{{ pgbouncer_release }}/pgbouncer-{{ pgbouncer_release }}.tar.gz" - dest: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz - checksum: "{{ pgbouncer_release_checksum }}" - timeout: 60 - -- name: PgBouncer - unpack archive - unarchive: - remote_src: yes - src: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz - dest: /tmp - become: yes - -- name: PgBouncer - configure - shell: - cmd: "./configure --prefix=/usr/local --with-systemd" - chdir: /tmp/pgbouncer-{{ pgbouncer_release }} - become: yes - -- name: PgBouncer - build - make: - chdir: /tmp/pgbouncer-{{ pgbouncer_release }} - become: yes - -- name: PgBouncer - install - make: - chdir: /tmp/pgbouncer-{{ pgbouncer_release }} - target: install - become: yes - - name: Create pgbouncer user user: name: pgbouncer shell: /bin/false comment: PgBouncer user groups: postgres,ssl-cert + when: nixpkg_mode - name: PgBouncer - create a directory if it does not exist file: @@ -55,6 +13,7 @@ owner: pgbouncer group: pgbouncer mode: '0700' + when: nixpkg_mode - name: PgBouncer - create a directory if it does not exist file: @@ -65,6 +24,7 @@ mode: '0775' with_items: - '/etc/pgbouncer-custom' + when: nixpkg_mode - name: create placeholder config files file: @@ -77,6 +37,7 @@ - 'generated-optimizations.ini' - 'custom-overrides.ini' - 'ssl-config.ini' + when: nixpkg_mode - name: PgBouncer - adjust pgbouncer.ini copy: @@ -84,6 +45,7 @@ dest: /etc/pgbouncer/pgbouncer.ini owner: pgbouncer mode: '0700' + when: nixpkg_mode - name: PgBouncer - create a directory if it does not exist file: @@ -91,12 +53,14 @@ state: touch owner: pgbouncer mode: '0700' - + when: nixpkg_mode + - name: import /etc/tmpfiles.d/pgbouncer.conf template: src: files/pgbouncer_config/tmpfiles.d-pgbouncer.conf.j2 dest: /etc/tmpfiles.d/pgbouncer.conf become: yes + when: nixpkg_mode - name: PgBouncer - By default allow ssl connections. become: yes @@ -104,11 +68,13 @@ dest: /etc/pgbouncer-custom/ssl-config.ini content: | client_tls_sslmode = allow + when: nixpkg_mode - name: Grant pg_hba and pgbouncer grp perm for adminapi updates shell: | chmod g+w /etc/postgresql/pg_hba.conf chmod g+w /etc/pgbouncer-custom/ssl-config.ini + when: nixpkg_mode # Add fail2ban filter - name: import jail.d/pgbouncer.conf @@ -116,12 +82,14 @@ src: files/fail2ban_config/jail-pgbouncer.conf.j2 dest: /etc/fail2ban/jail.d/pgbouncer.conf become: yes + when: nixpkg_mode - name: import filter.d/pgbouncer.conf template: src: files/fail2ban_config/filter-pgbouncer.conf.j2 dest: /etc/fail2ban/filter.d/pgbouncer.conf become: yes + when: nixpkg_mode # Add systemd file for PgBouncer - name: PgBouncer - import postgresql.service @@ -129,7 +97,15 @@ src: files/pgbouncer_config/pgbouncer.service.j2 dest: /etc/systemd/system/pgbouncer.service become: yes + when: nixpkg_mode + +- name: install pgbouncer from supabase nix binary cache + become: yes + shell: | + sudo -u pgbouncer bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#pgbouncer" + when: stage2_nix - name: PgBouncer - reload systemd systemd: daemon_reload: yes + when: stage2_nix diff --git a/ansible/vars.yml b/ansible/vars.yml index a814ee494..5645020a4 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -14,8 +14,6 @@ postgres_release: postgres15: "15.8.1.077" # Non Postgres Extensions -pgbouncer_release: "1.19.0" -pgbouncer_release_checksum: sha256:af0b05e97d0e1fd9ad45fe00ea6d2a934c63075f67f7e2ccef2ca59e3d8ce682 # to get these use # wget https://github.com/PostgREST/postgrest/releases/download/v12.2.3/postgrest-v12.2.3-ubuntu-aarch64.tar.xz -q -O- | sha1sum diff --git a/docker/nix/build_nix.sh b/docker/nix/build_nix.sh index efaafbe89..99f8ab16b 100644 --- a/docker/nix/build_nix.sh +++ b/docker/nix/build_nix.sh @@ -11,6 +11,7 @@ SYSTEM=$(nix-instantiate --eval -E builtins.currentSystem | tr -d '"') nix build .#checks.$SYSTEM.psql_15 -L --no-link nix build .#checks.$SYSTEM.psql_orioledb-17 -L --no-link nix build .#checks.$SYSTEM.psql_17 -L --no-link +nix build .#pgbouncer -o pgbouncer -L nix build .#psql_15/bin -o psql_15 -L nix build .#psql_orioledb-17/bin -o psql_orioledb_17 -L nix build .#psql_17/bin -o psql_17 -L @@ -20,6 +21,7 @@ nix build .#wal-g-3 -o wal-g-3 -L # Copy to S3 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./wal-g-2 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./wal-g-3 +nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./pgbouncer nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_15 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_orioledb_17 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_17 diff --git a/flake.nix b/flake.nix index 519e89567..e87685598 100644 --- a/flake.nix +++ b/flake.nix @@ -84,9 +84,10 @@ }) ]; }; + mecab-naist-jdic = pkgs.callPackage ./nix/ext/mecab-naist-jdic/default.nix { }; + pgbouncer = pkgs.callPackage ./nix/pgbouncer.nix { }; sfcgal = pkgs.callPackage ./nix/ext/sfcgal/sfcgal.nix { }; supabase-groonga = pkgs.callPackage ./nix/supabase-groonga.nix { }; - mecab-naist-jdic = pkgs.callPackage ./nix/ext/mecab-naist-jdic/default.nix { }; inherit (pkgs.callPackage ./nix/wal-g.nix { }) wal-g-2 wal-g-3; # Our list of PostgreSQL extensions which come from upstream Nixpkgs. # These are maintained upstream and can easily be used here just by @@ -400,6 +401,7 @@ postgresql_orioledb-17 = getPostgresqlPackage "orioledb-17"; in postgresVersions // { + pgbouncer = pgbouncer; supabase-groonga = supabase-groonga; cargo-pgrx_0_11_3 = pkgs.cargo-pgrx.cargo-pgrx_0_11_3; cargo-pgrx_0_12_6 = pkgs.cargo-pgrx.cargo-pgrx_0_12_6; diff --git a/nix/pgbouncer.nix b/nix/pgbouncer.nix new file mode 100644 index 000000000..af6b31cd4 --- /dev/null +++ b/nix/pgbouncer.nix @@ -0,0 +1,46 @@ +{ + lib, + stdenv, + fetchurl, + openssl, + libevent, + c-ares, + pkg-config, + systemd, + nixosTests, +}: + +stdenv.mkDerivation rec { + pname = "pgbouncer"; + version = "1.24.1"; + + src = fetchurl { + url = "https://www.pgbouncer.org/downloads/files/${version}/${pname}-${version}.tar.gz"; + hash = "sha256-2nKjq6EwcodtBVo+WN1Kukpd5O1hSOcwMxhSRVmP0+A="; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ + libevent + openssl + c-ares + ] ++ lib.optional stdenv.hostPlatform.isLinux systemd; + enableParallelBuilding = true; + configureFlags = lib.optional stdenv.hostPlatform.isLinux "--with-systemd"; + + passthru.tests = { + pgbouncer = nixosTests.pgbouncer; + }; + + meta = with lib; { + homepage = "https://www.pgbouncer.org/"; + mainProgram = "pgbouncer"; + description = "Lightweight connection pooler for PostgreSQL"; + changelog = "https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_${ + replaceStrings [ "." ] [ "_" ] version + }"; + license = licenses.isc; + maintainers = with maintainers; [ _1000101 ]; + platforms = platforms.all; + }; +}