supabase · jchancojr · Oct 29, 2025 · Oct 29, 2025 · Oct 29, 2025 · Oct 29, 2025
@@ -0,0 +1,8 @@
+[global]
+# process-max = 1
+
+[archive-get]
+# process-max = 1
+
+[archive-push]
+# process-max = 1
@@ -0,0 +1,17 @@
+[global]
+archive-async = n
+archive-copy = y
+backup-standby = prefer
+compress-type = zst
+delta = y
+expire-auto = n
+link-all = y
+log-level-console = info
+log-level-file = detail
+log-subprocess = y
+resume = n
+start-fast = y
+[supabase]
+pg1-path = /var/lib/postgresql/data
+pg1-socket-path = /run/postgresql
+pg1-user = supabase_admin
@@ -0,0 +1,14 @@
+[supabase]
+repo1-block = y
+repo1-bundle = y
+# repo1-path = <foo>
+repo1-retention-diff = 1
+repo1-retention-full = 28
+repo1-retention-full-type = time
+repo1-retention-history = 0
+# repo1-s3-bucket= <foo>
+# repo1-s3-endpoint= <foo>
+repo1-s3-key-type = auto
+# repo1-s3-region = <foo>
+repo1-storage-upload-chunk-size = 10MiB
+repo1-type = s3
@@ -0,0 +1,2 @@
+[supabase]
+# archive-async = y
@@ -0,0 +1,3 @@
+[supabase]
+# repo-cipher-pass = {{ generated pass }}
+# repo-cipher-type = aes-256-cbc
@@ -40,6 +40,10 @@
       import_tasks: tasks/setup-wal-g.yml
       when: debpkg_mode or nixpkg_mode or stage2_nix
 
+    - name: Install pgBackRest
+      import_tasks: tasks/setup-pgbackrest.yml
+      when: debpkg_mode or nixpkg_mode or stage2_nix
+
     - name: Install Gotrue
       import_tasks: tasks/setup-gotrue.yml
       tags:

@@ -0,0 +1,82 @@
+- name: Create pgBackRest group
+  ansible.builtin.group:
+    name: pgbackrest
+    state: present
+  when: nixpkg_mode
+
+- name: Create pgBackRest user
+  ansible.builtin.user:
+    comment: pgBackRest user
+    group: pgbackrest
+    groups: pgbackrest, postgres
+    home: /var/lib/pgbackrest
+    name: pgbackrest
+    shell: /sbin/nologin
+    system: true
+  when: nixpkg_mode
+
+- name: Install pgBackRest
+  become: true
+  become_user: pgbackrest
+  ansible.builtin.shell: |
+    sudo -u pgbackrest bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#pg-backrest"
+  changed_when: true
+  when: stage2_nix
+
+- name: Create needed directories for pgBackRest
+  ansible.legacy.file:
+    group: postgres
+    mode: '0770'
+    owner: pgbackrest
+    path: "{{ backrest_dir }}"
+    state: directory
+  loop:
+    - /etc/pgbackrest/conf.d
+    - /var/lib/pgbackrest
+    - /var/spool/pgbackrest
+    - /var/log/pgbackrest
+  loop_control:
+    loop_var: backrest_dir
+  when: nixpkg_mode
+
+- name: Symlink pgbackrest.conf
+  ansible.legacy.file:
+    force: true
+    path: /etc/pgbackrest/pgbackrest.conf
+    src: /etc/pgbackrest.conf
+    state: link
+
+- name: Move pgBackRest files to /etc/pgbackrest
+  ansible.legacy.copy:
+    group: postgres
+    dest: "/etc/pgbackrest/{{ conf_item['path'] }}/{{ conf_item['name'] }}"
+    mode: '0644'
+    owner: pgbackrest
+    src: "files/pgbackrest_config/{{ conf_item['name'] }}"
+  loop:
+    - {name: computed_globals.conf, path: conf.d}
+    - {name: pgbackrest.conf, path: ''}
+    - {name: repo1_async.conf, path: conf.d}
+    - {name: repo1_encrypted.conf, path: conf.d}
+    - {name: repo1.conf, path: conf.d}
+  loop_control:
+    loop_var: conf_item
+  when: stage2_nix
+
+- name: Configure sudoers for pgBackRest
+  ansible.builtin.lineinfile:
+    create: yes
+    line: 'postgres ALL=(pgbackrest) NOPASSWD: /var/lib/pgbackrest/.nix-profile/bin/pgbackrest'
+    mode: '0440'
+    path: '/etc/sudoers.d/pgbackrest'
+    validate: 'visudo -cf %s'
+
+- name: Create pgBackRest wrapper script
+  ansible.builtin.copy:
+    content: |
+      #!/bin/bash
+      exec sudo -u pgbackrest /var/lib/pgbackrest/.nix-profile/bin/pgbackrest "$@"
+    dest: '/usr/bin/pgbackrest'
+    group: 'root'
+    mode: '0755'
+    owner: 'root'