supabase · darora · Jan 9, 2024 · Oct 13, 2023 · Oct 13, 2023 · Oct 24, 2023
@@ -243,7 +243,8 @@ build {
       "DOCKER_USER=${var.docker_user}",
       "DOCKER_PASSWD=${var.docker_passwd}",
       "DOCKER_IMAGE=${var.docker_image}",
-      "DOCKER_IMAGE_TAG=${var.docker_image_tag}"
+      "DOCKER_IMAGE_TAG=${var.docker_image_tag}",
+      "POSTGRES_SUPABASE_VERSION=${var.postgres-version}"
     ]
     use_env_var_file = true
     script = "ebssurrogate/scripts/surrogate-bootstrap.sh"

@@ -3,8 +3,9 @@ resources:
     name: http_listener
     address:
       socket_address:
-        address: 0.0.0.0
+        address: '::'
         port_value: 80
+        ipv4_compat: true
     filter_chains:
       - filters: &ref_1
           - name: envoy.filters.network.http_connection_manager
@@ -295,8 +296,9 @@ resources:
     name: https_listener
     address:
       socket_address:
-        address: 0.0.0.0
+        address: '::'
         port_value: 443
+        ipv4_compat: true
     filter_chains:
       - filters: *ref_1
         transport_socket:

@@ -4,4 +4,4 @@ declarative_config = /etc/kong/kong.yml
 # plugins defined in the dockerfile
 plugins = request-transformer,cors,key-auth,http-log
 
-proxy_listen = 0.0.0.0:80 reuseport backlog=16384, 0.0.0.0:443 http2 ssl reuseport backlog=16834
+proxy_listen = 0.0.0.0:80 reuseport backlog=16384, 0.0.0.0:443 http2 ssl reuseport backlog=16834, [::]:80 reuseport backlog=16384, [::]:443 http2 ssl reuseport backlog=16384
@@ -51,7 +51,7 @@ pidfile = /var/run/pgbouncer/pgbouncer.pid
 ;;;
 
 ;; IP address or * which means all IPs
-listen_addr = 0.0.0.0
+listen_addr = *
 listen_port = 6543
 
 ;; Unix socket is also used for -R.

@@ -89,3 +89,6 @@ host  all  all  10.0.0.0/8  scram-sha-256
 host  all  all  172.16.0.0/12  scram-sha-256
 host  all  all  192.168.0.0/16  scram-sha-256
 host  all  all  0.0.0.0/0     scram-sha-256
+
+# IPv6 external connections
+host  all  all  ::0/0     scram-sha-256
@@ -29,6 +29,10 @@
   shell: "/tmp/aws/install --update"
   become: true
 
+- name: AWS CLI - configure ipv6 support for s3
+  shell: |
+    aws configure set default.s3.use_dualstack_endpoint true
+
 - name: install Vector for logging
   become: yes
   apt:

@@ -132,6 +132,7 @@
   copy:
     content: |
       127.0.0.1   localhost
+      ::1         localhost
     dest: /etc/hosts
     mode: 0644
     owner: root

@@ -46,7 +46,7 @@ postgres_exporter_release_checksum:
   arm64: sha256:29ba62d538b92d39952afe12ee2e1f4401250d678ff4b354ff2752f4321c87a0
   amd64: sha256:cb89fc5bf4485fb554e0d640d9684fae143a4b2d5fa443009bd29c59f9129e84
 
-adminapi_release: 0.59.0
+adminapi_release: 0.61.0
 adminmgr_release: 0.14.3
 
 # Postgres Extensions

@@ -1 +1 @@
-postgres-version = "15.1.0.155"
+postgres-version = "15.1.1.2"
@@ -5,7 +5,7 @@ declarative_config = /etc/kong/kong.yml
 plugins = request-transformer,cors,key-auth,basic-auth,http-log,ip-restriction,rate-limiting
 
 admin_listen = off
-proxy_listen = 0.0.0.0:80 reuseport backlog=16384, 0.0.0.0:443 http2 ssl reuseport backlog=16834
+proxy_listen = 0.0.0.0:80 reuseport backlog=16384, 0.0.0.0:443 http2 ssl reuseport backlog=16834, [::]:80 reuseport backlog=16384, [::]:443 http2 ssl reuseport backlog=16348
 
 nginx_http_log_format = custom_log '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $request_length'
 nginx_http_client_body_buffer_size = 512k

@@ -50,7 +50,7 @@ pidfile = /var/run/pgbouncer/pgbouncer.pid
 ;;;
 
 ;; IP address or * which means all IPs
-listen_addr = 0.0.0.0
+listen_addr = *
 listen_port = 6543
 
 ;; Unix socket is also used for -R.

@@ -89,3 +89,6 @@ host  all  all  10.0.0.0/8  scram-sha-256
 host  all  all  172.16.0.0/12  scram-sha-256
 host  all  all  192.168.0.0/16  scram-sha-256
 host  all  all  0.0.0.0/0     scram-sha-256
+
+# IPv6 external connections
+host  all  all  ::0/0     scram-sha-256
@@ -89,11 +89,6 @@ EOF
 	localedef -i en_US -f UTF-8 en_US.UTF-8
 }
 
-# Disable IPV6 for ufw
-function disable_ufw_ipv6 {
-	sed -i 's/IPV6=yes/IPV6=no/g' /etc/default/ufw
-}
-
 function install_packages_for_build {
 	apt-get install -y --no-install-recommends linux-libc-dev \
 	 acl \
@@ -126,19 +121,7 @@ GRUB_DEFAULT=0
 GRUB_TIMEOUT=0
 GRUB_TIMEOUT_STYLE="hidden"
 GRUB_DISTRIBUTOR="Supabase postgresql"
-GRUB_CMDLINE_LINUX_DEFAULT="nomodeset console=tty1 console=ttyS0 ipv6.disable=1"
-EOF
-}
-
-function setup_grub_conf_amd64 {
-	mkdir -p /etc/default/grub.d
-
-cat << EOF > /etc/default/grub.d/50-aws-settings.cfg
-GRUB_RECORDFAIL_TIMEOUT=0
-GRUB_TIMEOUT=0
-GRUB_CMDLINE_LINUX_DEFAULT=" root=/dev/nvme0n1p2 rootfstype=ext4 rw noatime,nodiratime,discard console=tty1 console=ttyS0 ip=dhcp tsc=reliable net.ifnames=0 quiet module_blacklist=psmouse,input_leds,autofs4 ipv6.disable=1 nvme_core.io_timeout=4294967295 systemd.hostname=ubuntu ipv6.disable=1"
-GRUB_TERMINAL=console
-GRUB_DISABLE_LINUX_UUID=true
+GRUB_CMDLINE_LINUX_DEFAULT="nomodeset console=tty1 console=ttyS0 ipv6.disable=0"
 EOF
 }
 
@@ -215,7 +198,6 @@ setup_hostname
 create_admin_account
 set_default_target
 setup_eth0_interface
-disable_ufw_ipv6
 disable_sshd_passwd_auth
 disable_fsck
 #setup_ccache

@@ -182,6 +182,7 @@ function setup_chroot_environment {
 	cp /tmp/chroot-bootstrap.sh /mnt/tmp/chroot-bootstrap.sh
 	chroot /mnt /tmp/chroot-bootstrap.sh
 	rm -f /mnt/tmp/chroot-bootstrap.sh
+	echo "${POSTGRES_SUPABASE_VERSION}" > /mnt/root/supabase-release
 
 	# Copy the nvme identification script into /sbin inside the chroot
 	mkdir -p /mnt/sbin

@@ -104,7 +104,7 @@
 openapi-mode = "ignore-privileges"
 db-use-legacy-gucs = true
 admin-server-port = 3001
-server-host = "localhost"
+server-host = "*6"
 db-pool-acquisition-timeout = 10
 max-rows = 1000
 db-extra-search-path = "public, extensions"
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		postgres-version = "15.1.0.155"
		postgres-version = "15.1.1.2"