Cloonar/nixos
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

fix: supabase connection

Browse source
This commit is contained in:
Dominik Polakovics Polakovics 2026-04-02 15:19:57 +02:00
parent 7e98b2526b
commit 856761d407
2 changed files with 14 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

12
hosts/web-arm/modules/supabase/default.nix
View file

@ -26,6 +26,7 @@ in
"d /var/lib/supabase/snippets 0755 root root -" "d /var/lib/supabase/snippets 0755 root root -"
]; ];
# --- Systemd services: network, env generation, and container ordering --- # --- Systemd services: network, env generation, and container ordering ---
systemd.services = systemd.services =
let let
@ -45,7 +46,7 @@ in
"supabase-functions" "supabase-functions"
]; ];
mkContainerDeps = name: { mkContainerDeps = name: {
"docker-${name}" = { "podman-${name}" = {
after = [ "init-supabase-network.service" "supabase-env-generate.service" ]; after = [ "init-supabase-network.service" "supabase-env-generate.service" ];
requires = [ "init-supabase-network.service" "supabase-env-generate.service" ]; requires = [ "init-supabase-network.service" "supabase-env-generate.service" ];
}; };
@ -54,22 +55,19 @@ in
lib.mkMerge (map mkContainerDeps containerNames ++ [ lib.mkMerge (map mkContainerDeps containerNames ++ [
{ {
init-supabase-network = { init-supabase-network = {
description = "Create supabase-net Docker network"; description = "Create supabase-net Podman network";
after = [ "docker.service" ];
requires = [ "docker.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
# '-' prefix tells systemd to ignore non-zero exit (network may already exist) # '-' prefix tells systemd to ignore non-zero exit (network may already exist)
ExecStart = "-${pkgs.docker}/bin/docker network create supabase-net"; ExecStart = "-${pkgs.podman}/bin/podman network create supabase-net";
}; };
}; };
supabase-env-generate = { supabase-env-generate = {
description = "Generate Supabase per-container env files from SOPS secrets"; description = "Generate Supabase per-container env files from SOPS secrets";
after = [ "docker.service" ];
requires = [ "docker.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.jq ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;

15
hosts/web-arm/modules/supabase/env-generate.sh
View file

@ -6,6 +6,9 @@ set -a
source "$1" source "$1"
set +a set +a
# URL-encode password for use in connection strings
PG_PASS_ENCODED=$(printf '%s' "$POSTGRES_PASSWORD" | jq -sRr @uri)
cat > /run/supabase/db.env <<EOF cat > /run/supabase/db.env <<EOF
POSTGRES_PASSWORD=$POSTGRES_PASSWORD POSTGRES_PASSWORD=$POSTGRES_PASSWORD
PGPASSWORD=$POSTGRES_PASSWORD PGPASSWORD=$POSTGRES_PASSWORD
@ -16,18 +19,18 @@ cat > /run/supabase/analytics.env <<EOF
DB_PASSWORD=$POSTGRES_PASSWORD DB_PASSWORD=$POSTGRES_PASSWORD
LOGFLARE_PUBLIC_ACCESS_TOKEN=$LOGFLARE_PUBLIC_ACCESS_TOKEN LOGFLARE_PUBLIC_ACCESS_TOKEN=$LOGFLARE_PUBLIC_ACCESS_TOKEN
LOGFLARE_PRIVATE_ACCESS_TOKEN=$LOGFLARE_PRIVATE_ACCESS_TOKEN LOGFLARE_PRIVATE_ACCESS_TOKEN=$LOGFLARE_PRIVATE_ACCESS_TOKEN
POSTGRES_BACKEND_URL=postgresql://supabase_admin:$POSTGRES_PASSWORD@db:5432/_supabase POSTGRES_BACKEND_URL=postgresql://supabase_admin:$PG_PASS_ENCODED@db:5432/_supabase
EOF EOF
cat > /run/supabase/auth.env <<EOF cat > /run/supabase/auth.env <<EOF
GOTRUE_JWT_SECRET=$JWT_SECRET GOTRUE_JWT_SECRET=$JWT_SECRET
GOTRUE_DB_DATABASE_URL=postgres://supabase_auth_admin:$POSTGRES_PASSWORD@db:5432/postgres GOTRUE_DB_DATABASE_URL=postgres://supabase_auth_admin:$PG_PASS_ENCODED@db:5432/postgres
EOF EOF
cat > /run/supabase/rest.env <<EOF cat > /run/supabase/rest.env <<EOF
PGRST_JWT_SECRET=$JWT_SECRET PGRST_JWT_SECRET=$JWT_SECRET
PGRST_APP_SETTINGS_JWT_SECRET=$JWT_SECRET PGRST_APP_SETTINGS_JWT_SECRET=$JWT_SECRET
PGRST_DB_URI=postgres://authenticator:$POSTGRES_PASSWORD@db:5432/postgres PGRST_DB_URI=postgres://authenticator:$PG_PASS_ENCODED@db:5432/postgres
EOF EOF
cat > /run/supabase/realtime.env <<EOF cat > /run/supabase/realtime.env <<EOF
@ -41,7 +44,7 @@ cat > /run/supabase/storage.env <<EOF
ANON_KEY=$ANON_KEY ANON_KEY=$ANON_KEY
SERVICE_KEY=$SERVICE_ROLE_KEY SERVICE_KEY=$SERVICE_ROLE_KEY
AUTH_JWT_SECRET=$JWT_SECRET AUTH_JWT_SECRET=$JWT_SECRET
DATABASE_URL=postgres://supabase_storage_admin:$POSTGRES_PASSWORD@db:5432/postgres DATABASE_URL=postgres://supabase_storage_admin:$PG_PASS_ENCODED@db:5432/postgres
S3_PROTOCOL_ACCESS_KEY_ID=$S3_PROTOCOL_ACCESS_KEY_ID S3_PROTOCOL_ACCESS_KEY_ID=$S3_PROTOCOL_ACCESS_KEY_ID
S3_PROTOCOL_ACCESS_KEY_SECRET=$S3_PROTOCOL_ACCESS_KEY_SECRET S3_PROTOCOL_ACCESS_KEY_SECRET=$S3_PROTOCOL_ACCESS_KEY_SECRET
EOF EOF
@ -52,7 +55,7 @@ CRYPTO_KEY=$PG_META_CRYPTO_KEY
EOF EOF
cat > /run/supabase/studio.env <<EOF cat > /run/supabase/studio.env <<EOF
POSTGRES_PASSWORD=$POSTGRES_PASSWORD POSTGRES_PASSWORD=$PG_PASS_ENCODED
PG_META_CRYPTO_KEY=$PG_META_CRYPTO_KEY PG_META_CRYPTO_KEY=$PG_META_CRYPTO_KEY
SUPABASE_ANON_KEY=$ANON_KEY SUPABASE_ANON_KEY=$ANON_KEY
SUPABASE_SERVICE_KEY=$SERVICE_ROLE_KEY SUPABASE_SERVICE_KEY=$SERVICE_ROLE_KEY
@ -75,7 +78,7 @@ EOF
cat > /run/supabase/pooler.env <<EOF cat > /run/supabase/pooler.env <<EOF
POSTGRES_PASSWORD=$POSTGRES_PASSWORD POSTGRES_PASSWORD=$POSTGRES_PASSWORD
DATABASE_URL=ecto://supabase_admin:$POSTGRES_PASSWORD@db:5432/_supabase DATABASE_URL=ecto://supabase_admin:$PG_PASS_ENCODED@db:5432/_supabase
SECRET_KEY_BASE=$SECRET_KEY_BASE SECRET_KEY_BASE=$SECRET_KEY_BASE
VAULT_ENC_KEY=$VAULT_ENC_KEY VAULT_ENC_KEY=$VAULT_ENC_KEY
API_JWT_SECRET=$JWT_SECRET API_JWT_SECRET=$JWT_SECRET