supabase
diff --git a/‎Dockerfile-15‎
Lines changed: 3 additions & 4 deletions b/‎Dockerfile-15‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎Dockerfile-17‎
Lines changed: 3 additions & 4 deletions b/‎Dockerfile-17‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎Dockerfile-orioledb-17‎
Lines changed: 3 additions & 4 deletions b/‎Dockerfile-orioledb-17‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql‎
Lines changed: 3 additions & 1 deletion b/‎ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎ansible/tasks/setup-postgrest.yml‎
Lines changed: 7 additions & 5 deletions b/‎ansible/tasks/setup-postgrest.yml‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎ansible/tasks/setup-system.yml‎
Lines changed: 19 additions & 0 deletions b/‎ansible/tasks/setup-system.yml‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎ansible/vars.yml‎
Lines changed: 7 additions & 7 deletions b/‎ansible/vars.yml‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎migrations/README.md‎
Lines changed: 3 additions & 3 deletions b/‎migrations/README.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎migrations/db/migrations/20220317095840_pg_graphql.sql‎
Lines changed: 1 addition & 1 deletion b/‎migrations/db/migrations/20220317095840_pg_graphql.sql‎
Lines changed: 1 addition & 1 deletion
@@ -113,7 +113,7 @@ COPY . /nixpg
 
 WORKDIR /nixpg
 
-RUN nix profile install .#psql_15/bin
+RUN nix profile add path:.#psql_15/bin
 
 RUN nix store gc
 
@@ -167,7 +167,7 @@ FROM base as groonga
 
 WORKDIR /nixpg
 
-RUN nix profile install .#supabase-groonga && \
+RUN nix profile add path:.#supabase-groonga && \
     mkdir -p /tmp/groonga-plugins && \
     cp -r /nix/var/nix/profiles/default/lib/groonga/plugins /tmp/groonga-plugins/
 
@@ -209,7 +209,7 @@ COPY --from=groonga /tmp/groonga-plugins/plugins /usr/lib/groonga/plugins
 COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j2 /etc/postgresql/postgresql.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_hba.conf.j2 /etc/postgresql/pg_hba.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_ident.conf.j2 /etc/postgresql/pg_ident.conf
-COPY --chown=postgres:postgres ansible/files/postgresql_config/conf.d /etc/postgresql-custom/
+COPY --chown=postgres:postgres ansible/files/postgresql_config/conf.d /etc/postgresql-custom/conf.d
 COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout-log.conf /etc/postgresql/logging.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts
@@ -227,7 +227,6 @@ RUN sed -i \
     echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \    
     echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
     usermod -aG postgres wal-g && \
-    mkdir -p /etc/postgresql-custom/conf.d && \
     chown -R postgres:postgres /etc/postgresql-custom
 
 # # Include schema migrations
 
@@ -116,7 +116,7 @@ COPY . /nixpg
 
 WORKDIR /nixpg
 
-RUN nix profile install .#psql_17/bin 
+RUN nix profile add path:.#psql_17/bin 
 
 RUN nix store gc
 
@@ -171,7 +171,7 @@ FROM base as groonga
 
 WORKDIR /nixpg
 
-RUN nix profile install .#supabase-groonga && \
+RUN nix profile add path:.#supabase-groonga && \
     mkdir -p /tmp/groonga-plugins && \
     cp -r /nix/var/nix/profiles/default/lib/groonga/plugins /tmp/groonga-plugins/
 
@@ -213,7 +213,7 @@ COPY --from=groonga /tmp/groonga-plugins/plugins /usr/lib/groonga/plugins
 COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j2 /etc/postgresql/postgresql.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_hba.conf.j2 /etc/postgresql/pg_hba.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_ident.conf.j2 /etc/postgresql/pg_ident.conf
-COPY --chown=postgres:postgres ansible/files/postgresql_config/conf.d /etc/postgresql-custom/
+COPY --chown=postgres:postgres ansible/files/postgresql_config/conf.d /etc/postgresql-custom/conf.d
 COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout-log.conf /etc/postgresql/logging.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts
@@ -231,7 +231,6 @@ RUN sed -i \
     echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
     echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
     usermod -aG postgres wal-g && \
-    mkdir -p /etc/postgresql-custom/conf.d && \
     chown -R postgres:postgres /etc/postgresql-custom
 
     # Remove items from postgresql.conf
 
@@ -116,7 +116,7 @@ COPY . /nixpg
 
 WORKDIR /nixpg
 
-RUN nix profile install .#psql_orioledb-17/bin 
+RUN nix profile add path:.#psql_orioledb-17/bin 
 
 RUN nix store gc
 
@@ -171,7 +171,7 @@ FROM base as groonga
 
 WORKDIR /nixpg
 
-RUN nix profile install .#supabase-groonga && \
+RUN nix profile add path:.#supabase-groonga && \
     mkdir -p /tmp/groonga-plugins && \
     cp -r /nix/var/nix/profiles/default/lib/groonga/plugins /tmp/groonga-plugins/
 
@@ -213,7 +213,7 @@ COPY --from=groonga /tmp/groonga-plugins/plugins /usr/lib/groonga/plugins
 COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j2 /etc/postgresql/postgresql.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_hba.conf.j2 /etc/postgresql/pg_hba.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_ident.conf.j2 /etc/postgresql/pg_ident.conf
-COPY --chown=postgres:postgres ansible/files/postgresql_config/conf.d /etc/postgresql-custom/
+COPY --chown=postgres:postgres ansible/files/postgresql_config/conf.d /etc/postgresql-custom/conf.d
 COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout-log.conf /etc/postgresql/logging.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts
@@ -231,7 +231,6 @@ RUN sed -i \
     echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
     echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
     usermod -aG postgres wal-g && \
-    mkdir -p /etc/postgresql-custom/conf.d && \
     chown -R postgres:postgres /etc/postgresql-custom
 
     # Remove items from postgresql.conf
 
@@ -294,7 +294,7 @@ This is the same PostgreSQL build that powers [Supabase](https://supabase.io), b
 | Goodie | Version | Description |
 | ------------- | :-------------: | ------------- |
 | [PgBouncer](https://www.pgbouncer.org/) | [1.19.0](http://www.pgbouncer.org/changelog.html#pgbouncer-119x) | Set up Connection Pooling. |
-| [PostgREST](https://postgrest.org/en/stable/) | [v13.0.4](https://github.com/PostgREST/postgrest/releases/tag/v13.0.4) | Instantly transform your database into an RESTful API. |
+| [PostgREST](https://postgrest.org/en/stable/) | [v14.1](https://github.com/PostgREST/postgrest/releases/tag/v14.1) | Instantly transform your database into an RESTful API. |
 | [WAL-G](https://github.com/wal-g/wal-g#wal-g) | [v2.0.1](https://github.com/wal-g/wal-g/releases/tag/v2.0.1) | Tool for physical database backup and recovery. | -->
 
 
 
@@ -14,7 +14,9 @@ BEGIN
     SELECT usename::TEXT, passwd::TEXT FROM pg_catalog.pg_shadow
     WHERE usename = p_usename;
 END;
-$$ LANGUAGE plpgsql SECURITY DEFINER;
+$$ LANGUAGE plpgsql 
+SET search_path = ''
+SECURITY DEFINER;
 
 REVOKE ALL ON FUNCTION pgbouncer.get_auth(p_usename TEXT) FROM PUBLIC;
 GRANT EXECUTE ON FUNCTION pgbouncer.get_auth(p_usename TEXT) TO pgbouncer;
@@ -4,9 +4,11 @@
     state: 'present'
 
 - name: PostgREST - add Postgres PPA gpg key
-  ansible.builtin.apt_key:
+  ansible.builtin.get_url:
+    dest: /etc/apt/trusted.gpg.d/ppdg.asc
+    force: true
+    mode: '0644'
     url: 'https://www.postgresql.org/media/keys/ACCC4CF8.asc'
-    state: 'present'
 
 - name: PostgREST - add Postgres PPA main
   ansible.builtin.apt_repository:
@@ -30,9 +32,9 @@
     msg: "Installed libpq5 version: {{ ansible_facts['packages']['libpq5'][0]['version'] }}"
 
 - name: PostgREST - remove Postgres PPA gpg key
-  ansible.builtin.apt_key:
+  ansible.builtin.file:
+    path: /etc/apt/trusted.gpg.d/ppdg.asc
     state: 'absent'
-    url: 'https://www.postgresql.org/media/keys/ACCC4CF8.asc'
 
 - name: PostgREST - remove Postgres PPA
   ansible.builtin.apt_repository:
@@ -58,7 +60,7 @@
       {%- if platform == "arm64" -%}
         ubuntu-aarch64
       {%- elif platform == "amd64" -%}
-        inux-static-x86-64
+        linux-static-x86-64
       {%- endif -%}
 
 - name: PostgREST - unpack archive in /opt
 
@@ -64,6 +64,18 @@
         dest: '/etc/apt/apt.conf.d/10periodic'
         src: 'files/apt_periodic'
 
+    - name: Set local ssh policy
+      ansible.builtin.copy:
+        content: |
+          Match Address 127.0.0.1,::1
+            ForceCommand /bin/false
+            DisableForwarding yes
+            PermitTunnel no
+        dest: /etc/ssh/sshd_config.d/local.conf
+        mode: '0644'
+        owner: 'root'
+        group: 'root'
+
 - name: Install other useful tools
   ansible.builtin.apt:
     pkg:
@@ -154,6 +166,13 @@
         value: 60
         state: 'present'
 
+    # postgres_exporter runs on port 9187 and postgresT occasionlly chooses it as random srcport
+    - name: Set net.ipv4.ip_local_reserved_ports=9187
+      ansible.builtin.sysctl:
+        name: 'net.ipv4.ip_local_reserved_ports'
+        value: 9187
+        state: 'present'
+
 - name: Execute tasks when (debpkg_mode or nixpkg_mode)
   when:
     - (debpkg_mode or nixpkg_mode)
 
@@ -10,9 +10,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.6.0.014-orioledb"
-  postgres17: "17.6.1.057"
-  postgres15: "15.14.1.057"
+  postgresorioledb-17: "17.6.0.020-orioledb"
+  postgres17: "17.6.1.063"
+  postgres15: "15.14.1.063"
 
 # Non Postgres Extensions
 pgbouncer_release: 1.19.0
@@ -21,9 +21,9 @@ pgbouncer_release_checksum: sha256:af0b05e97d0e1fd9ad45fe00ea6d2a934c63075f67f7e
 # The checksum can be found under "Assets", in the GitHub release page for each version.
 # The binaries used are: ubuntu-aarch64 and linux-static.
 # https://github.com/PostgREST/postgrest/releases
-postgrest_release: 13.0.5
-postgrest_arm_release_checksum: sha256:7b4eafdaf76bc43b57f603109d460a838f89f949adccd02f452ca339f9a0a0d4
-postgrest_x86_release_checksum: sha256:05be2bd48abee6c1691fc7c5d005023466c6989e41a4fc7d1302b8212adb88b5
+postgrest_release: 14.1
+postgrest_arm_release_checksum: sha256:68885d936873059b946afadaae697467daedacd7d8e697a80b7f0f6881c9c92f
+postgrest_x86_release_checksum: sha256:bdab6ab3389ca0d6c1f3b8363491674dbca71875c3f30261d92d8fecdde35277
 
 gotrue_release: 2.182.1
 gotrue_release_checksum: sha1:38a12109ad62df32460d88e4c7b2a475b88e7865
@@ -53,7 +53,7 @@ postgres_exporter_release_checksum:
   arm64: sha256:29ba62d538b92d39952afe12ee2e1f4401250d678ff4b354ff2752f4321c87a0
   amd64: sha256:cb89fc5bf4485fb554e0d640d9684fae143a4b2d5fa443009bd29c59f9129e84
 
-adminapi_release: "0.93.0"
+adminapi_release: "0.94.0"
 adminmgr_release: "0.32.3"
 supabase_admin_agent_release: 1.6.0
 supabase_admin_agent_splay: 30s
 
@@ -38,7 +38,7 @@ nix run github:supabase/postgres/mybranch#dbmate-tool -- --version 15
 - supabase/postgres
 - supabase/supabase
 - supabase/cli
-- supabase/infrastructure (internal)
+- supabase/platform (internal)
 
 aiming to provide a single source of truth for migrations on the platform that can be depended upon by those components. For more information on goals see [the RFC](https://www.notion.so/supabase/Centralize-SQL-Migrations-cd3847ae027d4f2bba9defb2cc82f69a)
 
@@ -48,8 +48,8 @@ aiming to provide a single source of truth for migrations on the platform that c
 
 Migrations were pulled (in order) from:
 
-1. [init-scripts/postgres](https://github.com/supabase/infrastructure/tree/develop/init-scripts/postgres) => [db/init-scripts](db/init-scripts)
-2. [init-scripts/migrations](https://github.com/supabase/infrastructure/tree/develop/init-scripts/migrations) => [db/migrations](db/migrations)
+1. [init-scripts/postgres](https://github.com/supabase/platform/tree/develop/init-scripts/postgres) => [db/init-scripts](db/init-scripts)
+2. [init-scripts/migrations](https://github.com/supabase/platform/tree/develop/init-scripts/migrations) => [db/migrations](db/migrations)
 
 For compatibility with hosted projects, we include [migrate.sh](migrate.sh) that executes migrations in the same order as ami build:
 
 
@@ -1,7 +1,7 @@
 -- migrate:up
 create schema if not exists graphql_public;
 
--- obsolete signature: https://github.com/supabase/infrastructure/pull/5524/files
+-- obsolete signature: https://github.com/supabase/platform/pull/5524/files
 drop function if exists graphql_public.graphql(text, text, jsonb);
 -- GraphQL Placeholder Entrypoint
 create or replace function graphql_public.graphql(