Sam/pg bouncer upgrade

ansible/playbook.yml

@@ -34,7 +34,7 @@
       tags:
         - install-pgbouncer
         - install-supabase-internal
-      when: debpkg_mode or nixpkg_mode
+      when: debpkg_mode or nixpkg_mode or stage2_nix
 
     - name: Install WAL-G
       import_tasks: tasks/setup-wal-g.yml

ansible/tasks/setup-nginx.yml

@@ -5,6 +5,7 @@
 - name: nginx - system dependencies
   apt:
     pkg:
+      - build-essential
       - openssl
       - libpcre3-dev
       - libssl-dev

ansible/tasks/setup-pgbouncer.yml

@@ -1,52 +1,10 @@
-# PgBouncer
-- name: PgBouncer - download & install dependencies
-  apt:
-    pkg:
-      - build-essential
-      - libssl-dev
-      - pkg-config
-      - libevent-dev
-      - libsystemd-dev
-    update_cache: yes
-    cache_valid_time: 3600
-
-- name: PgBouncer - download latest release
-  get_url:
-    url: "https://www.pgbouncer.org/downloads/files/{{ pgbouncer_release }}/pgbouncer-{{ pgbouncer_release }}.tar.gz"
-    dest: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz
-    checksum: "{{ pgbouncer_release_checksum }}"
-    timeout: 60
-
-- name: PgBouncer - unpack archive
-  unarchive:
-    remote_src: yes
-    src: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz
-    dest: /tmp
-  become: yes
-
-- name: PgBouncer - configure
-  shell:
-    cmd: "./configure --prefix=/usr/local --with-systemd"
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-  become: yes
-
-- name: PgBouncer - build
-  make:
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-  become: yes
-
-- name: PgBouncer - install
-  make:
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-    target: install
-  become: yes
-
 - name: Create pgbouncer user
   user:
     name: pgbouncer
     shell: /bin/false
     comment: PgBouncer user
     groups: postgres,ssl-cert
+  when: nixpkg_mode
 
 - name: PgBouncer - create a directory if it does not exist
   file:
@@ -55,6 +13,7 @@
     owner: pgbouncer
     group: pgbouncer
     mode: '0700'
+  when: nixpkg_mode
 
 - name: PgBouncer - create a directory if it does not exist
   file:
@@ -65,6 +24,7 @@
     mode: '0775'
   with_items:
     - '/etc/pgbouncer-custom'
+  when: nixpkg_mode
 
 - name: create placeholder config files
   file:
@@ -77,59 +37,75 @@
     - 'generated-optimizations.ini'
     - 'custom-overrides.ini'
     - 'ssl-config.ini'
+  when: nixpkg_mode
 
 - name: PgBouncer - adjust pgbouncer.ini
   copy:
     src: files/pgbouncer_config/pgbouncer.ini.j2
     dest: /etc/pgbouncer/pgbouncer.ini
     owner: pgbouncer
     mode: '0700'
+  when: nixpkg_mode
 
 - name: PgBouncer - create a directory if it does not exist
   file:
     path: /etc/pgbouncer/userlist.txt
     state: touch
     owner: pgbouncer
     mode: '0700'
-
+  when: nixpkg_mode
+
 - name: import /etc/tmpfiles.d/pgbouncer.conf
   template:
     src: files/pgbouncer_config/tmpfiles.d-pgbouncer.conf.j2
     dest: /etc/tmpfiles.d/pgbouncer.conf
   become: yes
+  when: nixpkg_mode
 
 - name: PgBouncer - By default allow ssl connections.
   become: yes
   copy:
     dest: /etc/pgbouncer-custom/ssl-config.ini
     content: |
       client_tls_sslmode = allow
+  when: nixpkg_mode
 
 - name: Grant pg_hba and pgbouncer grp perm for adminapi updates
   shell: |
      chmod g+w /etc/postgresql/pg_hba.conf
      chmod g+w /etc/pgbouncer-custom/ssl-config.ini
+  when: nixpkg_mode
 
 # Add fail2ban filter
 - name: import jail.d/pgbouncer.conf
   template:
     src: files/fail2ban_config/jail-pgbouncer.conf.j2
     dest: /etc/fail2ban/jail.d/pgbouncer.conf
   become: yes
+  when: nixpkg_mode
 
 - name: import filter.d/pgbouncer.conf
   template:
     src: files/fail2ban_config/filter-pgbouncer.conf.j2
     dest: /etc/fail2ban/filter.d/pgbouncer.conf
   become: yes
+  when: nixpkg_mode
 
 # Add systemd file for PgBouncer
 - name: PgBouncer - import postgresql.service
   template:
     src: files/pgbouncer_config/pgbouncer.service.j2
     dest: /etc/systemd/system/pgbouncer.service
   become: yes
+  when: nixpkg_mode
+
+- name: install pgbouncer from supabase nix binary cache
+  become: yes
+  shell: |
+    sudo -u pgbouncer bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#pgbouncer"
+  when: stage2_nix
 
 - name: PgBouncer - reload systemd
   systemd:
     daemon_reload: yes
+  when: stage2_nix

ansible/vars.yml

@@ -14,8 +14,6 @@ postgres_release:
   postgres15: "15.8.1.077"
 
 # Non Postgres Extensions
-pgbouncer_release: "1.19.0"
-pgbouncer_release_checksum: sha256:af0b05e97d0e1fd9ad45fe00ea6d2a934c63075f67f7e2ccef2ca59e3d8ce682
 
 # to get these use
 # wget https://github.com/PostgREST/postgrest/releases/download/v12.2.3/postgrest-v12.2.3-ubuntu-aarch64.tar.xz -q -O- | sha1sum

docker/nix/build_nix.sh

@@ -11,6 +11,7 @@ SYSTEM=$(nix-instantiate --eval -E builtins.currentSystem | tr -d '"')
 nix build .#checks.$SYSTEM.psql_15 -L --no-link
 nix build .#checks.$SYSTEM.psql_orioledb-17 -L --no-link
 nix build .#checks.$SYSTEM.psql_17 -L --no-link
+nix build .#pgbouncer -o pgbouncer -L
 nix build .#psql_15/bin -o psql_15 -L
 nix build .#psql_orioledb-17/bin -o psql_orioledb_17 -L
 nix build .#psql_17/bin -o psql_17 -L
@@ -20,6 +21,7 @@ nix build .#wal-g-3 -o wal-g-3 -L
 # Copy to S3
 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./wal-g-2
 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./wal-g-3
+nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./pgbouncer
 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_15
 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_orioledb_17
 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_17

flake.nix

@@ -84,9 +84,10 @@
             })
           ];
         };
+        mecab-naist-jdic = pkgs.callPackage ./nix/ext/mecab-naist-jdic/default.nix { };
+        pgbouncer = pkgs.callPackage ./nix/pgbouncer.nix { };
         sfcgal = pkgs.callPackage ./nix/ext/sfcgal/sfcgal.nix { };
         supabase-groonga = pkgs.callPackage ./nix/supabase-groonga.nix { };
-        mecab-naist-jdic = pkgs.callPackage ./nix/ext/mecab-naist-jdic/default.nix { };
         inherit (pkgs.callPackage ./nix/wal-g.nix { }) wal-g-2 wal-g-3;
         # Our list of PostgreSQL extensions which come from upstream Nixpkgs.
         # These are maintained upstream and can easily be used here just by
@@ -400,6 +401,7 @@
           postgresql_orioledb-17 = getPostgresqlPackage "orioledb-17";
         in 
         postgresVersions // {
+          pgbouncer = pgbouncer;
           supabase-groonga = supabase-groonga;
           cargo-pgrx_0_11_3 = pkgs.cargo-pgrx.cargo-pgrx_0_11_3;
           cargo-pgrx_0_12_6 = pkgs.cargo-pgrx.cargo-pgrx_0_12_6;

nix/pgbouncer.nix

@@ -0,0 +1,46 @@
+{
+  lib,
+  stdenv,
+  fetchurl,
+  openssl,
+  libevent,
+  c-ares,
+  pkg-config,
+  systemd,
+  nixosTests,
+}:
+
+stdenv.mkDerivation rec {
+  pname = "pgbouncer";
+  version = "1.24.1";
+
+  src = fetchurl {
+    url = "https://www.pgbouncer.org/downloads/files/${version}/${pname}-${version}.tar.gz";
+    hash = "sha256-2nKjq6EwcodtBVo+WN1Kukpd5O1hSOcwMxhSRVmP0+A=";
+  };
+
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs = [
+    libevent
+    openssl
+    c-ares
+  ] ++ lib.optional stdenv.hostPlatform.isLinux systemd;
+  enableParallelBuilding = true;
+  configureFlags = lib.optional stdenv.hostPlatform.isLinux "--with-systemd";
+
+  passthru.tests = {
+    pgbouncer = nixosTests.pgbouncer;
+  };
+
+  meta = with lib; {
+    homepage = "https://www.pgbouncer.org/";
+    mainProgram = "pgbouncer";
+    description = "Lightweight connection pooler for PostgreSQL";
+    changelog = "https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_${
+      replaceStrings [ "." ] [ "_" ] version
+    }";
+    license = licenses.isc;
+    maintainers = with maintainers; [ _1000101 ];
+    platforms = platforms.all;
+  };
+}