feat: upgrade pgbouncer

Author: samrose

ansible/playbook.yml

@@ -34,7 +34,7 @@
       tags:
         - install-pgbouncer
         - install-supabase-internal
-      when: debpkg_mode or nixpkg_mode
+      when: debpkg_mode or nixpkg_mode or stage2_nix
 
     - name: Install WAL-G
       import_tasks: tasks/setup-wal-g.yml

ansible/tasks/setup-pgbouncer.yml

@@ -1,52 +1,53 @@
 # PgBouncer
-- name: PgBouncer - download & install dependencies
-  apt:
-    pkg:
-      - build-essential
-      - libssl-dev
-      - pkg-config
-      - libevent-dev
-      - libsystemd-dev
-    update_cache: yes
-    cache_valid_time: 3600
-
-- name: PgBouncer - download latest release
-  get_url:
-    url: "https://www.pgbouncer.org/downloads/files/{{ pgbouncer_release }}/pgbouncer-{{ pgbouncer_release }}.tar.gz"
-    dest: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz
-    checksum: "{{ pgbouncer_release_checksum }}"
-    timeout: 60
-
-- name: PgBouncer - unpack archive
-  unarchive:
-    remote_src: yes
-    src: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz
-    dest: /tmp
-  become: yes
-
-- name: PgBouncer - configure
-  shell:
-    cmd: "./configure --prefix=/usr/local --with-systemd"
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-  become: yes
-
-- name: PgBouncer - build
-  make:
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-  become: yes
-
-- name: PgBouncer - install
-  make:
-    chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
-    target: install
-  become: yes
+# - name: PgBouncer - download & install dependencies
+#   apt:
+#     pkg:
+#       - build-essential
+#       - libssl-dev
+#       - pkg-config
+#       - libevent-dev
+#       - libsystemd-dev
+#     update_cache: yes
+#     cache_valid_time: 3600
+
+# - name: PgBouncer - download latest release
+#   get_url:
+#     url: "https://www.pgbouncer.org/downloads/files/{{ pgbouncer_release }}/pgbouncer-{{ pgbouncer_release }}.tar.gz"
+#     dest: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz
+#     checksum: "{{ pgbouncer_release_checksum }}"
+#     timeout: 60
+
+# - name: PgBouncer - unpack archive
+#   unarchive:
+#     remote_src: yes
+#     src: /tmp/pgbouncer-{{ pgbouncer_release }}.tar.gz
+#     dest: /tmp
+#   become: yes
+
+# - name: PgBouncer - configure
+#   shell:
+#     cmd: "./configure --prefix=/usr/local --with-systemd"
+#     chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
+#   become: yes
+
+# - name: PgBouncer - build
+#   make:
+#     chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
+#   become: yes
+
+# - name: PgBouncer - install
+#   make:
+#     chdir: /tmp/pgbouncer-{{ pgbouncer_release }}
+#     target: install
+#   become: yes
 
 - name: Create pgbouncer user
   user:
     name: pgbouncer
     shell: /bin/false
     comment: PgBouncer user
     groups: postgres,ssl-cert
+  when: nixpkg_mode
 
 - name: PgBouncer - create a directory if it does not exist
   file:
@@ -55,6 +56,7 @@
     owner: pgbouncer
     group: pgbouncer
     mode: '0700'
+  when: nixpkg_mode
 
 - name: PgBouncer - create a directory if it does not exist
   file:
@@ -65,6 +67,7 @@
     mode: '0775'
   with_items:
     - '/etc/pgbouncer-custom'
+  when: nixpkg_mode
 
 - name: create placeholder config files
   file:
@@ -77,59 +80,75 @@
     - 'generated-optimizations.ini'
     - 'custom-overrides.ini'
     - 'ssl-config.ini'
+  when: nixpkg_mode
 
 - name: PgBouncer - adjust pgbouncer.ini
   copy:
     src: files/pgbouncer_config/pgbouncer.ini.j2
     dest: /etc/pgbouncer/pgbouncer.ini
     owner: pgbouncer
     mode: '0700'
+  when: nixpkg_mode
 
 - name: PgBouncer - create a directory if it does not exist
   file:
     path: /etc/pgbouncer/userlist.txt
     state: touch
     owner: pgbouncer
     mode: '0700'
-      
+  when: nixpkg_mode
+
 - name: import /etc/tmpfiles.d/pgbouncer.conf
   template:
     src: files/pgbouncer_config/tmpfiles.d-pgbouncer.conf.j2
     dest: /etc/tmpfiles.d/pgbouncer.conf
   become: yes
+  when: nixpkg_mode
 
 - name: PgBouncer - By default allow ssl connections.
   become: yes
   copy:
     dest: /etc/pgbouncer-custom/ssl-config.ini
     content: |
       client_tls_sslmode = allow
+  when: nixpkg_mode
 
 - name: Grant pg_hba and pgbouncer grp perm for adminapi updates
   shell: |
      chmod g+w /etc/postgresql/pg_hba.conf
      chmod g+w /etc/pgbouncer-custom/ssl-config.ini
+  when: nixpkg_mode
 
 # Add fail2ban filter
 - name: import jail.d/pgbouncer.conf
   template:
     src: files/fail2ban_config/jail-pgbouncer.conf.j2
     dest: /etc/fail2ban/jail.d/pgbouncer.conf
   become: yes
+  when: nixpkg_mode
 
 - name: import filter.d/pgbouncer.conf
   template:
     src: files/fail2ban_config/filter-pgbouncer.conf.j2
     dest: /etc/fail2ban/filter.d/pgbouncer.conf
   become: yes
+  when: nixpkg_mode
 
 # Add systemd file for PgBouncer
 - name: PgBouncer - import postgresql.service
   template:
     src: files/pgbouncer_config/pgbouncer.service.j2
     dest: /etc/systemd/system/pgbouncer.service
   become: yes
+  when: nixpkg_mode
+
+- name: install pgbouncer from supabase nix binary cache
+  become: yes
+  shell: |
+    sudo -u pgbouncer bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#pgbouncer"
+  when: stage2_nix
 
 - name: PgBouncer - reload systemd
   systemd:
     daemon_reload: yes
+  when: stage2_nix

docker/nix/build_nix.sh

@@ -11,6 +11,7 @@ SYSTEM=$(nix-instantiate --eval -E builtins.currentSystem | tr -d '"')
 nix build .#checks.$SYSTEM.psql_15 -L --no-link
 nix build .#checks.$SYSTEM.psql_orioledb-17 -L --no-link
 nix build .#checks.$SYSTEM.psql_17 -L --no-link
+nix build .#pgbouncer -L
 nix build .#psql_15/bin -o psql_15 -L
 nix build .#psql_orioledb-17/bin -o psql_orioledb_17 -L
 nix build .#psql_17/bin -o psql_17 -L
@@ -20,6 +21,7 @@ nix build .#wal-g-3 -o wal-g-3 -L
 # Copy to S3
 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./wal-g-2
 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./wal-g-3
+nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./pgbouncer
 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_15
 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_orioledb_17
 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_17

flake.nix

@@ -84,9 +84,10 @@
             })
           ];
         };
+        mecab-naist-jdic = pkgs.callPackage ./nix/ext/mecab-naist-jdic/default.nix { };
+        pgbouncer = pkgs.callPackage ./nix/pgbouncer.nix { };
         sfcgal = pkgs.callPackage ./nix/ext/sfcgal/sfcgal.nix { };
         supabase-groonga = pkgs.callPackage ./nix/supabase-groonga.nix { };
-        mecab-naist-jdic = pkgs.callPackage ./nix/ext/mecab-naist-jdic/default.nix { };
         inherit (pkgs.callPackage ./nix/wal-g.nix { }) wal-g-2 wal-g-3;
         # Our list of PostgreSQL extensions which come from upstream Nixpkgs.
         # These are maintained upstream and can easily be used here just by
@@ -400,6 +401,7 @@
           postgresql_orioledb-17 = getPostgresqlPackage "orioledb-17";
         in 
         postgresVersions // {
+          pgbouncer = pgbouncer;
           supabase-groonga = supabase-groonga;
           cargo-pgrx_0_11_3 = pkgs.cargo-pgrx.cargo-pgrx_0_11_3;
           cargo-pgrx_0_12_6 = pkgs.cargo-pgrx.cargo-pgrx_0_12_6;

nix/pgbouncer.nix

@@ -0,0 +1,46 @@
+{
+  lib,
+  stdenv,
+  fetchurl,
+  openssl,
+  libevent,
+  c-ares,
+  pkg-config,
+  systemd,
+  nixosTests,
+}:
+
+stdenv.mkDerivation rec {
+  pname = "pgbouncer";
+  version = "1.24.1";
+
+  src = fetchurl {
+    url = "https://www.pgbouncer.org/downloads/files/${version}/${pname}-${version}.tar.gz";
+    hash = "sha256-2nKjq6EwcodtBVo+WN1Kukpd5O1hSOcwMxhSRVmP0+A=";
+  };
+
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs = [
+    libevent
+    openssl
+    c-ares
+  ] ++ lib.optional stdenv.hostPlatform.isLinux systemd;
+  enableParallelBuilding = true;
+  configureFlags = lib.optional stdenv.hostPlatform.isLinux "--with-systemd";
+
+  passthru.tests = {
+    pgbouncer = nixosTests.pgbouncer;
+  };
+
+  meta = with lib; {
+    homepage = "https://www.pgbouncer.org/";
+    mainProgram = "pgbouncer";
+    description = "Lightweight connection pooler for PostgreSQL";
+    changelog = "https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_${
+      replaceStrings [ "." ] [ "_" ] version
+    }";
+    license = licenses.isc;
+    maintainers = with maintainers; [ _1000101 ];
+    platforms = platforms.all;
+  };
+}