Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,8 @@ The project uses Nix as its build system, which provides:

## Common Tasks

To skip hours of building and download instead, configure the Supabase Postgres Nix binary cache: [nix/docs/nix-cache.md](nix/docs/nix-cache.md).

### Building Locally

To build PostgreSQL with extensions locally:
Expand Down
36 changes: 13 additions & 23 deletions docs/multigres-image.md
Original file line number Diff line number Diff line change
Expand Up @@ -77,43 +77,33 @@ docker build -f Dockerfile-multigres --target variant-orioledb-17 -t pg-docker-t
nix run .#docker-image-test -- --no-build --target variant-orioledb-17 Dockerfile-multigres
```

### Optional: install nix
### Install nix

## Install Nix (Fresh Installation)

We'll use the official Nix installer with a custom configuration that includes our build caches and settings. This works on many platforms, including **aarch64 Linux**, **x86_64 Linux**, and **macOS**.

### Step 1: Create nix.conf
### Step 1: Create nix.conf.extra

First, create a file named `nix.conf` with the following content:
First, create a file named `nix.conf.extra` with the following content:

```
allowed-users = *
always-allow-substitutes = true
auto-optimise-store = false
build-users-group = nixbld
builders-use-substitutes = true
cores = 0
experimental-features = nix-command flakes
max-jobs = auto
netrc-file =
require-sigs = true
substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com https://postgrest.cachix.org https://cache.nixos.org/
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= postgrest.cachix.org-1:icgW4R15fz1+LqvhPjt4EnX/r19AaqxiVV+1olwlZtI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
trusted-substituters =
trusted-users = YOUR_USERNAME root
extra-sandbox-paths =
extra-substituters =
```
trusted-substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com https://postgrest.cachix.org https://cache.nixos.org/
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= postgrest.cachix.org-1:icgW4R15fz1+LqvhPjt4EnX/r19AaqxiVV+1olwlZtI=
```

> [!CAUTION]
> DO NOT add anyone to `trusted-users` in `/etc/nix/nix.conf` as it [grants root without password](https://nix.dev/manual/nix/stable/command-ref/conf-file.html#conf-trusted-users). Instead, add the binary cache to `trusted-substituters` and `trusted-public-keys` and accept the flake config to use it.

**Important**: Replace `YOUR_USERNAME` with your actual username in the `trusted-users` line.
Read about the binary cache in [/nix/docs/nix-cache.md](/nix/docs/nix-cache.md).

### Step 2: Install Nix 2.34.6

Run the following command to install Nix 2.34.6 (the version used in CI) with the custom configuration:

```bash
curl -L https://releases.nixos.org/nix/nix-2.34.6/install | sh -s -- --daemon --yes --nix-extra-conf-file ./nix.conf
curl -L https://releases.nixos.org/nix/nix-2.34.6/install | sh -s -- --daemon --yes --nix-extra-conf-file ./nix.conf.extra
```

This will install Nix with our build caches pre-configured, which should eliminate substituter-related errors.
Expand All @@ -134,7 +124,7 @@ nix (Nix) 2.34.6

### Test only (image already built)


When prompted, accept the `substituters` setting.

```bash
nix run .#docker-image-test -- --no-build --target variant-17 Dockerfile-multigres
Expand Down Expand Up @@ -237,4 +227,4 @@ postgres_release:
postgres17: "17.6.1.097"
postgres15: "15.14.1.097"    
```
Then you can push the changes if the images pass those tests
Then you can push the changes if the images pass those tests
3 changes: 0 additions & 3 deletions flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,6 @@
description = "Prototype tooling for deploying PostgreSQL";
nixConfig = {
extra-substituters = [ "https://nix-postgres-artifacts.s3.amazonaws.com" ];
extra-trusted-public-keys = [
"nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI="
];
};
inputs = {
devshell.url = "github:numtide/devshell";
Expand Down
52 changes: 52 additions & 0 deletions nix/docs/nix-cache.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Using the Nix binary cache

If you don't use the binary cache, it might take hours to build stuff you could just download, already built by CI.

## Nix without NixOS or nix-darwin

You need to edit this file:

```text
/etc/nix/nix.conf
```

Add or merge this config:

```conf
trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=
trusted-substituters = https://nix-postgres-artifacts.s3.amazonaws.com https://postgrest.cachix.org
```

> [!CAUTION]
> DO NOT add anyone to `trusted-users` in `/etc/nix/nix.conf` as it [grants root without password](https://nix.dev/manual/nix/stable/command-ref/conf-file.html#conf-trusted-users). Instead, add the binary cache to `trusted-substituters` and `trusted-public-keys` and accept the flake config to use the cache.

Restart the nix daemon to load the new config:

**On macOS:**
```bash
sudo launchctl stop org.nixos.nix-daemon
sudo launchctl start org.nixos.nix-daemon
```

**On Linux (systemd):**
```bash
sudo systemctl restart nix-daemon
```

## NixOS or nix-darwin

Add this to your system configuration:

```nix
{
nix.settings.trusted-substituters = [
"https://nix-postgres-artifacts.s3.amazonaws.com"
"https://postgrest.cachix.org"
];

nix.settings.trusted-public-keys = [
"nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI="
"postgrest.cachix.org-1:icgW4R15fz1+LqvhPjt4EnX/r19AaqxiVV+1olwlZtI="
];
}
```
32 changes: 10 additions & 22 deletions nix/docs/start-here.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,24 +14,18 @@ If you already have the official Nix installer (not Determinate Systems) install

### Step 1: Edit /etc/nix/nix.conf

Add or update the following configuration in `/etc/nix/nix.conf`:
Extend the following configuration in `/etc/nix/nix.conf`:

```
allowed-users = *
always-allow-substitutes = true
auto-optimise-store = false
build-users-group = nixbld
builders-use-substitutes = true
cores = 0
experimental-features = nix-command flakes
max-jobs = auto
require-sigs = true
substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com https://postgrest.cachix.org https://cache.nixos.org/
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= postgrest.cachix.org-1:icgW4R15fz1+LqvhPjt4EnX/r19AaqxiVV+1olwlZtI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
trusted-users = YOUR_USERNAME root
```

**Important**: Replace `YOUR_USERNAME` with your actual username in the `trusted-users` line.
> [!CAUTION]
> DO NOT add anyone to `trusted-users` in `/etc/nix/nix.conf` as it [grants root without password](https://nix.dev/manual/nix/stable/command-ref/conf-file.html#conf-trusted-users). Instead, add the binary cache to `trusted-substituters` and `trusted-public-keys` and accept the flake config to use the cache.

Read about the binary cache in [/nix/docs/nix-cache.md](/nix/docs/nix-cache.md).

### Step 2: Restart the Nix Daemon

Expand All @@ -56,24 +50,18 @@ We'll use the official Nix installer with a custom configuration that includes o

### Step 1: Create nix.conf

First, create a file named `nix.conf` with the following content:
First, create a file named `nix.conf.extra` with the following content:

```
allowed-users = *
always-allow-substitutes = true
auto-optimise-store = false
build-users-group = nixbld
builders-use-substitutes = true
cores = 0
experimental-features = nix-command flakes
max-jobs = auto
require-sigs = true
substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com https://postgrest.cachix.org https://cache.nixos.org/
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= postgrest.cachix.org-1:icgW4R15fz1+LqvhPjt4EnX/r19AaqxiVV+1olwlZtI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
trusted-users = YOUR_USERNAME root
```

**Important**: Replace `YOUR_USERNAME` with your actual username in the `trusted-users` line.
> [!CAUTION]
> DO NOT add anyone to `trusted-users` in `/etc/nix/nix.conf` as it [grants root without password](https://nix.dev/manual/nix/stable/command-ref/conf-file.html#conf-trusted-users). Instead, add the binary cache to `trusted-substituters` and `trusted-public-keys` and accept the flake config to use the cache.

Read about the binary cache in [/nix/docs/nix-cache.md](/nix/docs/nix-cache.md).

### Step 2: Install Nix 2.34.6

Expand Down
3 changes: 0 additions & 3 deletions nix/hosts/darwin-nixostest/darwin-configuration.nix
Original file line number Diff line number Diff line change
Expand Up @@ -73,11 +73,8 @@ in
"nix-command"
"flakes"
];
always-allow-substitutes = true;
max-jobs = "auto";
trusted-users = [ "@admin" ];
extra-substituters = [ "https://nix-postgres-artifacts.s3.amazonaws.com" ];
extra-trusted-substituters = [ "https://nix-postgres-artifacts.s3.amazonaws.com" ];
extra-trusted-public-keys = [
"nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI="
];
Expand Down
Loading