postgres icon indicating copy to clipboard operation
postgres copied to clipboard
verified publisher icon supabase

feat(ansible): add pgBackRest tasks and configurations

Open jchancojr opened this issue 3 months ago • 1 comments

What kind of change does this PR introduce?

Feature- pgBackRest backup solution

What is the current behavior?

pgBackRest tasks and configs are absent

What is the new behavior?

pgBackRest tasks and configs are missing are present

Additional context

NA

jchancojr avatar Oct 29 '25 18:10 jchancojr

Tested local infra with workflow ami: ✅ pause ✅ resume ✅ upgrades

jchancojr avatar Nov 25 '25 19:11 jchancojr

Walkthrough

Adds pgBackRest support: five new configuration files, an Ansible playbook task to install pgBackRest, and a comprehensive setup task that creates system user/group, configures sudoers, installs binaries (nix), provisions directories and configs, and adds a wrapper script.

Changes

Cohort / File(s) Summary
pgBackRest configuration files
ansible/files/pgbackrest_config/computed_globals.conf, ansible/files/pgbackrest_config/pgbackrest.conf, ansible/files/pgbackrest_config/repo1.conf, ansible/files/pgbackrest_config/repo1_async.conf, ansible/files/pgbackrest_config/repo1_encrypted.conf		 Added five static configuration files: global and archive sections (mostly commented defaults), a global pgbackrest.conf with archive/log/performance settings and a [supabase] DB section, repo1 repository settings (S3-related and retention), an async placeholder, and an encrypted-repo placeholder with cipher type.
Playbook integration
ansible/playbook.yml		 Inserted an "Install pgBackRest" import task that runs tasks/setup-pgbackrest.yml conditioned on debpkg_mode or nixpkg_mode or stage2_nix, positioned between WAL-G and Gotrue tasks.
pgBackRest setup tasks
ansible/tasks/setup-pgbackrest.yml		 New task sequence to create pgbackrest group/user (conditional), configure sudoers with validated visudo edits, install pgBackRest via nix profile (when stage2_nix), create directories with correct ownership and permissions, deploy config files under /etc/pgbackrest, symlink /etc/pgbackrest/pgbackrest.conf/etc/pgbackrest.conf, and add a /usr/bin/pgbackrest wrapper script to sanitize arguments and run the real binary.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Maintainer as Ansible (playbook)
    participant Host as System
    participant FS as Filesystem (/etc, /var, /home)
    participant Sudo as sudoers
    participant PKG as nix profile / pkg manager
    participant Binary as pgbackrest binary

    note over Maintainer,Host: setup-pgbackrest.yml runs (conditional)
    Maintainer->>Host: create group `pgbackrest` (nixpkg_mode)
    Maintainer->>Host: create user `pgbackrest` (nixpkg_mode)
    Maintainer->>Sudo: add sudoers lines + validate with visudo
    Maintainer->>PKG: install pgbackrest into profile (stage2_nix)
    PKG->>Host: place binaries
    Maintainer->>FS: create directories (/var/lib/pgbackrest, /etc/pgbackrest) with ownership
    Maintainer->>FS: deploy config files to /etc/pgbackrest
    Maintainer->>FS: create symlink /etc/pgbackrest.conf -> /etc/pgbackrest/pgbackrest.conf
    Maintainer->>FS: install wrapper `/usr/bin/pgbackrest`
    note over Binary,Host: wrapper sanitizes args and execs binary as `pgbackrest` user

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20–25 minutes

  • Review sudoers edits and visudo validation in ansible/tasks/setup-pgbackrest.yml
  • Inspect wrapper script (/usr/bin/pgbackrest) argument sanitization for injection risks
  • Verify ownership, permissions, and symlink behavior for /etc/pgbackrest* and backup dirs
  • Confirm conditional logic for nixpkg_mode, debpkg_mode, and stage2_nix covers intended environments

Poem

🐰
Hops and scripts in tidy rows,
Configs planted where backup grows,
A wrapper hops to guard the gate,
Sudo lines and dirs in state,
Rabbit cheers—safe snapshots well-composed.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and specifically describes the main change: adding pgBackRest-related tasks and configuration files to the Ansible setup.
Description check ✅ Passed The description covers the change type (feature), current behavior, and new behavior, though it contains a typo and lacks specific technical details about implementation.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • [ ] Create PR with unit tests
  • [ ] Post copyable unit tests in a comment
  • [ ] Commit unit tests in branch PSQL-773
📜 Recent review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 478e19f91dae02a3c1cde208bead9d70ca6ecc0a and b0c82e2a315effe60dc50b997a5e6362f5e451cb.

📒 Files selected for processing (1)
  • ansible/tasks/setup-pgbackrest.yml (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • ansible/tasks/setup-pgbackrest.yml
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: run-tests / prepare
  • GitHub Check: run-testinfra / prepare

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot] avatar Dec 18 '25 14:12 coderabbitai[bot]