--- - name: Setup Supabase, PowerSync, and Docker on Hetzner Server hosts: supabase_servers become: true gather_facts: true vars: supabase_dir: /opt/supabase powersync_dir: /opt/powersync docker_compose_version: "2.21.0" tasks: - name: Update apt cache apt: update_cache: yes cache_valid_time: 3600 - name: Install required system packages apt: name: - apt-transport-https - ca-certificates - curl - gnupg - lsb-release - software-properties-common - git - wget - unzip - htop - vim - ufw state: present - name: Remove any existing Docker repositories file: path: "{{ item }}" state: absent loop: - /etc/apt/sources.list.d/docker.list - /etc/apt/keyrings/docker.gpg - /usr/share/keyrings/docker-archive-keyring.gpg - name: Remove Docker from main sources list lineinfile: path: /etc/apt/sources.list regexp: '.*download\.docker\.com.*' state: absent - name: Create keyrings directory file: path: /etc/apt/keyrings state: directory mode: '0755' - name: Add Docker's official GPG key shell: | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg chmod a+r /etc/apt/keyrings/docker.gpg args: creates: /etc/apt/keyrings/docker.gpg - name: Add Docker repository shell: | echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list - name: Update apt cache after adding Docker repo apt: update_cache: true - name: Install Docker CE apt: name: - docker-ce - docker-ce-cli - containerd.io - docker-buildx-plugin - docker-compose-plugin state: present update_cache: true - name: Start and enable Docker service systemd: name: docker state: started enabled: true - name: Add current user to docker group user: name: "{{ ansible_user }}" groups: docker append: true - name: Create /opt directory if it doesn't exist file: path: /opt state: directory mode: '0755' - name: Clone Supabase repository git: repo: https://github.com/supabase/supabase dest: "{{ supabase_dir }}" depth: 1 force: true - name: Set proper ownership for Supabase directory file: path: "{{ supabase_dir }}" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" recurse: true - name: Install Node.js 18.x repository shell: curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - args: creates: /etc/apt/sources.list.d/nodesource.list - name: Install Node.js apt: name: nodejs state: present update_cache: yes - name: Install Supabase CLI using the official method block: - name: Download Supabase CLI binary get_url: url: "https://github.com/supabase/cli/releases/latest/download/supabase_linux_amd64.tar.gz" dest: /tmp/supabase_cli.tar.gz mode: '0644' - name: Create supabase CLI directory file: path: /usr/local/bin state: directory mode: '0755' - name: Extract Supabase CLI unarchive: src: /tmp/supabase_cli.tar.gz dest: /tmp/ remote_src: true - name: Move supabase binary to PATH copy: src: /tmp/supabase dest: /usr/local/bin/supabase mode: '0755' remote_src: true rescue: - name: Supabase CLI installation failed - continuing without it debug: msg: "Supabase CLI installation failed, but this is optional for Docker-based setup" - name: Create PowerSync directory file: path: "{{ powersync_dir }}" state: directory owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0755' - name: Create PowerSync config file copy: content: | # PowerSync Service Configuration # See: https://docs.powersync.com/installation/self-hosting port: 80 database: type: postgresql uri: postgresql://postgres:your_password@supabase_db:5432/postgres # Add your PowerSync configuration here # This is a basic template - customize according to your needs dest: "{{ powersync_dir }}/config.yaml" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0644' - name: Create PowerSync docker-compose file copy: content: | version: '3.8' services: powersync: image: journeyapps/powersync-service:latest container_name: powersync ports: - "8080:80" environment: - POWERSYNC_CONFIG_B64 restart: unless-stopped volumes: - ./config.yaml:/tmp/config.yaml:ro command: sh -c 'export POWERSYNC_CONFIG_B64=$(base64 -w 0 /tmp/config.yaml) && powersync-service' dest: "{{ powersync_dir }}/docker-compose.yml" owner: "{{ ansible_user }}" group: "{{ ansible_user }}" mode: '0644' - name: Copy Supabase docker-compose.yml to working directory copy: src: "{{ supabase_dir }}/docker/docker-compose.yml" dest: "{{ supabase_dir }}/docker-compose.yml" remote_src: true owner: "{{ ansible_user }}" group: "{{ ansible_user }}" - name: Copy Supabase .env.example to .env copy: src: "{{ supabase_dir }}/docker/.env.example" dest: "{{ supabase_dir }}/.env" remote_src: yes owner: "{{ ansible_user }}" group: "{{ ansible_user }}" force: false - name: Configure UFW firewall ufw: rule: allow port: "{{ item }}" proto: tcp loop: - '22' # SSH - '80' # HTTP - '443' # HTTPS - '3000' # Supabase Studio - '8000' # Supabase API - '5432' # PostgreSQL - '8080' # PowerSync - name: Enable UFW ufw: state: enabled - name: Create systemd service for Supabase template: src: supabase.service.j2 dest: /etc/systemd/system/supabase.service mode: '0644' notify: restart supabase - name: Create systemd service for PowerSync template: src: powersync.service.j2 dest: /etc/systemd/system/powersync.service mode: '0644' notify: restart powersync - name: Reload systemd daemon systemd: daemon_reload: true - name: Start and enable Supabase service systemd: name: supabase state: started enabled: true - name: Display setup information debug: msg: - "Supabase has been installed in {{ supabase_dir }}" - "PowerSync has been installed in {{ powersync_dir }}" - "Supabase Studio will be available at http://{{ ansible_default_ipv4.address }}:3000" - "Supabase API will be available at http://{{ ansible_default_ipv4.address }}:8000" - "PowerSync will be available at http://{{ ansible_default_ipv4.address }}:8080" - "To start Supabase: cd {{ supabase_dir }} && docker compose up -d" - "To start PowerSync: cd {{ powersync_dir }} && docker compose up -d" - "Configuration files:" - " - Supabase: {{ supabase_dir }}/.env" - " - PowerSync: {{ powersync_dir }}/config.yaml" - "IMPORTANT: Update PowerSync config.yaml with your database credentials!" handlers: - name: restart supabase systemd: name: supabase state: restarted - name: restart powersync systemd: name: powersync state: restarted