supabase-cloud-automation/ansible/playbook.yml

---
- name: Setup Supabase, PowerSync, and Docker on Hetzner Server
  hosts: supabase_servers
  become: true
  gather_facts: true
  vars:
    supabase_dir: /opt/supabase
    powersync_dir: /opt/powersync
    docker_compose_version: "2.21.0"

  tasks:
    - name: Update apt cache
      apt:
        update_cache: yes
        cache_valid_time: 3600

    - name: Install required system packages
      apt:
        name:
          - apt-transport-https
          - ca-certificates
          - curl
          - gnupg
          - lsb-release
          - software-properties-common
          - git
          - wget
          - unzip
          - htop
          - vim
          - ufw
        state: present

    - name: Add Docker's official GPG key
      apt_key:
        url: https://download.docker.com/linux/ubuntu/gpg
        state: present

    - name: Add Docker repository
      apt_repository:
        repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
        state: present

    - name: Install Docker CE
      apt:
        name:
          - docker-ce
          - docker-ce-cli
          - containerd.io
          - docker-buildx-plugin
          - docker-compose-plugin
        state: present
        update_cache: yes

    - name: Start and enable Docker service
      systemd:
        name: docker
        state: started
        enabled: yes

    - name: Add current user to docker group
      user:
        name: "{{ ansible_user }}"
        groups: docker
        append: yes

    - name: Create /opt directory if it doesn't exist
      file:
        path: /opt
        state: directory
        mode: '0755'

    - name: Clone Supabase repository
      git:
        repo: https://github.com/supabase/supabase
        dest: "{{ supabase_dir }}"
        depth: 1
        force: yes

    - name: Set proper ownership for Supabase directory
      file:
        path: "{{ supabase_dir }}"
        owner: "{{ ansible_user }}"
        group: "{{ ansible_user }}"
        recurse: yes

    - name: Install Node.js 18.x repository
      shell: curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
      args:
        creates: /etc/apt/sources.list.d/nodesource.list

    - name: Install Node.js
      apt:
        name: nodejs
        state: present
        update_cache: yes

    - name: Install Supabase CLI
      npm:
        name: supabase
        global: yes
        state: present

    - name: Create PowerSync directory
      file:
        path: "{{ powersync_dir }}"
        state: directory
        owner: "{{ ansible_user }}"
        group: "{{ ansible_user }}"
        mode: '0755'

    - name: Download PowerSync Server
      get_url:
        url: https://github.com/powersync-ja/powersync-service/releases/latest/download/powersync-server-linux-amd64.tar.gz
        dest: /tmp/powersync-server.tar.gz
        mode: '0644'

    - name: Extract PowerSync Server
      unarchive:
        src: /tmp/powersync-server.tar.gz
        dest: "{{ powersync_dir }}"
        remote_src: yes
        owner: "{{ ansible_user }}"
        group: "{{ ansible_user }}"

    - name: Copy Supabase docker-compose.yml to working directory
      copy:
        src: "{{ supabase_dir }}/docker/docker-compose.yml"
        dest: "{{ supabase_dir }}/docker-compose.yml"
        remote_src: yes
        owner: "{{ ansible_user }}"
        group: "{{ ansible_user }}"

    - name: Copy Supabase .env.example to .env
      copy:
        src: "{{ supabase_dir }}/docker/.env.example"
        dest: "{{ supabase_dir }}/.env"
        remote_src: yes
        owner: "{{ ansible_user }}"
        group: "{{ ansible_user }}"
        force: no

    - name: Configure UFW firewall
      ufw:
        rule: allow
        port: "{{ item }}"
        proto: tcp
      loop:
        - '22'    # SSH
        - '80'    # HTTP
        - '443'   # HTTPS
        - '3000'  # Supabase Studio
        - '8000'  # Supabase API
        - '5432'  # PostgreSQL
        - '8080'  # PowerSync

    - name: Enable UFW
      ufw:
        state: enabled

    - name: Create systemd service for Supabase
      template:
        src: supabase.service.j2
        dest: /etc/systemd/system/supabase.service
        mode: '0644'
      notify: restart supabase

    - name: Create systemd service for PowerSync
      template:
        src: powersync.service.j2
        dest: /etc/systemd/system/powersync.service
        mode: '0644'
      notify: restart powersync

    - name: Reload systemd daemon
      systemd:
        daemon_reload: yes

    - name: Start and enable Supabase service
      systemd:
        name: supabase
        state: started
        enabled: yes

    - name: Display setup information
      debug:
        msg:
          - "Supabase has been installed in {{ supabase_dir }}"
          - "PowerSync has been installed in {{ powersync_dir }}"
          - "Supabase Studio will be available at http://{{ ansible_default_ipv4.address }}:3000"
          - "Supabase API will be available at http://{{ ansible_default_ipv4.address }}:8000"
          - "To start Supabase: cd {{ supabase_dir }} && docker compose up -d"
          - "Configuration file: {{ supabase_dir }}/.env"

  handlers:
    - name: restart supabase
      systemd:
        name: supabase
        state: restarted

    - name: restart powersync
      systemd:
        name: powersync
        state: restarted