error running `nix run .#start-server`

[AntonOfTheWoods]

Bug report

• [ x] I confirm this is a bug with Supabase, not with my own application.
• [ x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

[anton@nixos:~/dev/tmp/supabase-postgres]$ nix run .#start-server 15
warning: Git tree '/home/anton/dev/tmp/supabase-postgres' is dirty
Starting server for PSQL 15
NOTE: using port 5435 for server
NOTE: using temporary directory /tmp/tmp.YbX8vRVgc3 for data, which will not be removed
NOTE: you are free to re-use this data directory at will
The files belonging to this database system will be owned by user "anton".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /tmp/tmp.YbX8vRVgc3 ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Asia/Shanghai
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok

initdb: warning: enabling "trust" authentication for local connections
initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.

Success. You can now start the database server using:

    /nix/store/8v205dy61nhwv6dgzj7nbciliv7li5dd-postgresql-and-plugins-15.8/bin/pg_ctl -D /tmp/tmp.YbX8vRVgc3 -l logfile start

NOTE: patching postgresql.conf files
 2024-11-21 07:40:31.352 UTC [114521] LOG:  pgaudit extension initialized
sh: line 1: /nix/store/hvmszwiww333j15q0arq7nnwm54xp6am-pgsodium_getkey.sh: cannot execute: required file not found
 2024-11-21 07:40:31.358 UTC [114521] FATAL:  invalid secret key
 2024-11-21 07:40:31.358 UTC [114521] LOG:  database system is shut down

The build instructions seem to no longer allow running a server. Building seems to work fine (nix build .#psql_???/bin all work fine).

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

1. Setup nix
2. Setup direnv
3. nix build .#psql_15/bin
4. nix run .#start-server 15

Expected behavior

A running pg server

System information

• OS: nixos 24.11

Additional context

/nix/store/hvmszwiww333j15q0arq7nnwm54xp6am-pgsodium_getkey.sh exists and has the contents:

#!/bin/bash

set -euo pipefail

KEY_FILE="${1:-/tmp/pgsodium.key}"

if [[ ! -f "${KEY_FILE}" ]]; then
    head -c 32 /dev/urandom | od -A n -t x1 | tr -d ' \n' > "${KEY_FILE}"
fi
cat $KEY_FILE

So I'm not sure what's going on.

[samrose]

@AntonOfTheWoods thank you for reporting this issue.

what is the git commit hash you are working with on the above issue?

Can you please try to run this command?:

nix run github:supabase/postgres#start-server -- 15 which will run this from the latest develop branch tip. If this works, it will be good to know what git commit you were trying this on above.

We have not tested this on nixos or with direnv yet, and we don't use either of those in our day to day work (if the docs mention direnv, we'll be updating those very soon to remove this). Although theoretically these commands should work on nixos and with direnv. But I wanted to at least mention those are not things that anyone has tested and confirmed working yet with the start-server app we have built into supabase/postgres.

[AntonOfTheWoods]

[anton@nixos:~/tmp/yoyo]$ nix run github:supabase/postgres#start-server -- 15
Starting server for PSQL 15
NOTE: using port 5435 for server
NOTE: using temporary directory /tmp/tmp.mRabkQ7Neu for data, which will not be removed
NOTE: you are free to re-use this data directory at will
The files belonging to this database system will be owned by user "anton".
This user must also own the server process.

The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".

Data page checksums are disabled.

fixing permissions on existing directory /tmp/tmp.mRabkQ7Neu ... ok
creating subdirectories ... ok
selecting dynamic shared memory implementation ... posix
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting default time zone ... Asia/Shanghai
creating configuration files ... ok
running bootstrap script ... ok
performing post-bootstrap initialization ... ok
syncing data to disk ... ok

initdb: warning: enabling "trust" authentication for local connections
initdb: hint: You can change this by editing pg_hba.conf or using the option -A, or --auth-local and --auth-host, the next time you run initdb.

Success. You can now start the database server using:

    /nix/store/5ra9v1fh5s6kq5sxqkzq7czkcib14ibs-postgresql-and-plugins-15.8/bin/pg_ctl -D /tmp/tmp.mRabkQ7Neu -l logfile start

NOTE: patching postgresql.conf files
 2024-12-03 13:57:10.312 UTC [162996] LOG:  pgaudit extension initialized
sh: line 1: /nix/store/hvmszwiww333j15q0arq7nnwm54xp6am-pgsodium_getkey.sh: cannot execute: required file not found
 2024-12-03 13:57:10.325 UTC [162996] FATAL:  invalid secret key
 2024-12-03 13:57:10.325 UTC [162996] LOG:  database system is shut down

This is the same error I was getting before.

[AntonOfTheWoods]

I just tried in an Ubuntu 24.04 VM but it failed after several hours due to taking up more than the 30-odd GB free space I had. I'll create a bigger VM and try again tomorrow!

[samrose]

@AntonOfTheWoods

If you try it on Ubuntu, you can install nix with this

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm \
    --extra-conf "substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com" \
    --extra-conf "trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="

This will use our binary cache, and generally will avoid building from source for the postgres distribution. The build should then download and run fairly quickly.

We don't have a cached version of a build on nixos, but I am running the nix run github:supabase/postgres/sam/nixos-start-server#start-server -- 15 command on an instance of nixos 24.11 right now, and letting it go through the build to see if my changes on that branch will both continue to work on non-nixos and build and run on nixos.

The changes I made were d09b263 which should end up being more compatible with nix and nixos uses (waiting for build to finish to find out, but it worked on macos and ubuntu without issue). Even with those changes, we don't have a binary cache for nixos builds.

It would likely be a better approach just to create a nixos module (but even then we would need to build and cache this to prevent source builds).

[AntonOfTheWoods]

Looks good (works on both nixos and the ubuntu 24.04), thanks!

[anton@nixos:~/dev/tmp/supabase-postgres]$ nix run github:supabase/postgres/sam/nixos-start-server#start-server -- 15
...
database system is ready to accept connections

And orioledb-17 also works, which I'll confess was my ultimate goal!

I couldn't find a Dockerfile (or nix config, which I guess is the ultimate goal...) anywhere that allows creating a pg17 docker image. You wouldn't happen to have one of those lying around somewhere? It looks like the directory structure changes a bit for the 17 build, so I'm getting this error when trying to sub orioledb-17 for 15/16 in the Dockerfiles:

 107 |                                                                                                                
 108 | >>> RUN mkdir -p /usr/lib/postgresql/share/postgresql/contrib \                                                                                                                                                                      
 109 | >>>     && find /nix/var/nix/profiles/default/share/postgresql/contrib/ -mindepth 1 -type d -exec sh -c 'for dir do ln -s "$dir" "/usr/lib/postgresql/share/postgresql/contrib/$(basename "$dir")"; done' sh {} + \
 110 | >>>     && chown -R postgres:postgres /usr/lib/postgresql/share/postgresql/contrib/                            
 111 |                                                     
--------------------                                                                                                                                                                                                                        
ERROR: failed to solve: process "/bin/sh -c mkdir -p /usr/lib/postgresql/share/postgresql/contrib     && find /nix/var/nix/profiles/default/share/postgresql/contrib/ -mindepth 1 -type d -exec sh -c 'for dir do ln -s \"$dir\" \"/usr/lib/
postgresql/share/postgresql/contrib/$(basename \"$dir\")\"; done' sh {} +     && chown -R postgres:postgres /usr/lib/postgresql/share/postgresql/contrib/" did not complete successfully: exit code: 1

Which I debugged to find that it's trying to create impossible links, and errors out.

I definitely understand you guys have the "self-hosting you guys get the docker-compose.yaml and that's that" policy but it would be awesome to have a base we could play with... and strenuously never ask for support for :-).

[samrose]

We will get a Dockerfile out. We don't have one immediately. Don't have an exact timetable on it, but I'll message back here when we have it.