Self host Supbase service

.gitpod.yml

@@ -9,11 +9,15 @@ tasks:
       eval $(gp env -e API_URL=$(gp url 3000))
       eval $(gp env -e WEB_URL=$(gp url 8000))
       eval $(gp env -e API_HOST=$(gp url 8443))
+      eval $(gp env -e SUPABASE_API=$(gp url 8911))
+      eval $(gp env -e SSO_URL=$(gp url 8081))
       eval $(gp env -e SERVICES="status image auth search posts feed-discovery users redis elasticsearch login firebase")
 
       sed -r \
           -e  "s@(.+=)http://localhost:8000(/[^ ]*)*@\1$WEB_URL\2@g" \
           -e  "s@(.+=)http://localhost:3000(/[^ ]*)*@\1$API_URL\2@g" \
+          -e  "s@(.+=)http://localhost:8911(/[^ ]*)*@\1$SUPABASE_API\2@g" \
+          -e  "s@(.+=)http://localhost:8081(/[^ ]*)*@\1$SSO_URL\2@g" \
           -e  "s@(.+=)http://localhost([^:]*)@\1$API_HOST\2@g" \
           -e  "s@development\.yml@gitpod\.yml@" \
           config/env.development > .env
@@ -43,38 +47,54 @@ tasks:
 # Exposing service ports
 # Overriding the default notification popup when a port is open
 ports:
-  # NextJS frontend
   - port: 8000
+    name: frontend
     visibility: public
     onOpen: open-preview
-  # Web API
   - port: 3000
+    name: web-api
     visibility: public
     onOpen: ignore
-  # Microservice server
   - port: 8443
+    name: micro-services
     visibility: public
     onOpen: ignore
-  #  Redis server
   - port: 6379
+    name: redis
     onOpen: ignore
-  # Elasticsearch server
   - port: 9200
+    name: elasticsearch
     onOpen: ignore
-  # Firebase emulator
   - port: 4000
+    name: firebase
     onOpen: ignore
-  # Firestore emulator
   - port: 8088
+    name: firestore
     onOpen: ignore
-  # Traefik UI
   - port: 8080
+    name: traefik
     onOpen: ignore
-  # Login Page
   - port: 8081
+    name: login
     onOpen: ignore
-  # Static Web Content test
   - port: 8888
+    name: test-web-content
+    onOpen: ignore
+  - port: 7777
+    name: auth
+    onOpen: ignore
+  # Supabase Services
+  - port: 8910
+    name: supabase-studio
+    onOpen: notify
+  - port: 8911
+    name: kong-http
+    onOpen: ignore
+  - port: 8912
+    name: kong-https
+    onOpen: ignore
+  - port: 8913
+    name: postgresql
     onOpen: ignore
 
 github:

config/env.development

@@ -76,7 +76,7 @@ SECRET=secret-sauce
 [email protected]
 
 # Origins of web apps that we'll allow for redirects. See src/api/auth/test
-ALLOWED_APP_ORIGINS=http://localhost:8000 http://localhost:8888
+ALLOWED_APP_ORIGINS=http://localhost:8000 http://localhost:8888 https://*.gitpod.io
 
 # The URI of the auth server
 JWT_ISSUER=http://localhost/v1/auth
@@ -87,6 +87,14 @@ JWT_AUDIENCE=http://localhost
 # How long should a JWT work before it expires
 JWT_EXPIRES_IN=1h
 
+# Example Supabase secrets for development
+# NOT INTENDED FOR PRODUCTION
+
+# Supabase connection https://supabase.com/docs/guides/database/connecting-to-postgres
+SUPABASE_API_URL=http://localhost:8911
+# Admin key, able to bypass security rules
+SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q
+
 
 ################################################################################
 # Image Service

config/env.production

@@ -88,6 +88,10 @@ JWT_AUDIENCE=https://api.telescope.cdot.systems
 # How long should a JWT work before it expires
 JWT_EXPIRES_IN=1h
 
+# Supabase connection https://supabase.com/docs/guides/database/connecting-to-postgres
+SUPABASE_API_URL=
+# Secret admin key, can bypass security rules
+SERVICE_ROLE_KEY=
 
 ################################################################################
 # Image Service

config/env.staging

@@ -90,6 +90,11 @@ JWT_AUDIENCE=https://dev.api.telescope.cdot.systems
 # How long should a JWT work before it expires
 JWT_EXPIRES_IN=1h
 
+# Supabase connection https://supabase.com/docs/guides/database/connecting-to-postgres
+SUPABASE_API_URL=
+# Secret admin key, can bypass security rules
+SERVICE_ROLE_KEY=
+
 
 ################################################################################
 # Image Service

docker/docker-compose.yml

@@ -86,6 +86,8 @@ services:
       - ADMINISTRATORS
       - ALLOWED_APP_ORIGINS
       - JWT_EXPIRES_IN
+      - SERVICE_ROLE_KEY
+      - SUPABASE_API_URL
       - USERS_URL
       # Satellite authentication/authorization support
       - JWT_ISSUER