{"id":15187210,"url":"https://github.com/vonng/pigsty","last_synced_at":"2025-03-19T12:20:18.615Z","repository":{"id":37240793,"uuid":"268680961","full_name":"Vonng/pigsty","owner":"Vonng","description":"Free RDS for PostgreSQL —— Pigsty","archived":false,"fork":false,"pushed_at":"2025-03-17T08:20:29.000Z","size":31742,"stargazers_count":3767,"open_issues_count":23,"forks_count":278,"subscribers_count":49,"default_branch":"main","last_synced_at":"2025-03-19T06:49:23.718Z","etag":null,"topics":["graphics","infra","postgres","service","toolbox","yours"],"latest_commit_sha":null,"homepage":"https://pigsty.io","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Vonng.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-06-02T02:22:09.000Z","updated_at":"2025-03-18T18:42:21.000Z","dependencies_parsed_at":"2023-10-17T07:54:12.912Z","dependency_job_id":"2cd94201-40f5-41bc-9632-42136ffa0314","html_url":"https://github.com/Vonng/pigsty","commit_stats":{"total_commits":2513,"total_committers":17,"mean_commits":147.8235294117647,"dds":"0.16792678074015122","last_synced_commit":"fe02696559a5cb977036b4ecbfc544bbdd17802b"},"previous_names":[],"tags_count":77,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vonng%2Fpigsty","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vonng%2Fpigsty/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vonng%2Fpigsty/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Vonng%2Fpigsty/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Vonng","download_url":"https://codeload.github.com/Vonng/pigsty/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244422591,"owners_count":20450239,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["graphics","infra","postgres","service","toolbox","yours"],"created_at":"2024-09-27T18:04:25.025Z","updated_at":"2025-03-19T12:20:18.581Z","avatar_url":"https://github.com/Vonng.png","language":"Shell","readme":"# Pigsty\n\n[![Webite: pigsty.io](https://img.shields.io/badge/website-pigsty.io-slategray?style=flat\u0026logo=cilium\u0026logoColor=white)](https://pigsty.io)\n[![Docs](https://img.shields.io/badge/docs-slategray?style=flat\u0026logo=cilium\u0026logoColor=white)](https://pigsty.io/docs)\n[![Version: v3.3.0](https://img.shields.io/badge/version-v3.3.0-slategray?style=flat\u0026logo=cilium\u0026logoColor=white)](https://github.com/Vonng/pigsty/releases/tag/v3.3.0)\n[![License: AGPLv3](https://img.shields.io/github/license/Vonng/pigsty?logo=opensourceinitiative\u0026logoColor=green\u0026color=slategray)](https://pigsty.io/docs/about/license/)\n[![GitHub Stars](https://img.shields.io/github/stars/Vonng/pigsty?style=flat\u0026logo=github\u0026logoColor=black\u0026color=slategray)](https://star-history.com/#Vonng/pigsty\u0026Date)\n[![Extensions: 404](https://img.shields.io/badge/extensions-404-%233E668F?style=flat\u0026logo=postgresql\u0026logoColor=white\u0026labelColor=3E668F)](https://pigsty.io/ext/list)\n\nBattery-Included, Local-First **PostgreSQL** Distribution as a Free \u0026 Better **RDS** Alternative!\n\n\u003e \"**P**ostgreSQL **I**n **G**reat **STY**le\": **P**ostgres, **I**nfras, **G**raphics, **S**ervice, **T**oolbox, it's all **Y**ours.\n\n[Website](https://pigsty.io/) | [Docs](https://pigsty.io/docs/) | [Extensions](https://pigsty.io/ext/) | [Demo](https://demo.pigsty.cc) | [Blog](https://pigsty.io/blog) | [Discuss](https://github.com/Vonng/pigsty/discussions) | [Support](https://pigsty.io/price) | [Extension](https://pigsty.io/about/ext) | [中文站](https://pigsty.cc) | [博客](https://pigsty.cc/blog)\n\n[**Get Started**](https://pigsty.io/docs/setup/install/) with the latest [**v3.3.0**](https://github.com/Vonng/pigsty/releases/tag/v3.3.0): `curl -fsSL https://repo.pigsty.io/get`\n\n[![pigsty-desc](https://pigsty.io/img/pigsty/banner.en.jpg)](https://pigsty.io)\n\n\n--------\n\n## Features\n\n- [**Extensible**](https://pigsty.io/img/pigsty/extension.png): **404** [**PG Extensions**](https://pigsty.io/ext/list) \u0026 **6** [**PG Kernel**](https://pigsty.io/docs/kernel) replacements available (e.g., [**MSSQL**](https://pigsty.io/docs/kernel/babelfish/), [**Oracle**](https://pigsty.io/docs/kernel/ivorysql/) compatibility).\n- [**Reliable**](https://pigsty.io/img/pigsty/arch.jpg): Self-healing [**HA**](https://pigsty.io/docs/concept/ha/) clusters with pre-configured [**PITR**](https://pigsty.io/docs/pgsql/arch#point-in-time-recovery) and built-in [**ACL**](https://pigsty.io/docs/pgsql/acl), [**CA \u0026 SSL**](https://pigsty.io/docs/reference/param/#ca) secure best practice.\n- [**Observable**](https://pigsty.io/img/pigsty/dashboard.jpg): SOTA monitoring for [**PG**](https://demo.pigsty.cc/d/pgrds-instance/pgrds-instance) / [**Infra**](https://pigsty.io/docs/infra) / [**Node**](https://pigsty.io/docs/node) based on **Prometheus** \u0026 **Grafana** stack: [**Demo**](https://demo.pigsty.cc) \u0026 [**Gallery**](https://github.com/Vonng/pigsty/wiki/Gallery).\n- [**Available**](https://pigsty.io/img/pigsty/ha.png): Auto-routed \u0026 pooled customizable database [**Services**](https://pigsty.io/docs/concept/svc#default-service) [**Access**](https://pigsty.io/docs/concept/svc#access-service) with **haproxy**, **pgbouncer**, and **VIP**.\n- [**Maintainable**](https://pigsty.io/img/pigsty/iac.jpg): [**One-Cmd Install**](https://pigsty.io/docs/setup/install), [**Admin SOP**](https://pigsty.io/docs/pgsql/admin), **Auto-Tune**, **Local Repo**, [**IaC**](https://pigsty.io/docs/pgsql/config) and [**Vagrant**](https://pigsty.io/docs/setup/provision#vagrant) / [**Terraform**](https://pigsty.io/docs/setup/provision#terraform) support.\n- [**Composable**](https://pigsty.io/img/pigsty/sandbox.jpg): Bonus [**Modules**](https://pigsty.io/docs/about/modules) such as [**Redis**](https://pigsty.io/docs/redis), [**MinIO**](https://pigsty.io/docs/minio), [**Etcd**](https://pigsty.io/docs/etcd), [**Docker**](https://pigsty.io/docs/app), [**DuckDB**](https://pigsty.io/docs/pro/duckdb), [**FerretDB**](https://pigsty.io/docs/ferret), [**Supabase**](https://pigsty.io/docs/kernel/supabase/), [**\u0026 More**](https://pigsty.io/docs/pro/)!\n\n### Advantages\n\n- **Unparalleled Extension**: [**404**](https://pigsty.io/ext/list) PostgreSQL extensions available in addition to the official **PGDG** repo.\n- **Stunning Observability**: Ultimate experience with **3000+** metrics visualized in **30+** organized dashboards.\n- **Reliable Best Practices**: Proven \u0026 Polished in large-scale production environment (**25K** vCPU) for **6** years+.\n- **NO Docker/Kubernetes**: We choose the hard way to deliver RDS based on bare OS **WITHOUT** [**Containers**](https://pigsty.io/blog/db/db-in-k8s/)!\n- **Infrastructure as Code**: Describe everything with declarative API and provision with idempotent playbooks!\n- **Free OSS \u0026 Local-First**: Pigsty is a free software under [**AGPLv3**](https://pigsty.io/docs/about/license/). Build for PostgreSQL with passion \u0026 love.\n\n### Benefits\n\n- **Full Control**: Unleash the full power of PostgreSQL with 404+ extensions, and gain full control of your data!\n- **Rest Assured**: Self-healing HA from hardware failures and Point-In-Time-Recovery from human error \u0026 bugs!\n- **Keen Insight**: You can't manage what you can't measure. Gain penetrating insight through all-seeing panels!\n- **Self-Reliant**: Self-serving enterprise RDS service with all its dependencies in the absence of a dedicated DBA!\n- **Anti-Entropy**: Describe everything in code, minimize complexity with IaC \u0026 SOP, Administration with GitOps!\n- **Get more, Pay less**: No vendor lock-in, Run your own RDS to reclaim 90%+ hardware bonus from the Cloud!\n\n[![landscape](https://pigsty.io/img/pigsty/ecosystem.jpg)](https://pigsty.io/ext/list)\n\n\n----------------\n\n## Get Started\n\n[![Postgres: 17.4](https://img.shields.io/badge/PostgreSQL-17.2-%233E668F?style=flat\u0026logo=postgresql\u0026labelColor=3E668F\u0026logoColor=white)](https://pigsty.io/docs/pgsql)\n[![Linux](https://img.shields.io/badge/Linux-AMD64-%23FCC624?style=flat\u0026logo=linux\u0026labelColor=FCC624\u0026logoColor=black)](https://pigsty.io/docs/node)\n[![Linux](https://img.shields.io/badge/Linux-ARM64-%23FCC624?style=flat\u0026logo=linux\u0026labelColor=FCC624\u0026logoColor=black)](https://pigsty.io/docs/node)\n[![EL Support: 8/9](https://img.shields.io/badge/EL-7/8/9-red?style=flat\u0026logo=redhat\u0026logoColor=red)](https://pigsty.io/ext/list/rpm)\n[![Debian Support: 12](https://img.shields.io/badge/Debian-11/12-%23A81D33?style=flat\u0026logo=debian\u0026logoColor=%23A81D33)](https://pigsty.io/ext/list/deb)\n[![Ubuntu Support: 22/24](https://img.shields.io/badge/Ubuntu-20/22/24-%23E95420?style=flat\u0026logo=ubuntu\u0026logoColor=%23E95420)](https://pigsty.io/ext/list/deb)\n\n[**Prepare**](https://pigsty.io/docs/setup/prepare/) a fresh `x86_64` / `aarch64` node runs any [**compatible**](#compatibility) **Linux** OS Distros, then [**Download**](https://pigsty.io/docs/setup/install/) **Pigsty** with:\n\n```bash\ncurl -fsSL https://repo.pigsty.io/get | bash; cd ~/pigsty;\n```\n\nNext, [**bootstrap**](https://pigsty.io/docs/setup/offline/#bootstrap), [**configure**](https://pigsty.io/docs/setup/install#configure), and run the [**`install.yml`**](https://pigsty.io/docs/setup/install#install) playbook with an [**admin user**](https://pigsty.io/docs/setup/prepare/#admin-user) (**nopass** `ssh` \u0026 `sudo`):\n\n```bash\n./bootstrap; ./configure; ./install.yml;\n```\n\nFinally, you will get a pigsty singleton node [**ready**](https://pigsty.io/docs/setup/install/#interface), with Web service on port `80/443` and Postgres on port `5432`.\n\n\u003e Consider [**Slim Installation**](https://pigsty.io/docs/setup/slim/) if you only want essential components for HA PostgreSQL.\n\n\n\u003cdetails\u003e\u003csummary\u003eInstall with the pig cli\u003c/summary\u003e\u003cbr\u003e\n\n```bash\ncurl -fsSL https://repo.pigsty.io/pig | bash\ncurl -fsSL https://repo.pigsty.cc/pig | bash  # mirror\n```\n\nThen you can launch pigsty with `pig sty` sub command:\n\n```bash\npig sty init     # install embed pigsty to ~/pigsty \npig sty boot     # install ansible and other pre-deps \npig sty conf     # auto-generate pigsty.yml config file\npig sty install  # run the install.yml playbook\n```\n\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003eInstall with get script\u003c/summary\u003e\u003cbr\u003e\n\n```\n$ curl -fsSL https://repo.pigsty.io/get | bash\n[v3.3.0] ===========================================\n$ curl -fsSL https://repo.pigsty.io/get | bash\n[Site] https://pigsty.io\n[Demo] https://demo.pigsty.cc\n[Repo] https://github.com/Vonng/pigsty\n[Docs] https://pigsty.io/docs/setup/install\n[Download] ===========================================\n[ OK ] version = v3.3.0 (from default)\ncurl -fSL https://repo.pigsty.io/src/pigsty-v3.3.0.tgz -o /tmp/pigsty-v3.3.0.tgz\n######################################################################## 100.0%\n[ OK ] md5sums = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  /tmp/pigsty-v3.3.0.tgz\n[Install] ===========================================\n[WARN] os user = root , it's recommended to install as a sudo-able admin\n[ OK ] install = /root/pigsty, from /tmp/pigsty-v3.3.0.tgz\n[TodoList] ===========================================\ncd /root/pigsty\n./bootstrap      # [OPTIONAL] install ansible \u0026 use offline package\n./configure      # [OPTIONAL] preflight-check and config generation\n./install.yml    # install pigsty modules according to your config.\n[Complete] ===========================================\n```\n\n\u003e HINT: To install a specific version, pass the version string as the first parameter:\n\u003e\n\u003e ```bash\n\u003e curl -fsSL https://repo.pigsty.io/get | bash -s v3.3.0\n\u003e ```\n\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\u003csummary\u003eOr clone src with git\u003c/summary\u003e\u003cbr\u003e\n\nYou can also download the pigsty source with `git`, remember to check out a specific version tag, the `main` branch is for development.\n\n```bash\ngit clone https://github.com/Vonng/pigsty; cd pigsty; git checkout v3.3.0\n```\n\n\u003c/details\u003e\n\n\n----------------\n\n**Example: Singleton Installation on RockyLinux 9:**\n\n[![asciicast](https://asciinema.org/a/673459.svg)](https://asciinema.org/a/673459)\n\n\n\n----------------\n\n## Architecture\n\n\nPigsty uses a [**modular**](https://pigsty.io/docs/concept/arch/) design. There are **4** **CORE** [**modules**](https://pigsty.io/docs/about/module/) available by default:\n\n[![PGSQL](https://img.shields.io/badge/PGSQL-%233E668F?style=flat\u0026logo=postgresql\u0026labelColor=3E668F\u0026logoColor=white)](https://pigsty.io/docs/pgsql) Self-healing PostgreSQL HA cluster powered by Patroni, Pgbouncer, PgBackrest \u0026 HAProxy\n\n[![INFRA](https://img.shields.io/badge/INFRA-%23009639?style=flat\u0026logo=nginx\u0026labelColor=009639\u0026logoColor=white)](https://pigsty.io/docs/infra) Nginx, Local Repo, DNSMasq, and the entire Prometheus \u0026 Grafana observability stack.\n\n[![NODE](https://img.shields.io/badge/NODE-%23FCC624?style=flat\u0026logo=linux\u0026labelColor=FCC624\u0026logoColor=black)](https://pigsty.io/docs/node) Init node name, repo, pkg, NTP, ssh, admin, tune, expose services, collect logs \u0026 metrics.\n\n[![ETCD](https://img.shields.io/badge/ETCD-%23419EDA?style=flat\u0026logo=etcd\u0026labelColor=419EDA\u0026logoColor=white)](https://pigsty.io/docs/etcd) Etcd cluster is used as a reliable distributive configuration store by PostgreSQL HA Agents.\n\nYou can compose them freely in a declarative manner. `INFRA` \u0026 `NODE` will suffice for host monitoring.\n`ETCD` and `PGSQL` are used for HA PG clusters; Installing them on multiple nodes automatically forms HA clusters.\n\nThe default [`install.yml`](https://github.com/Vonng/pigsty/blob/main/install.yml) playbook will install `INFRA`, `NODE`, `ETCD` \u0026 `PGSQL` on the current node.\nWhich gives you an out-of-the-box PostgreSQL singleton instance (`admin_ip:5432`) with everything ready.\n\n[![pigsty-arch.jpg](https://pigsty.io/img/pigsty/arch.jpg)](https://pigsty.io/docs/concept/arch/)\n\nThe node can be used as an admin controller to deploy \u0026 monitor more nodes \u0026 clusters. For example, you can install these **4** **OPTIONAL** [extended modules](https://pigsty.io/docs/about/module/#extended-modules) for advanced use cases:\n\n[![MinIO](https://img.shields.io/badge/MINIO-%23C72E49?style=flat\u0026logo=minio\u0026logoColor=white)](https://pigsty.io/docs/etcd) S3-compatible object storage service; used as an optional central backup server for `PGSQL`.\n\n[![Redis](https://img.shields.io/badge/REDIS-%23FF4438?style=flat\u0026logo=redis\u0026logoColor=white)](https://pigsty.io/docs/infra) Deploy Redis servers in standalone master-replica, sentinel, and native cluster mode.\n\n[![Ferret](https://img.shields.io/badge/FERRET-%23042133?style=flat\u0026logo=ferretdb\u0026logoColor=white)](https://pigsty.io/docs/ferret) Native support for FerretDB — adding MongoDB wire protocol compatibility to Postgres!\n\n[![Docker](https://img.shields.io/badge/DOCKER-%232496ED?style=flat\u0026logo=docker\u0026logoColor=white)](https://pigsty.io/docs/docker) Launch optional docker daemons to run other stateless parts besides Pigsty RDS.\n\nOf course, you can deploy different kinds of HA **PostgreSQL** clusters on multiple nodes, as much as you want.\n\n\n----------------\n\n## PostgreSQL RDS\n\nTo deploy an additional 3-node HA Postgres cluster `pg-test`. Add the cluster [**definition**](https://github.com/Vonng/pigsty/blob/main/conf/full.yml#L46) to the [**config inventory**](https://pigsty.io/docs/setup/config/):\n\n```yaml \npg-test:\n  hosts:\n    10.10.10.11: { pg_seq: 1, pg_role: primary }\n    10.10.10.12: { pg_seq: 2, pg_role: replica }\n    10.10.10.13: { pg_seq: 3, pg_role: offline }\n  vars: { pg_cluster: pg-test }\n```\n\nThe default config file is [`pigsty.yml`](https://github.com/Vonng/pigsty/blob/main/pigsty.yml) under pigsty home, add the snippet above to the `all.children.pg-test`,\nThen, create the cluster with built-in playbooks in one command:\n\n```bash\nbin/pgsql-add pg-test   # init pg-test cluster \n```\n\n\u003cdetails\u003e\u003csummary\u003eExample: Complex PostgreSQL Customization\u003c/summary\u003e\u003cbr\u003e\n\nThis config file provides a detailed example of a complex PostgreSQL cluster `pg-meta` with multiple databases, users, and service definition:\n\n```yaml\npg-meta:\n  hosts: { 10.10.10.10: { pg_seq: 1, pg_role: primary , pg_offline_query: true } }\n  vars:\n    pg_cluster: pg-meta\n    pg_databases:                       # define business databases on this cluster, array of database definition\n      - name: meta                      # REQUIRED, `name` is the only mandatory field of a database definition\n        baseline: cmdb.sql              # optional, database sql baseline path, (relative path among ansible search path, e.g files/)\n        pgbouncer: true                 # optional, add this database to pgbouncer database list? true by default\n        schemas: [pigsty]               # optional, additional schemas to be created, array of schema names\n        extensions:                     # optional, additional extensions to be installed: array of `{name[,schema]}`\n          - { name: postgis , schema: public }\n          - { name: timescaledb }\n        comment: pigsty meta database   # optional, comment string for this database\n        owner: postgres                # optional, database owner, postgres by default\n        template: template1            # optional, which template to use, template1 by default\n        encoding: UTF8                 # optional, database encoding, UTF8 by default. (MUST same as template database)\n        locale: C                      # optional, database locale, C by default.  (MUST same as template database)\n        lc_collate: C                  # optional, database collate, C by default. (MUST same as template database)\n        lc_ctype: C                    # optional, database ctype, C by default.   (MUST same as template database)\n        tablespace: pg_default         # optional, default tablespace, 'pg_default' by default.\n        allowconn: true                # optional, allow connection, true by default. false will disable connect at all\n        revokeconn: false              # optional, revoke public connection privilege. false by default. (leave connect with grant option to owner)\n        register_datasource: true      # optional, register this database to grafana datasources? true by default\n        connlimit: -1                  # optional, database connection limit, default -1 disable limit\n        pool_auth_user: dbuser_meta    # optional, all connection to this pgbouncer database will be authenticated by this user\n        pool_mode: transaction         # optional, pgbouncer pool mode at database level, default transaction\n        pool_size: 64                  # optional, pgbouncer pool size at database level, default 64\n        pool_size_reserve: 32          # optional, pgbouncer pool size reserve at database level, default 32\n        pool_size_min: 0               # optional, pgbouncer pool size min at database level, default 0\n        pool_max_db_conn: 100          # optional, max database connections at database level, default 100\n      - { name: grafana  ,owner: dbuser_grafana  ,revokeconn: true ,comment: grafana primary database }\n      - { name: bytebase ,owner: dbuser_bytebase ,revokeconn: true ,comment: bytebase primary database }\n      - { name: kong     ,owner: dbuser_kong     ,revokeconn: true ,comment: kong the api gateway database }\n      - { name: gitea    ,owner: dbuser_gitea    ,revokeconn: true ,comment: gitea meta database }\n      - { name: wiki     ,owner: dbuser_wiki     ,revokeconn: true ,comment: wiki meta database }\n    pg_users:                           # define business users/roles on this cluster, array of user definition\n      - name: dbuser_meta               # REQUIRED, `name` is the only mandatory field of a user definition\n        password: DBUser.Meta           # optional, password, can be a scram-sha-256 hash string or plain text\n        login: true                     # optional, can log in, true by default  (new biz ROLE should be false)\n        superuser: false                # optional, is superuser? false by default\n        createdb: false                 # optional, can create database? false by default\n        createrole: false               # optional, can create role? false by default\n        inherit: true                   # optional, can this role use inherited privileges? true by default\n        replication: false              # optional, can this role do replication? false by default\n        bypassrls: false                # optional, can this role bypass row level security? false by default\n        pgbouncer: true                 # optional, add this user to pgbouncer user-list? false by default (production user should be true explicitly)\n        connlimit: -1                   # optional, user connection limit, default -1 disable limit\n        expire_in: 3650                 # optional, now + n days when this role is expired (OVERWRITE expire_at)\n        expire_at: '2030-12-31'         # optional, YYYY-MM-DD 'timestamp' when this role is expired  (OVERWRITTEN by expire_in)\n        comment: pigsty admin user      # optional, comment string for this user/role\n        roles: [dbrole_admin]           # optional, belonged roles. default roles are: dbrole_{admin,readonly,readwrite,offline}\n        parameters: {}                  # optional, role level parameters with `ALTER ROLE SET`\n        pool_mode: transaction          # optional, pgbouncer pool mode at user level, transaction by default\n        pool_connlimit: -1              # optional, max database connections at user level, default -1 disable limit\n      - {name: dbuser_view     ,password: DBUser.Viewer   ,pgbouncer: true ,roles: [dbrole_readonly], comment: read-only viewer for meta database}\n      - {name: dbuser_grafana  ,password: DBUser.Grafana  ,pgbouncer: true ,roles: [dbrole_admin]    ,comment: admin user for grafana database   }\n      - {name: dbuser_bytebase ,password: DBUser.Bytebase ,pgbouncer: true ,roles: [dbrole_admin]    ,comment: admin user for bytebase database  }\n      - {name: dbuser_kong     ,password: DBUser.Kong     ,pgbouncer: true ,roles: [dbrole_admin]    ,comment: admin user for kong api gateway   }\n      - {name: dbuser_gitea    ,password: DBUser.Gitea    ,pgbouncer: true ,roles: [dbrole_admin]    ,comment: admin user for gitea service      }\n      - {name: dbuser_wiki     ,password: DBUser.Wiki     ,pgbouncer: true ,roles: [dbrole_admin]    ,comment: admin user for wiki.js service    }\n    pg_services:                        # extra services in addition to pg_default_services, array of service definition\n      # standby service will route {ip|name}:5435 to sync replica's pgbouncer (5435-\u003e6432 standby)\n      - name: standby                   # required, service name, the actual svc name will be prefixed with `pg_cluster`, e.g: pg-meta-standby\n        port: 5435                      # required, service exposed port (work as kubernetes service node port mode)\n        ip: \"*\"                         # optional, service bind ip address, `*` for all ip by default\n        selector: \"[]\"                  # required, service member selector, use JMESPath to filter inventory\n        dest: default                   # optional, destination port, default|postgres|pgbouncer|\u003cport_number\u003e, 'default' by default\n        check: /sync                    # optional, health check url path, / by default\n        backup: \"[? pg_role == `primary`]\"  # backup server selector\n        maxconn: 3000                   # optional, max allowed front-end connection\n        balance: roundrobin             # optional, haproxy load balance algorithm (roundrobin by default, other: leastconn)\n        options: 'inter 3s fastinter 1s downinter 5s rise 3 fall 3 on-marked-down shutdown-sessions slowstart 30s maxconn 3000 maxqueue 128 weight 100'\n    pg_hba_rules:\n      - {user: dbuser_view , db: all ,addr: infra ,auth: pwd ,title: 'allow grafana dashboard access cmdb from infra nodes'}\n    pg_vip_enabled: true\n    pg_vip_address: 10.10.10.2/24\n    pg_vip_interface: eth1\n    node_crontab:  # make a full backup 1 am everyday\n      - '00 01 * * * postgres /pg/bin/pg-backup full'\n\n```\n\n[![home](https://pigsty.io/img/pigsty/home.jpg)](https://pigsty.io/img/pigsty/home.jpg)\n\n\u003c/details\u003e\n\nIt will create a cluster with everything properly configured: [**High Availability**](https://pigsty.io/docs/concept/ha) powered by patroni \u0026 etcd; [**Point-In-Time-Recovery**](https://pigsty.io/docs/concept/pitr) powered by pgBackRest \u0026 optional MinIO / S3;\nauto-routed, pooled [**Services \u0026 Access**](https://pigsty.io/docs/concept/svc#default-service) pooled by pgBouncer and exposed by haproxy; and out-of-the-box [**Monitoring**](https://pigsty.io/docs/pgsql/dashboard/) \u0026 alerting powered by the **`INFRA`** module.\n\n[![HA PostgreSQL Arch](https://pigsty.io/img/pigsty/ha.png)](https://pigsty.io/docs/concept/ha/)\n\nThe cluster keeps serving as long as **ANY** instance survives, with excellent fault-tolerance performance:\n\n\u003e [**RPO**](https://pigsty.io/docs/concept/ha#rpo) **= 0** on sync mode, **RPO \u003c 1MB** on async mode; [**RTO**](https://pigsty.io/docs/concept/ha#rpo) **\u003c 1s** on switchover, **RTO ≈ 15s** on failover.\n\n\n\n\n----------------\n\n## Customization\n\nPigsty is highly customizable, You can describe the entire database and infra deployment with **300+** [**parameters**](https://pigsty.io/docs/reference/param/) in a single config file and materialize them with one command.\nThere are many built-in configuration [templates](https://pigsty.io/docs/conf) that can be used directly.\n\n\u003cdetails\u003e\u003csummary\u003eExample: Sandbox (4-node) with two PG cluster\u003c/summary\u003e\u003cbr\u003e\n\nThe [`conf/full.yml`](https://github.com/Vonng/pigsty/blob/main/conf/full.yml) utilize four nodes to deploy two PostgreSQL clusters `pg-meta` and `pg-test`:\n\n```yaml\npg-meta:\n  hosts: { 10.10.10.10: { pg_seq: 1, pg_role: primary } }\n  vars:\n    pg_cluster: pg-meta\n    pg_users:\n      - {name: dbuser_meta     ,password: DBUser.Meta     ,pgbouncer: true ,roles: [dbrole_admin]    ,comment: pigsty admin user }\n      - {name: dbuser_view     ,password: DBUser.Viewer   ,pgbouncer: true ,roles: [dbrole_readonly] ,comment: read-only viewer for meta database }\n    pg_databases:\n      - {name: meta ,baseline: cmdb.sql ,comment: pigsty meta database ,schemas: [pigsty]}\n    pg_hba_rules:\n      - {user: dbuser_view , db: all ,addr: infra ,auth: pwd ,title: 'allow grafana dashboard access cmdb from infra nodes'}\n    pg_vip_enabled: true\n    pg_vip_address: 10.10.10.2/24\n    pg_vip_interface: eth1\n\n# pgsql 3 node ha cluster: pg-test\npg-test:\n  hosts:\n    10.10.10.11: { pg_seq: 1, pg_role: primary }   # primary instance, leader of cluster\n    10.10.10.12: { pg_seq: 2, pg_role: replica }   # replica instance, follower of leader\n    10.10.10.13: { pg_seq: 3, pg_role: replica, pg_offline_query: true } # replica with offline access\n  vars:\n    pg_cluster: pg-test           # define pgsql cluster name\n    pg_users:  [{ name: test , password: test , pgbouncer: true , roles: [ dbrole_admin ] }]\n    pg_databases: [{ name: test }]\n    pg_vip_enabled: true\n    pg_vip_address: 10.10.10.3/24\n    pg_vip_interface: eth1\n```\n\nYou can even deploy PostgreSQL with different major versions and kernel forks in the same deployment:\n\n[![kernels](https://pigsty.io/img/pigsty/kernels.jpg)](https://pigsty.io/img/pigsty/kernels.jpg)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\u003csummary\u003eExample: Security Setup \u0026 Delayed Replica\u003c/summary\u003e\u003cbr\u003e\n\nThe following [`conf/safe.yml`](https://github.com/Vonng/pigsty/blob/main/conf/safe.yml) provision a 4-node [security](https://pigsty.io/docs/setup/security/) enhanced postgres cluster `pg-meta` with a delayed replica `pg-meta-delay`:\n\n```yaml\npg-meta:      # 3 instance postgres cluster `pg-meta`\n  hosts:\n    10.10.10.10: { pg_seq: 1, pg_role: primary }\n    10.10.10.11: { pg_seq: 2, pg_role: replica }\n    10.10.10.12: { pg_seq: 3, pg_role: replica , pg_offline_query: true }\n  vars:\n    pg_cluster: pg-meta\n    pg_conf: crit.yml\n    pg_users:\n      - { name: dbuser_meta , password: DBUser.Meta   , pgbouncer: true , roles: [ dbrole_admin ] , comment: pigsty admin user }\n      - { name: dbuser_view , password: DBUser.Viewer , pgbouncer: true , roles: [ dbrole_readonly ] , comment: read-only viewer for meta database }\n    pg_databases:\n      - {name: meta ,baseline: cmdb.sql ,comment: pigsty meta database ,schemas: [pigsty] ,extensions: [{name: postgis, schema: public}, {name: timescaledb}]}\n    pg_default_service_dest: postgres\n    pg_services:\n      - { name: standby ,src_ip: \"*\" ,port: 5435 , dest: default ,selector: \"[]\" , backup: \"[? pg_role == `primary`]\" }\n    pg_vip_enabled: true\n    pg_vip_address: 10.10.10.2/24\n    pg_vip_interface: eth1\n    pg_listen: '${ip},${vip},${lo}'\n    patroni_ssl_enabled: true\n    pgbouncer_sslmode: require\n    pgbackrest_method: minio\n    pg_libs: 'timescaledb, $libdir/passwordcheck, pg_stat_statements, auto_explain' # add passwordcheck extension to enforce strong password\n    pg_default_roles:                 # default roles and users in postgres cluster\n      - { name: dbrole_readonly  ,login: false ,comment: role for global read-only access     }\n      - { name: dbrole_offline   ,login: false ,comment: role for restricted read-only access }\n      - { name: dbrole_readwrite ,login: false ,roles: [dbrole_readonly]               ,comment: role for global read-write access }\n      - { name: dbrole_admin     ,login: false ,roles: [pg_monitor, dbrole_readwrite]  ,comment: role for object creation }\n      - { name: postgres     ,superuser: true  ,expire_in: 7300                        ,comment: system superuser }\n      - { name: replicator ,replication: true  ,expire_in: 7300 ,roles: [pg_monitor, dbrole_readonly]   ,comment: system replicator }\n      - { name: dbuser_dba   ,superuser: true  ,expire_in: 7300 ,roles: [dbrole_admin]  ,pgbouncer: true ,pool_mode: session, pool_connlimit: 16 , comment: pgsql admin user }\n      - { name: dbuser_monitor ,roles: [pg_monitor] ,expire_in: 7300 ,pgbouncer: true ,parameters: {log_min_duration_statement: 1000 } ,pool_mode: session ,pool_connlimit: 8 ,comment: pgsql monitor user }\n    pg_default_hba_rules:             # postgres host-based auth rules by default\n      - {user: '${dbsu}'    ,db: all         ,addr: local     ,auth: ident ,title: 'dbsu access via local os user ident'  }\n      - {user: '${dbsu}'    ,db: replication ,addr: local     ,auth: ident ,title: 'dbsu replication from local os ident' }\n      - {user: '${repl}'    ,db: replication ,addr: localhost ,auth: ssl   ,title: 'replicator replication from localhost'}\n      - {user: '${repl}'    ,db: replication ,addr: intra     ,auth: ssl   ,title: 'replicator replication from intranet' }\n      - {user: '${repl}'    ,db: postgres    ,addr: intra     ,auth: ssl   ,title: 'replicator postgres db from intranet' }\n      - {user: '${monitor}' ,db: all         ,addr: localhost ,auth: pwd   ,title: 'monitor from localhost with password' }\n      - {user: '${monitor}' ,db: all         ,addr: infra     ,auth: ssl   ,title: 'monitor from infra host with password'}\n      - {user: '${admin}'   ,db: all         ,addr: infra     ,auth: ssl   ,title: 'admin @ infra nodes with pwd \u0026 ssl'   }\n      - {user: '${admin}'   ,db: all         ,addr: world     ,auth: cert  ,title: 'admin @ everywhere with ssl \u0026 cert'   }\n      - {user: '+dbrole_readonly',db: all    ,addr: localhost ,auth: ssl   ,title: 'pgbouncer read/write via local socket'}\n      - {user: '+dbrole_readonly',db: all    ,addr: intra     ,auth: ssl   ,title: 'read/write biz user via password'     }\n      - {user: '+dbrole_offline' ,db: all    ,addr: intra     ,auth: ssl   ,title: 'allow etl offline tasks from intranet'}\n    pgb_default_hba_rules:            # pgbouncer host-based authentication rules\n      - {user: '${dbsu}'    ,db: pgbouncer   ,addr: local     ,auth: peer  ,title: 'dbsu local admin access with os ident'}\n      - {user: 'all'        ,db: all         ,addr: localhost ,auth: pwd   ,title: 'allow all user local access with pwd' }\n      - {user: '${monitor}' ,db: pgbouncer   ,addr: intra     ,auth: ssl   ,title: 'monitor access via intranet with pwd' }\n      - {user: '${monitor}' ,db: all         ,addr: world     ,auth: deny  ,title: 'reject all other monitor access addr' }\n      - {user: '${admin}'   ,db: all         ,addr: intra     ,auth: ssl   ,title: 'admin access via intranet with pwd'   }\n      - {user: '${admin}'   ,db: all         ,addr: world     ,auth: deny  ,title: 'reject all other admin access addr'   }\n      - {user: 'all'        ,db: all         ,addr: intra     ,auth: ssl   ,title: 'allow all user intra access with pwd' }\n\n# OPTIONAL delayed cluster for pg-meta\npg-meta-delay:                    # delayed instance for pg-meta (1 hour ago)\n  hosts: { 10.10.10.13: { pg_seq: 1, pg_role: primary, pg_upstream: 10.10.10.10, pg_delay: 1h } }\n  vars: { pg_cluster: pg-meta-delay }\n```\n\n\u003c/details\u003e\n\nYou can deploy different kinds of PostgreSQL instance such as primary, replica, offline, delayed, sync standby, etc.,\nand customize with scene-optimize [**templates**](https://github.com/Vonng/pigsty/tree/dev/conf), pre-defined [**stacks**](https://pigsty.io/docs/pgext/usage/stack) and all **404** [**extensions**](https://pigsty.io/ext/list).\n\nYou can define [**Users**](https://pigsty.io/docs/pgsql/user/), [**Databases**](https://pigsty.io/docs/pgsql/db/), [**Service**](https://pigsty.io/docs/pgsql/svc/), [**HBAs**](https://pigsty.io/docs/pgsql/hba/) and other entities in code and provision them in one pass.\nYou can even replace the vanilla [**`PostgreSQL`**](https://pigsty.io/docs/pgsql) [**Kernel**](https://pigsty.io/docs/kernel/) with other forks as an in-place replacement: [**`Babelfish`**](https://pigsty.io/docs/kernel/babelfish/) for MSSQL compatibility,\n[**`IvorySQL`**](https://pigsty.io/docs/kernel/ivorysql) and [**`PolarDB`**](https://pigsty.io/docs/kernel/polardb/) for ORACLE compatibility:\n\n\u003cdetails\u003e\u003csummary\u003eExample: Babelfish Cluster (MSSQL Compatible)\u003c/summary\u003e\u003cbr\u003e\n\nThe [`conf/mssql.yml`](https://github.com/Vonng/pigsty/blob/main/conf/mssql.yml) Provision a [Babelfish](https://pigsty.io/docs/kernel/babelfish/) cluster with Microsoft SQL Server compatibility:\n\n```yaml\n# ./pgsql.yml -l pg-mssql\npg-mssql:\n  hosts:\n    10.10.10.41: { pg_seq: 1 ,pg_role: primary }\n    10.10.10.42: { pg_seq: 2 ,pg_role: replica }\n    10.10.10.43: { pg_seq: 3 ,pg_role: replica }\n    10.10.10.44: { pg_seq: 4 ,pg_role: replica }\n  vars:\n    pg_cluster: pg-mssql\n    pg_vip_enabled: true\n    pg_vip_address: 10.10.10.3/24\n    pg_vip_interface: eth1\n    pg_users:                           # create MSSQL superuser\n      - {name: dbuser_mssql ,password: DBUser.MSSQL ,superuser: true, pgbouncer: true ,roles: [dbrole_admin], comment: superuser \u0026 owner for babelfish  }\n    pg_primary_db: mssql                # use `mssql` as the primary sql server database\n    pg_databases:\n      - name: mssql\n        baseline: mssql.sql             # init babelfish database \u0026 user\n        extensions:\n          - { name: uuid-ossp          }\n          - { name: babelfishpg_common }\n          - { name: babelfishpg_tsql   }\n          - { name: babelfishpg_tds    }\n          - { name: babelfishpg_money  }\n          - { name: pg_hint_plan       }\n          - { name: system_stats       }\n          - { name: tds_fdw            }\n        owner: dbuser_mssql\n        parameters: { 'babelfishpg_tsql.migration_mode' : 'single-db' }\n        comment: babelfish cluster, a MSSQL compatible pg cluster\n    node_repo_modules: local,mssql     # add local \u0026 mssql modules to node repo (Internet Required)\n    pg_version: 15                     # The current WiltonDB major version is 15\n    pg_packages:                       # install forked version of postgresql with babelfishpg support\n      - wiltondb sqlcmd patroni pgbouncer pgbackrest pg_exporter pgbadger vip-manager\n    pg_extensions: [ ]                 # do not install any vanilla postgresql extensions\n    pg_mode: mssql                    # Microsoft SQL Server Compatible Mode\n    pg_libs: 'babelfishpg_tds, pg_stat_statements, auto_explain' # add timescaledb to shared_preload_libraries\n    pg_default_hba_rules: # overwrite default HBA rules for babelfish cluster\n      - { user: '${dbsu}'    ,db: all         ,addr: local     ,auth: ident ,title: 'dbsu access via local os user ident' }\n      - { user: '${dbsu}'    ,db: replication ,addr: local     ,auth: ident ,title: 'dbsu replication from local os ident' }\n      - { user: '${repl}'    ,db: replication ,addr: localhost ,auth: pwd   ,title: 'replicator replication from localhost' }\n      - { user: '${repl}'    ,db: replication ,addr: intra     ,auth: pwd   ,title: 'replicator replication from intranet' }\n      - { user: '${repl}'    ,db: postgres    ,addr: intra     ,auth: pwd   ,title: 'replicator postgres db from intranet' }\n      - { user: '${monitor}' ,db: all         ,addr: localhost ,auth: pwd   ,title: 'monitor from localhost with password' }\n      - { user: '${monitor}' ,db: all         ,addr: infra     ,auth: pwd   ,title: 'monitor from infra host with password' }\n      - { user: '${admin}'   ,db: all         ,addr: infra     ,auth: ssl   ,title: 'admin @ infra nodes with pwd \u0026 ssl' }\n      - { user: '${admin}'   ,db: all         ,addr: world     ,auth: ssl   ,title: 'admin @ everywhere with ssl \u0026 pwd' }\n      - { user: dbuser_mssql ,db: mssql       ,addr: intra     ,auth: md5   ,title: 'allow mssql dbsu intranet access' } # \u003c--- use md5 auth method for mssql user\n      - { user: '+dbrole_readonly',db: all    ,addr: localhost ,auth: pwd   ,title: 'pgbouncer read/write via local socket' }\n      - { user: '+dbrole_readonly',db: all    ,addr: intra     ,auth: pwd   ,title: 'read/write biz user via password' }\n      - { user: '+dbrole_offline' ,db: all    ,addr: intra     ,auth: pwd   ,title: 'allow etl offline tasks from intranet' }\n    pg_default_services: # route primary \u0026 replica service to mssql port 1433\n      - { name: primary ,port: 5433 ,dest: 1433  ,check: /primary   ,selector: \"[]\" }\n      - { name: replica ,port: 5434 ,dest: 1433  ,check: /read-only ,selector: \"[]\" , backup: \"[? pg_role == `primary` || pg_role == `offline` ]\" }\n      - { name: default ,port: 5436 ,dest: postgres ,check: /primary   ,selector: \"[]\" }\n      - { name: offline ,port: 5438 ,dest: postgres ,check: /replica   ,selector: \"[? pg_role == `offline` || pg_offline_query ]\" , backup: \"[? pg_role == `replica` \u0026\u0026 !pg_offline_query]\" }\n```\n\n[![mssql](https://pigsty.io/img/pigsty/mssql.jpg)](https://pigsty.io/img/pigsty/mssql.jpg)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\u003csummary\u003eExample: IvorySQL Cluster (Oracle Compatible)\u003c/summary\u003e\u003cbr\u003e\n\nThe [`conf/ivory.yml`](https://github.com/Vonng/pigsty/blob/main/conf/mssql.yml) define an [IvorySQL](https://pigsty.io/docs/kernel/ivorysql/) cluster, which aims to be Oracle compatible:\n\n```yaml\n# ./pgsql.yml -l pg-ivory\npg-ivory:\n  hosts:\n    10.10.10.45: { pg_seq: 1 ,pg_role: primary }\n    10.10.10.46: { pg_seq: 2 ,pg_role: replica }\n    10.10.10.47: { pg_seq: 3 ,pg_role: replica }\n  vars:\n    pg_cluster: pg-ivory\n    pg_version: 16                    # The current IvorySQL compatible major version is 16\n    pg_mode: ivory                    # IvorySQL Oracle Compatible Mode\n    pg_packages: [ 'ivorysql patroni pgbouncer pgbackrest pg_exporter pgbadger vip-manager' ]\n    pg_libs: 'liboracle_parser, pg_stat_statements, auto_explain'\n    pgbackrest_enabled: false         # got checksum error when using oracle compatible mode\n    repo_modules: node,pgsql,infra,ivory\n    repo_packages: [ node-bootstrap, infra-package, infra-addons, node-package1, node-package2, pgsql-utility ] #docker\n    repo_extra_packages: [ ivorysql ] # replace default postgresql kernel with ivroysql packages\n\n```\n\n[![ivorysql](https://pigsty.io/img/pigsty/ivory.jpg)](https://pigsty.io/img/pigsty/ivory.jpg)\n\n\u003c/details\u003e\n\n\nYou can also wrap existing kernel with add-ons: horizontal sharding with [**`CITUS`**](https://pigsty.io/docs/kernel/citus/),\nserving MongoDB wire protocol with [**`FERRET`**](https://pigsty.io/docs/ferret/), or self-hosting firebase alternative with [**`SUPABASE`**](https://pigsty.io/docs/kernel/supabase/):\n\n\n\u003cdetails\u003e\u003csummary\u003eExample: Citus Distributed Cluster: 10-Node\u003c/summary\u003e\u003cbr\u003e\n\nThe [`conf/simu.yml`](https://github.com/Vonng/pigsty/blob/main/conf/simu.yml) provision a 10-node [**Citus**](https://pigsty.io/docs/kernel/citus/) cluster as below:\n\n```yaml\n# pg-citus: 10 node citus cluster (5 x primary-replica pair)\npg-citus: # citus group\n  hosts:\n    10.10.10.50: { pg_group: 0, pg_cluster: pg-citus0 ,pg_vip_address: 10.10.10.60/24 ,pg_seq: 0, pg_role: primary }\n    10.10.10.51: { pg_group: 0, pg_cluster: pg-citus0 ,pg_vip_address: 10.10.10.60/24 ,pg_seq: 1, pg_role: replica }\n    10.10.10.52: { pg_group: 1, pg_cluster: pg-citus1 ,pg_vip_address: 10.10.10.61/24 ,pg_seq: 0, pg_role: primary }\n    10.10.10.53: { pg_group: 1, pg_cluster: pg-citus1 ,pg_vip_address: 10.10.10.61/24 ,pg_seq: 1, pg_role: replica }\n    10.10.10.54: { pg_group: 2, pg_cluster: pg-citus2 ,pg_vip_address: 10.10.10.62/24 ,pg_seq: 0, pg_role: primary }\n    10.10.10.55: { pg_group: 2, pg_cluster: pg-citus2 ,pg_vip_address: 10.10.10.62/24 ,pg_seq: 1, pg_role: replica }\n    10.10.10.56: { pg_group: 3, pg_cluster: pg-citus3 ,pg_vip_address: 10.10.10.63/24 ,pg_seq: 0, pg_role: primary }\n    10.10.10.57: { pg_group: 3, pg_cluster: pg-citus3 ,pg_vip_address: 10.10.10.63/24 ,pg_seq: 1, pg_role: replica }\n    10.10.10.58: { pg_group: 4, pg_cluster: pg-citus4 ,pg_vip_address: 10.10.10.64/24 ,pg_seq: 0, pg_role: primary }\n    10.10.10.59: { pg_group: 4, pg_cluster: pg-citus4 ,pg_vip_address: 10.10.10.64/24 ,pg_seq: 1, pg_role: replica }\n  vars:\n    pg_mode: citus                    # pgsql cluster mode: citus\n    pg_shard: pg-citus                # citus shard name: pg-citus\n    pg_primary_db: test               # primary database used by citus\n    pg_dbsu_password: DBUser.Postgres # all dbsu password access for citus cluster\n    pg_vip_enabled: true\n    pg_vip_interface: eth1\n    pg_extensions: [ 'citus postgis timescaledb pgvector' ]\n    pg_libs: 'citus, timescaledb, pg_stat_statements, auto_explain' # citus will be added by patroni automatically\n    pg_users: [ { name: test ,password: test ,pgbouncer: true ,roles: [ dbrole_admin ] } ]\n    pg_databases: [ { name: test ,owner: test ,extensions: [ { name: citus }, { name: postgis } ] } ]\n    pg_hba_rules:\n      - { user: 'all' ,db: all  ,addr: 10.10.10.0/24 ,auth: trust ,title: 'trust citus cluster members'        }\n      - { user: 'all' ,db: all  ,addr: 127.0.0.1/32  ,auth: ssl   ,title: 'all user ssl access from localhost' }\n      - { user: 'all' ,db: all  ,addr: intra         ,auth: ssl   ,title: 'all user ssl access from intranet'  }\n```\n\n[![citus](https://pigsty.io/img/pigsty/citus.jpg)](https://pigsty.io/img/pigsty/citus.jpg)\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\u003csummary\u003eExample: PostgreSQL for Self-hosting Supabase\u003c/summary\u003e\u003cbr\u003e\n\nYou can launch a self-hosting supabase with MinIO and PostgreSQL with just two commands:\n\n```bash\n./install.yml\n./supabase.yml\n```\n\nThe [`conf/supa.yml`](https://github.com/Vonng/pigsty/blob/main/conf/supa.yml) just describe everything you need:\n\n```yaml\n# pg-meta, the underlying postgres database for supabase\npg-meta:\n  hosts: { 10.10.10.10: { pg_seq: 1, pg_role: primary } }\n  vars:\n    pg_cluster: pg-meta\n    pg_users:\n      # supabase roles: anon, authenticated, dashboard_user\n      - { name: anon           ,login: false }\n      - { name: authenticated  ,login: false }\n      - { name: dashboard_user ,login: false ,replication: true ,createdb: true ,createrole: true }\n      - { name: service_role   ,login: false ,bypassrls: true }\n      # supabase users: please use the same password\n      - { name: supabase_admin             ,password: 'DBUser.Supa' ,pgbouncer: true ,inherit: true   ,roles: [ dbrole_admin ] ,superuser: true ,replication: true ,createdb: true ,createrole: true ,bypassrls: true }\n      - { name: authenticator              ,password: 'DBUser.Supa' ,pgbouncer: true ,inherit: false  ,roles: [ dbrole_admin, authenticated ,anon ,service_role ] }\n      - { name: supabase_auth_admin        ,password: 'DBUser.Supa' ,pgbouncer: true ,inherit: false  ,roles: [ dbrole_admin ] ,createrole: true }\n      - { name: supabase_storage_admin     ,password: 'DBUser.Supa' ,pgbouncer: true ,inherit: false  ,roles: [ dbrole_admin, authenticated ,anon ,service_role ] ,createrole: true }\n      - { name: supabase_functions_admin   ,password: 'DBUser.Supa' ,pgbouncer: true ,inherit: false  ,roles: [ dbrole_admin ] ,createrole: true }\n      - { name: supabase_replication_admin ,password: 'DBUser.Supa' ,replication: true ,roles: [ dbrole_admin ]}\n      - { name: supabase_read_only_user    ,password: 'DBUser.Supa' ,bypassrls: true ,roles: [ dbrole_readonly, pg_read_all_data ] }\n    pg_databases:\n      - name: postgres\n        baseline: supabase.sql\n        owner: supabase_admin\n        comment: supabase postgres database\n        schemas: [ extensions ,auth ,realtime ,storage ,graphql_public ,supabase_functions ,_analytics ,_realtime ]\n        extensions:\n          - { name: pgcrypto  ,schema: extensions  } # 1.3   : cryptographic functions\n          - { name: pg_net    ,schema: extensions  } # 0.9.2 : async HTTP\n          - { name: pgjwt     ,schema: extensions  } # 0.2.0 : json web token API for postgres\n          - { name: uuid-ossp ,schema: extensions  } # 1.1   : generate universally unique identifiers (UUIDs)\n          - { name: pgsodium        }                # 3.1.9 : pgsodium is a modern cryptography library for Postgres.\n          - { name: supabase_vault  }                # 0.2.8 : Supabase Vault Extension\n          - { name: pg_graphql      }                # 1.5.9 : pg_graphql: GraphQL support\n          - { name: pg_jsonschema   }                # 0.3.3 : pg_jsonschema: Validate json schema\n          - { name: wrappers        }                # 0.4.3 : wrappers: FDW collections\n          - { name: http            }                # 1.6   : http: allows web page retrieval inside the database.\n          - { name: pg_cron         }                # 1.6   : pg_cron: Job scheduler for PostgreSQL\n          - { name: timescaledb     }                # 2.17  : timescaledb: Enables scalable inserts and complex queries for time-series data\n          - { name: pg_tle          }                # 1.2   : pg_tle: Trusted Language Extensions for PostgreSQL\n          - { name: vector          }                # 0.8.0 : pgvector: the vector similarity search\n    # supabase required extensions\n    pg_libs: 'pg_stat_statements, plpgsql, plpgsql_check, pg_cron, pg_net, timescaledb, auto_explain, pg_tle, plan_filter'\n    pg_extensions: # extensions to be installed on this cluster\n      - supabase   # essential extensions for supabase\n      - timescaledb postgis pg_graphql pg_jsonschema wrappers pg_search pg_analytics pg_parquet plv8 duckdb_fdw pg_cron pg_timetable pgqr\n      - supautils pg_plan_filter passwordcheck plpgsql_check pgaudit pgsodium pg_vault pgjwt pg_ecdsa pg_session_jwt index_advisor\n      - pgvector pgvectorscale pg_summarize pg_tiktoken pg_tle pg_stat_monitor hypopg pg_hint_plan pg_http pg_net pg_smtp_client pg_idkit\n    pg_parameters:\n      cron.database_name: postgres\n      pgsodium.enable_event_trigger: off\n    pg_hba_rules: # supabase hba rules, require access from docker network\n      - { user: all ,db: postgres  ,addr: intra         ,auth: pwd ,title: 'allow supabase access from intranet'    }\n      - { user: all ,db: postgres  ,addr: 172.17.0.0/16 ,auth: pwd ,title: 'allow access from local docker network' }\n```\n\n![](https://pigsty.io/img/pigsty/supa.jpg)\n\n\u003c/details\u003e\n\nThere are other pro, beta, or pilot modules, and there will be more coming in the future:\n\n[![BABELFISH](https://img.shields.io/badge/WILTONDB-%2388A3CA?style=flat\u0026logo=postgresql\u0026labelColor=88A3CA\u0026logoColor=black)](https://pigsty.io/docs/kernel/babelfish)\n[![POLARDB PG](https://img.shields.io/badge/POLARDB_PG-%23DF6F2E?style=flat\u0026logo=postgresql\u0026labelColor=DF6F2E\u0026logoColor=black)](https://pigsty.io/docs/kernel/polardb)\n[![POLARDB ORACLE](https://img.shields.io/badge/POLARDB_ORACLE-%23DF6F2E?style=flat\u0026logo=postgresql\u0026labelColor=DF6F2E\u0026logoColor=black)](https://pigsty.io/docs/kernel/polardb-o)\n[![IVORYSQL](https://img.shields.io/badge/IVORYSQL-%23E8AC52?style=flat\u0026logo=postgresql\u0026labelColor=E8AC52\u0026logoColor=black)](https://pigsty.io/docs/kernel/ivorysql)\n[![GREENPLUM](https://img.shields.io/badge/GREENPLUM-%23578B09?style=flat\u0026logo=postgresql\u0026labelColor=578B09\u0026logoColor=black)](https://pigsty.io/docs/kernel/greenplum)\n[![CLOUDBERRY](https://img.shields.io/badge/CLOUDBERRY-orange?style=flat\u0026logo=postgresql\u0026labelColor=orange\u0026logoColor=black)](https://pigsty.io/docs/kernel/cloudberry)\n[![NEON](https://img.shields.io/badge/NEON-%2366D9C6?style=flat\u0026logo=postgresql\u0026labelColor=66D9C6\u0026logoColor=black)](https://pigsty.io/docs/kernel/neon)\n[![SUPABASE](https://img.shields.io/badge/SUPABASE-%233FCF8E?style=flat\u0026logo=supabase\u0026labelColor=3FCF8E\u0026logoColor=white)](https://pigsty.io/docs/kernel/supabase)\n\n[![KAFKA](https://img.shields.io/badge/KAFKA-%23231F20?style=flat\u0026logo=apachekafka\u0026labelColor=231F20\u0026logoColor=white)](https://pigsty.io/docs/pro/kafka)\n[![MYSQL](https://img.shields.io/badge/MYSQL-%234479A1?style=flat\u0026logo=mysql\u0026labelColor=4479A1\u0026logoColor=white)](https://pigsty.io/docs/pro/kafka)\n[![DUCKDB](https://img.shields.io/badge/DUCKDB-%23FFF000?style=flat\u0026logo=duckdb\u0026labelColor=FFF000\u0026logoColor=white)](https://pigsty.io/docs/pro/duckdb)\n[![TIGERBEETLE](https://img.shields.io/badge/TIGERBEETLE-%231919191?style=flat\u0026logo=openbugbounty\u0026labelColor=1919191\u0026logoColor=white)](https://pigsty.io/docs/pro/tigerbeetle)\n[![VICTORIA](https://img.shields.io/badge/VICTORIA-%23621773?style=flat\u0026logo=victoriametrics\u0026labelColor=621773\u0026logoColor=white)](https://pigsty.io/docs/pro/victoria)\n[![KUBERNETES](https://img.shields.io/badge/KUBERNETES-%23326CE5?style=flat\u0026logo=kubernetes\u0026labelColor=326CE5\u0026logoColor=white)](https://pigsty.io/docs/pro/kube)\n[![CONSUL](https://img.shields.io/badge/CONSUL-%23F24C53?style=flat\u0026logo=consul\u0026labelColor=F24C53\u0026logoColor=white)](https://pigsty.io/docs/pro/consul)\n[![JUPYTER](https://img.shields.io/badge/JUPYTER-%23F37626?style=flat\u0026logo=jupyter\u0026labelColor=F37626\u0026logoColor=white)](https://pigsty.io/docs/pro/jupyter)\n[![COCKROACH](https://img.shields.io/badge/COCKROACH-%236933FF?style=flat\u0026logo=cockroachlabs\u0026labelColor=6933FF\u0026logoColor=white)](https://pigsty.io/docs/pro/)\n\n\n----------------\n\n## Compatibility\n\nPigsty focus on active maintained mainstream LTS Linux distros:\n\n|  Code   | Distro                            |   `x86_64`   | Status |   `aarch64`   | Status |\n|:-------:|-----------------------------------|:------------:|:------:|:-------------:|:------:|\n| **U24** | Ubuntu 24.04 (noble)              | `u24.x86_64` |   ✔    | `u24.aarch64` |   ✔    |\n| **U22** | Ubuntu 22.04 (jammy)              | `u22.x86_64` |   ✔    | `u22.aarch64` |   ✔    |\n| **D12** | Debian 12 (bookworm)              | `d12.x86_64` |   ✔    | `d12.aarch64` |   ✔    |\n| **EL9** | RHEL 9 / Rocky9 / Alma9 / ...     | `el9.x86_64` |   ✔    | `el9.aarch64` |   ✔    |\n| **EL8** | RHEL 8 / Rocky8 / Alma8 / Anolis8 | `el8.x86_64` |   ✔    | `el8.aarch64` |   ✘    |\n| **EL7** | RHEL7 / CentOS7 / Oracle7...      | `d12.x86_64` |   ✘    | `el7.aarch64` |   ✘    |\n| **D11** | Debian 11 (bullseye)              | `d12.x86_64` |   ✘    | `d11.aarch64` |   ✘    |\n| **U20** | Ubuntu 20.04 (focal)              | `d12.x86_64` |   ✘    | `u20.aarch64` |   ✘    |\n\nFor legacy distros such as (el7, d11, u20), we have [pro support](https://pigsty.io/price) for them.\nCheck [**compatibility**](https://pigsty.io/docs/reference/compatibility/) for details.\n\n----------------\n\n## About\n\n[![Webite: pigsty.io](https://img.shields.io/badge/Website-pigsty.io-slategray?style=flat)](https://pigsty.io)\n[![Github: Discussions](https://img.shields.io/badge/GitHub-Discussions-slategray?style=flat\u0026logo=github\u0026logoColor=black)](https://github.com/Vonng/pigsty/discussions)\n[![Telegram: gV9zfZraNPM3YjFh](https://img.shields.io/badge/Telegram-gV9zfZraNPM3YjFh-cornflowerblue?style=flat\u0026logo=telegram\u0026logoColor=cornflowerblue)](https://t.me/joinchat/gV9zfZraNPM3YjFh)\n[![Discord: j5pG8qfKxU](https://img.shields.io/badge/Discord-j5pG8qfKxU-mediumpurple?style=flat\u0026logo=discord\u0026logoColor=mediumpurple)](https://discord.gg/j5pG8qfKxU)\n[![Wechat: pigsty-cc](https://img.shields.io/badge/WeChat-pigsty--cc-green?style=flat\u0026logo=wechat\u0026logoColor=green)](https://pigsty.io/img/pigsty/pigsty-cc.jpg)\n\n[![Author: RuohangFeng](https://img.shields.io/badge/Author-Ruohang_Feng-steelblue?style=flat)](https://vonng.com/)\n[![About: @Vonng](https://img.shields.io/badge/%40Vonng-steelblue?style=flat)](https://vonng.com/en/)\n[![Mail: rh@vonng.com](https://img.shields.io/badge/rh%40vonng.com-steelblue?style=flat)](mailto:rh@vonng.com)\n[![Copyright: 2018-2025 rh@Vonng.com](https://img.shields.io/badge/Copyright-2018--2025_(rh%40vonng.com)-red?logo=c\u0026color=steelblue)](https://github.com/Vonng)\n[![License: AGPLv3](https://img.shields.io/badge/License-AGPLv3-steelblue?style=flat\u0026logo=opensourceinitiative\u0026logoColor=green)](https://pigsty.io/docs/about/license/)\n[![Service: PGSTY PRO](https://img.shields.io/badge/Service-PGSTY-steelblue?style=flat)](https://pigsty.io/price)","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvonng%2Fpigsty","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvonng%2Fpigsty","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvonng%2Fpigsty/lists"}