From c67d653b73b63c87ab04e0923d489a8566e48da6 Mon Sep 17 00:00:00 2001
From: Bruno Andrade <bruno@supabase.io>
Date: Fri, 17 Nov 2023 19:37:01 +0000
Subject: [PATCH 1/2] chore: ensure fail2ban stays disabled when
 FAIL2BAN_DISABLED is set

---
 docker/all-in-one/Dockerfile    | 1 +
 docker/all-in-one/entrypoint.sh | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/docker/all-in-one/Dockerfile b/docker/all-in-one/Dockerfile
index 48b2a1610..0e36d81b9 100644
--- a/docker/all-in-one/Dockerfile
+++ b/docker/all-in-one/Dockerfile
@@ -179,6 +179,7 @@ COPY --chown=postgres:postgres docker/all-in-one/etc/postgresql.schema.sql /etc/
 # Customizations for postgres_exporter
 COPY --chown=postgres:postgres docker/all-in-one/opt/postgres_exporter/queries.yml /opt/postgres_exporter/queries.yml
 
+# Customizations for fail2ban
 COPY docker/all-in-one/etc/fail2ban/filter.d /etc/fail2ban/filter.d/
 COPY docker/all-in-one/etc/fail2ban/jail.d /etc/fail2ban/jail.d/
 
diff --git a/docker/all-in-one/entrypoint.sh b/docker/all-in-one/entrypoint.sh
index b9ae8a503..b694240be 100755
--- a/docker/all-in-one/entrypoint.sh
+++ b/docker/all-in-one/entrypoint.sh
@@ -241,6 +241,11 @@ if [ "${AUTOSHUTDOWN_ENABLED:-}" ]; then
   sed -i "s/autostart=.*/autostart=true/" /etc/supervisor/db-only/supa-shutdown.conf
 fi
 
+if [ "${FAIL2BAN_DISABLED:-}" ]; then
+  sed -i "s/autostart=.*/autostart=false/" /etc/supervisor/services/fail2ban.conf
+  sed -i "s/autorestart=.*/autorestart=false/" /etc/supervisor/services/fail2ban.conf
+fi
+
 if [ "${PLATFORM_DEPLOYMENT:-}" ]; then
   enable_swap
   create_lsn_checkpoint_file

From 068fd21bd602d565419f91a5610aeb9cfbb0f0bf Mon Sep 17 00:00:00 2001
From: Bruno Andrade <bruno@supabase.io>
Date: Mon, 20 Nov 2023 15:29:21 +0000
Subject: [PATCH 2/2] chore: update docker aio entrypoint with extra validation
 on env vars check

---
 docker/all-in-one/entrypoint.sh | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/docker/all-in-one/entrypoint.sh b/docker/all-in-one/entrypoint.sh
index b694240be..63291ff44 100755
--- a/docker/all-in-one/entrypoint.sh
+++ b/docker/all-in-one/entrypoint.sh
@@ -227,26 +227,26 @@ find /etc/supervisor/ -type d -exec chmod 0770 {} +
 find /etc/supervisor/ -type f -exec chmod 0660 {} +
 
 # Start services in the background
-if [ -z "${POSTGRES_ONLY:-}" ]; then
-  sed -i "s|  #  - postgrest|    - postgrest|g" /etc/adminapi/adminapi.yaml
-  sed -i "s|files = db-only/\*.conf|files = services/\*.conf db-only/\*.conf|g" $SUPERVISOR_CONF
-  configure_services
-else
+if [ "${POSTGRES_ONLY:-}" == "true" ]; then
   sed -i "s|    - postgrest|  #  - postgrest|g" /etc/adminapi/adminapi.yaml
   sed -i "s|files = services/\*.conf db-only/\*.conf|files = db-only/\*.conf|g" $SUPERVISOR_CONF
   /init/configure-adminapi.sh
+else
+  sed -i "s|  #  - postgrest|    - postgrest|g" /etc/adminapi/adminapi.yaml
+  sed -i "s|files = db-only/\*.conf|files = services/\*.conf db-only/\*.conf|g" $SUPERVISOR_CONF
+  configure_services
 fi
 
-if [ "${AUTOSHUTDOWN_ENABLED:-}" ]; then
+if [ "${AUTOSHUTDOWN_ENABLED:-}" == "true" ]; then
   sed -i "s/autostart=.*/autostart=true/" /etc/supervisor/db-only/supa-shutdown.conf
 fi
 
-if [ "${FAIL2BAN_DISABLED:-}" ]; then
+if [ "${FAIL2BAN_DISABLED:-}" == "true" ]; then
   sed -i "s/autostart=.*/autostart=false/" /etc/supervisor/services/fail2ban.conf
   sed -i "s/autorestart=.*/autorestart=false/" /etc/supervisor/services/fail2ban.conf
 fi
 
-if [ "${PLATFORM_DEPLOYMENT:-}" ]; then
+if [ "${PLATFORM_DEPLOYMENT:-}" == "true" ]; then
   enable_swap
   create_lsn_checkpoint_file
 fi