🐛 fix(db): sets max open and idle connections for postgres

.github/workflows/build-alpine.yml

@@ -0,0 +1,54 @@
+name: Build alpine image
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+env:
+  BUILD_VERSION: "v0.22.3-dev"
+  DOCKER_CLI_EXPERIMENTAL: enabled
+
+permissions: read-all
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 🛒 Checkout Code
+        uses: actions/checkout@v4
+
+      - name: ⚙️ Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: ⚙️ Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: 🔑 Login to quay.io
+        uses: docker/login-action@v3
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_PASS }}
+
+      - name: 🏷️ Generate Image Tags
+        id: image-metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            name=quay.io/rapyuta/rr-headscale
+          tags: |
+            type=raw,value=${{ env.BUILD_VERSION }}
+
+      - name: ⬆️ Build and Push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: Dockerfile.alpine
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.image-metadata.outputs.tags }}
+          push: true
+          build-args: |
+            BUILD_VERSION
+          sbom: true

CHANGELOG.md

@@ -7,6 +7,7 @@
 - Code reorganisation, a lot of code has moved, please review the following PRs accordingly [#1444](https://github.com/juanfont/headscale/pull/1444)
 
 ### Changes
+- Set max open and idle connections for postgres
 
 ## 0.22.3 (2023-05-12)
 
@@ -19,7 +20,7 @@
 ### Changes
 
 - Add environment flags to enable pprof (profiling) [#1382](https://github.com/juanfont/headscale/pull/1382)
-  - Profiles are continously generated in our integration tests.
+- Profiles are continously generated in our integration tests.
 - Fix systemd service file location in `.deb` packages [#1391](https://github.com/juanfont/headscale/pull/1391)
 - Improvements on Noise implementation [#1379](https://github.com/juanfont/headscale/pull/1379)
 - Replace node filter logic, ensuring nodes with access can see eachother [#1381](https://github.com/juanfont/headscale/pull/1381)

Dockerfile.alpine

@@ -0,0 +1,37 @@
+FROM golang:1.21.4-alpine3.18@sha256:110b07af87238fbdc5f1df52b00927cf58ce3de358eeeb1854f10a8b5e5e1411 AS build
+
+WORKDIR /go/src/github.com/juanfont/headscale/
+
+ARG BUILD_VERSION
+
+COPY . .
+
+RUN test -n "${BUILD_VERSION}" \
+	&& apk update \
+	&& apk upgrade -a \
+	&& apk add --no-cache ca-certificates curl gcc musl-dev \
+	&& update-ca-certificates \
+	&& CGO_ENABLED=0 go build -o ./headscale -v -trimpath -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=${BUILD_VERSION}" ./cmd/headscale
+
+WORKDIR /config
+
+FROM alpine:3.18.4@sha256:eece025e432126ce23f223450a0326fbebde39cdf496a85d8c016293fc851978
+
+LABEL org.opencontainers.image.title="quay.io/rapyuta/rr-headscale"
+LABEL org.opencontainers.image.description="An open source, self-hosted implementation of the Tailscale coordination server."
+
+RUN apk update && apk upgrade -a && apk add inotify-tools
+
+COPY --from=build /etc/ssl/certs /etc/ssl/certs
+
+COPY --from=build /go/src/github.com/juanfont/headscale/headscale /usr/local/bin/headscale
+COPY --from=build /config /config
+
+COPY ./hack/acl_watcher.sh ./hack/start.sh .
+RUN chmod +x start.sh acl_watcher.sh
+
+EXPOSE 8080/tcp
+
+ENTRYPOINT [ "./start.sh" ]
+
+CMD ["help"]

hack/acl_watcher.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -x
+
+inotifywait --event moved_to --recursive --monitor /acl |
+while read -r
+do
+    echo "$(date +%s) noticed acl update; triggered reload"
+    killall -s SIGHUP headscale
+done

hack/start.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -x
+
+./acl_watcher.sh &
+
+/usr/local/bin/headscale serve --config /etc/headscale/config.yaml

hscontrol/db.go

@@ -20,6 +20,10 @@ import (
 const (
 	dbVersion = "1"
 
+	_pgsqlMaxOpenConnections    = 10
+	_pgsqlMaxIdleConnections    = 10
+	_pgsqlMaxConnectionLifetime = 1 * time.Hour
+
 	errValueNotFound     = Error("not found")
 	ErrCannotParsePrefix = Error("cannot parse prefix")
 )
@@ -251,10 +255,17 @@ func (h *Headscale) openDB() (*gorm.DB, error) {
 		sqlDB.SetConnMaxIdleTime(time.Hour)
 
 	case Postgres:
-		db, err = gorm.Open(postgres.Open(h.dbString), &gorm.Config{
+		db, err := gorm.Open(postgres.Open(h.dbString), &gorm.Config{
 			DisableForeignKeyConstraintWhenMigrating: true,
 			Logger:                                   log,
 		})
+
+		sqlDB, _ := db.DB()
+		sqlDB.SetMaxOpenConns(_pgsqlMaxOpenConnections)
+		sqlDB.SetMaxIdleConns(_pgsqlMaxIdleConnections)
+		sqlDB.SetConnMaxLifetime(_pgsqlMaxConnectionLifetime)
+
+		return db, err
 	}
 
 	if err != nil {