chown

openfga-end.sh

@@ -2,7 +2,6 @@
 # Source: https://raw.githubusercontent.com/rgl/incus-playground/349480b30d82ca1b468cb6e983988c7cb01343e3/provision-openfga.sh
 set -euxo pipefail
 
-POSTGRES_FQDN="localhost"
 OPENFGA_FQDN="localhost"
 
 # configure.
@@ -14,8 +13,8 @@ log:
   format: text
   level: info # none, debug, info, warn, error, panic, fatal.
 datastore:
-  engine: postgres
-  uri: postgres://openfga:abracadabra@$POSTGRES_FQDN:5432/openfga
+  engine: sqlite
+  uri: file:/opt/openfga/openfga.db
 authn:
   method: preshared
   preshared:
@@ -28,12 +27,12 @@ grpc:
     enabled: false
 http:
   enabled: true
-  addr: :8080
+  addr: 127.0.0.1:8080
   tls:
     enabled: false
 metrics:
   enabled: true
-  addr: :2112
+  addr: 127.0.0.1:2112
 playground:
   enabled: false
   port: 3000

provision-openfga.sh

@@ -28,19 +28,14 @@ install -d "$t/dist"
 tar xf "$t/openfga.tgz" -C "$t/dist"
 rm -rf /opt/openfga
 mv "$t/dist" /opt/openfga
-chown -R root:root /opt/openfga
+touch /opt/openfga/openfga.db
+chown -R openfga:openfga /opt/openfga
 rm -rf "$t"
 
 # create the openfga role and database.
-pushd /
-sudo -sHu postgres psql -c "create role openfga login password 'abracadabra'"
-sudo -sHu postgres createdb -E UTF8 -O openfga openfga >/dev/null
 /opt/openfga/openfga migrate \
-    --datastore-engine postgres \
-    --datastore-uri "postgres://openfga:abracadabra@$POSTGRES_FQDN:5432/openfga"
-sudo -sHu postgres psql -c '\du'
-sudo -sHu postgres psql -l
-popd
+    --datastore-engine sqlite \
+    --datastore-uri file:/opt/openfga/openfga.db
 
 # configure.
 # see https://openfga.dev/docs/getting-started/setup-openfga/configure-openfga
@@ -76,6 +71,8 @@ playground:
   port: 3000
 EOF
 
+chown -R openfga:openfga /opt/openfga
+
 # brandonkal: disable TLS
 #install -o root -g openfga -m 444 "/vagrant/shared/example-ca/$OPENFGA_FQDN-crt.pem" /opt/openfga
 #install -o root -g openfga -m 440 "/vagrant/shared/example-ca/$OPENFGA_FQDN-key.pem" /opt/openfga