fix: install

Author: samrose

ansible/playbook.yml

@@ -226,6 +226,12 @@
         /bin/bash /tmp/ansible-playbook/ansible/files/cis_baseline_check.sh /tmp/ansible-playbook/audit-specs/baselines
       when: stage2_nix
 
+    - name: Remove supascan after validation
+      become: yes
+      shell: |
+        sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile remove supascan"
+      when: stage2_nix
+
     - name: nix collect garbage
       become: yes
       shell: |

ansible/tasks/stage2-setup-postgres.yml

@@ -106,6 +106,14 @@
       loop_control:
         loop_var: 'nix_item'
 
+    - name: Install supascan for baseline validation
+      ansible.builtin.shell: |
+        sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#supascan"
+
+    - name: nix collect garbage after supascan install
+      ansible.builtin.shell:
+        cmd: sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix-collect-garbage -d"
+
     - name: Set ownership and permissions for file and dirs
       ansible.builtin.file:
         group: 'postgres'