11[Unit]
22Description=Gotrue
33
4- # Avoid starting gotrue while cloud-init is running. It makes a lot of changes
5- # and I would like to rule out side effects of it running concurrently along
6- # side services.
7- After=cloud-init.service
8- Wants=cloud-init.target
9-
10- # Given the fact that auth uses SO_REUSEADDR, I want to rule out capabilities
11- # being modified between restarts early in boot. This plugs up the scenario that
12- # EADDRINUSE errors originate from a previous gotrue process starting without
13- # the SO_REUSEADDR flag (due to lacking capability at that point in boot proc)
14- # so when the next gotrue starts it can't re-use a slow releasing socket.
15- After=apparmor.service
16-
17- # We want sysctl's to be applied
18- After=systemd-sysctl.service
19-
20- # UFW Is modified by cloud init, but started non-blocking, so configuration
21- # could be in-flight while gotrue is starting. I want to ensure future rules
22- # that are relied on for security posture are applied before gotrue runs.
23- After=ufw.service
24-
25- # We need networking & resolution, auth uses the Go DNS resolver (not libc)
26- # so it's possible `localhost` resolution could be unstable early in startup. We
27- # care about this because SO_REUSEADDR eligibility checks the tuple
28- # (proto, family, addr, port) meaning the AF_INET (ipv4, ipv6) could affect the
29- # binding resulting in a second way for EADDRINUSE errors to surface.
30- #
31- # Note: We should consider removing localhost usage given `localhost` resolution
32- # can often be racey early in boot, can be difficult to debug and offers no real
33- # advantage in our infra. At the very least avoiding DNS resolved binding would
34- # be a good idea.
35- Wants=network-online.target systemd-resolved.service
36- After=network-online.target systemd-resolved.service
37-
38- # Auth server can't start unless postgres is online, lets remove a lot of auth
39- # server noise during slow starts by requiring it.
40- Wants=postgresql.service
41- After=postgresql.service
42-
43- # Lower start limit ival and burst to prevent the noisy flapping
44- StartLimitIntervalSec=10
45- StartLimitBurst=5
46-
474[Service]
48- Type=exec
5+ Type=simple
496WorkingDirectory=/opt/gotrue
50-
51- # Both v2 & v3 need a config-dir for reloading support.
7+ {% if qemu_mode is defined and qemu_mode %}
8+ ExecStart=/opt/gotrue/gotrue
9+ {% else %}
5210ExecStart=/opt/gotrue/gotrue --config-dir /etc/auth.d
53- ExecReload=/bin/kill -10 $MAINPID
11+ {% endif %}
5412
5513User=gotrue
5614Restart=always
@@ -59,36 +17,11 @@ RestartSec=3
5917MemoryAccounting=true
6018MemoryMax=50%
6119
62- # These are the historical location of env files. The /etc/auth.d dir will
63- # override them when present.
6420EnvironmentFile=-/etc/gotrue.generated.env
6521EnvironmentFile=/etc/gotrue.env
6622EnvironmentFile=-/etc/gotrue.overrides.env
6723
68- # Both v2 & v3 support reloading via signals, on linux this is SIGUSR1.
69- Environment=GOTRUE_RELOADING_SIGNAL_ENABLED=true
70- Environment=GOTRUE_RELOADING_SIGNAL_NUMBER=10
71-
72- # Both v2 & v3 disable the poller. While gotrue sets it to off by default we
73- # defensively set it to false here.
74- Environment=GOTRUE_RELOADING_POLLER_ENABLED=false
75-
76- # Determines how much idle time must pass before triggering a reload. This
77- # ensures only 1 reload operation occurs during a burst of config updates.
78- Environment=GOTRUE_RELOADING_GRACE_PERIOD_INTERVAL=2s
79-
80- {% if qemu_mode is defined and qemu_mode %}
81- # v3 does not use filesystem notifications for config reloads.
82- Environment=GOTRUE_RELOADING_NOTIFY_ENABLED=false
83- {% else %}
84- # v2 currently relies on notify support, so we will enable it until both v2 / v3
85- # have migrated to strictly use signals across all projects. The default is true
86- # in gotrue but we will set it defensively here.
87- Environment=GOTRUE_RELOADING_NOTIFY_ENABLED=true
88- {% endif %}
89-
9024Slice=services.slice
9125
9226[Install]
9327WantedBy=multi-user.target
94-
0 commit comments