feat: package and activation

samrose · yvan-sraka · commit 4e2e2b62d968 · 2025-09-15T09:46:23.000+02:00
diff --git a/flake.nix b/flake.nix
@@ -170,11 +170,6 @@
               mkdir -p /etc/auth.d
               mkdir -p /etc/gotrue
 
-              # Create gotrue user if it doesn't exist
-              if ! id "gotrue" &>/dev/null; then
-                useradd -r -s /bin/false gotrue
-              fi
-
               # Set proper ownership
               chown -R gotrue:gotrue /opt/gotrue
               chown -R gotrue:gotrue /etc/auth.d
@@ -185,7 +180,7 @@
               chmod 775 /etc/auth.d
               chmod 775 /etc/gotrue
 
-              # Copy the binary
+              # Copy the binary to the correct location
               cp ${auth-service}/bin/supabase-auth /opt/gotrue/gotrue
               chown gotrue:gotrue /opt/gotrue/gotrue
               chmod 755 /opt/gotrue/gotrue
@@ -194,15 +189,26 @@
               cp $out/lib/systemd/system/gotrue.service /etc/systemd/system/
               chmod 644 /etc/systemd/system/gotrue.service
 
-              # Copy the environment file
-              cp $out/etc/auth.env /etc/gotrue.generated.env
-              chown gotrue:gotrue /etc/gotrue.generated.env
-              chmod 600 /etc/gotrue.generated.env
-
-              # Create symlinks for easy access
-              ln -sf $out/bin/manage-auth /usr/local/bin/gotrue-manage
-              ln -sf $out/share/gotrue/gotrue.service /usr/local/share/gotrue/gotrue.service
-              ln -sf $out/bin/activate /usr/local/bin/auth-activate
+              # Copy the environment file to the correct location
+              cp $out/etc/auth.env /etc/auth.d/20_generated.env
+              chown gotrue:gotrue /etc/auth.d/20_generated.env
+              chmod 600 /etc/auth.d/20_generated.env
+
+              # Create symlinks for easy access from nix profile
+              mkdir -p /usr/local/bin
+              mkdir -p /usr/local/share/gotrue
+
+              # Create symlinks to the nix profile locations
+              ln -sf "\$NIX_PROFILE/bin/manage-auth" /usr/local/bin/gotrue-manage
+              ln -sf "\$NIX_PROFILE/share/gotrue/gotrue.service" /usr/local/share/gotrue/gotrue.service
+              ln -sf "\$NIX_PROFILE/bin/activate" /usr/local/bin/auth-activate
+              ln -sf "\$NIX_PROFILE/bin/gotrue" /usr/local/bin/gotrue
+
+              # Allow UFW connections to GoTrue metrics exporter if UFW is installed
+              if command -v ufw >/dev/null 2>&1; then
+                ufw allow 9122/tcp comment "GoTrue metrics exporter"
+                echo "Added UFW rule for GoTrue metrics exporter"
+              fi
 
               # Reload systemd
               systemctl daemon-reload
@@ -213,12 +219,20 @@
 
               echo "Gotrue service has been activated and started"
               echo "You can manage the service using: gotrue-manage {start|stop|restart|status}"
+              echo "The following commands are available:"
+              echo "  gotrue-manage - Manage the Gotrue service"
+              echo "  auth-activate - Run this activation script again"
+              echo "  gotrue - The auth service binary"
               EOF
               chmod +x $out/bin/activate
 
               # Create symlinks to the systemd unit files for easy access
               mkdir -p $out/share/gotrue
               ln -s $out/lib/systemd/system/gotrue.service $out/share/gotrue/gotrue.service
+
+              # Copy the auth binary to the package's bin directory
+              cp ${auth-service}/bin/supabase-auth $out/bin/gotrue
+              chmod +x $out/bin/gotrue
             '';
 
             installPhase = "true";
diff --git a/nix/README.md b/nix/README.md
@@ -0,0 +1,97 @@
+# Nix Configuration for Auth Service
+
+This directory contains Nix modules and configurations for the Auth service. The setup allows for building and installing the Auth service using Nix, with proper systemd integration and configuration management.
+
+## Files
+
+- `auth-module.nix`: Defines the Nix module for the Auth service configuration
+- `steps-module.nix`: Defines the Nix module for service startup steps and commands
+
+## Building and Installation
+
+### Prerequisites
+
+- Nix package manager installed
+- System with systemd (for service management)
+
+### Installation
+
+1. Install the package:
+```bash
+nix profile install .
+```
+
+2. Activate the service:
+```bash
+sudo auth-activate
+```
+
+### Available Commands
+
+After installation, the following commands are available:
+
+- `gotrue`: The auth service binary
+- `gotrue-manage`: Manage the service (start/stop/restart/status)
+- `auth-activate`: Run the activation script again
+
+## Configuration
+
+The service configuration is managed through environment variables, which are set in the Nix configuration. The main configuration file is generated at `/etc/auth.d/20_generated.env` during activation.
+
+### Service Structure
+
+- Binary: `/opt/gotrue/gotrue`
+- Config directory: `/etc/auth.d`
+- Systemd service: `gotrue.service`
+- Metrics port: 9122 (automatically configured in UFW if available)
+
+## Development
+
+### Updating the Service
+
+1. Modify the relevant Nix files:
+   - `flake.nix` for package definition and build process
+   - `auth-module.nix` for service configuration
+   - `steps-module.nix` for startup steps
+
+2. Rebuild and reinstall:
+```bash
+nix profile install .
+sudo auth-activate
+```
+
+### Testing Changes
+
+1. Build the package:
+```bash
+nix build .
+```
+
+2. The result will be in `./result/` with the following structure:
+   - `bin/`: Contains the binary and management scripts
+   - `share/gotrue/`: Contains the systemd service file
+   - `etc/`: Contains the environment configuration
+
+## System Requirements
+
+- Linux system with systemd
+- UFW (optional, for metrics port configuration)
+- Proper permissions for the `gotrue` user (created by system image)
+
+## Troubleshooting
+
+1. If the service fails to start:
+   - Check logs: `journalctl -u gotrue.service`
+   - Verify permissions: `ls -l /opt/gotrue /etc/auth.d`
+   - Check config: `cat /etc/auth.d/20_generated.env`
+
+2. If commands are not found:
+   - Verify installation: `nix profile list`
+   - Check symlinks: `ls -l /usr/local/bin/gotrue*`
+
+## Notes
+
+- The activation script assumes the `gotrue` user exists (created by system image)
+- The service runs as the `gotrue` user
+- Configuration is managed through environment variables
+- The service is automatically started and enabled on activation 
