From 44ba607d8acd3717a9425d7b0dcdd0c915edb042 Mon Sep 17 00:00:00 2001
From: Chris Stockton <chris.stockton@supabase.io>
Date: Mon, 23 Sep 2024 15:40:45 -0700
Subject: [PATCH] feat: enable runtime configuration reloads for auth

This is a small diff doing three things:

- Create the `/etc/auth.d` directory.
- Copies the `gotrue-optimizations.service.j2` to also copy the
  `gotrue.generated.env` file to the `/etc/auth.d` directory.
- Change the `gotrue.service.j2` to use the `--config-dir` flag
  set to the newly created `/etc/auth.d` directory.
---
 ansible/files/gotrue-optimizations.service.j2 | 1 +
 ansible/files/gotrue.service.j2               | 2 +-
 ansible/tasks/setup-gotrue.yml                | 7 +++++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ansible/files/gotrue-optimizations.service.j2 b/ansible/files/gotrue-optimizations.service.j2
index d9c2f018e..fe5b26cd7 100644
--- a/ansible/files/gotrue-optimizations.service.j2
+++ b/ansible/files/gotrue-optimizations.service.j2
@@ -5,6 +5,7 @@ Description=GoTrue (Auth) optimizations
 Type=oneshot
 # we don't want failures from this command to cause PG startup to fail
 ExecStart=/bin/bash -c "/opt/supabase-admin-api optimize auth --destination-config-file-path /etc/gotrue/gotrue.generated.env ; exit 0"
+ExecStartPost=/bin/bash -c "cp -a /etc/gotrue/gotrue.generated.env /etc/auth.d/20_generated.env ; exit 0"
 User=postgrest
 
 [Install]
diff --git a/ansible/files/gotrue.service.j2 b/ansible/files/gotrue.service.j2
index c1f7f584f..272e5b871 100644
--- a/ansible/files/gotrue.service.j2
+++ b/ansible/files/gotrue.service.j2
@@ -4,7 +4,7 @@ Description=Gotrue
 [Service]
 Type=simple
 WorkingDirectory=/opt/gotrue
-ExecStart=/opt/gotrue/gotrue
+ExecStart=/opt/gotrue/gotrue --config-dir /etc/auth.d
 User=gotrue
 Restart=always
 RestartSec=3
diff --git a/ansible/tasks/setup-gotrue.yml b/ansible/tasks/setup-gotrue.yml
index 0998468b3..d2c763853 100644
--- a/ansible/tasks/setup-gotrue.yml
+++ b/ansible/tasks/setup-gotrue.yml
@@ -30,6 +30,13 @@
     owner: gotrue
     mode: 0775
 
+- name: gotrue - create /etc/auth.d
+  file:
+    path: /etc/auth.d
+    state: directory
+    owner: gotrue
+    mode: 0755
+
 - name: gotrue - unpack archive in /opt/gotrue
   unarchive:
     remote_src: yes