Skip to content

misc: add support for relay systemd install#15

Merged
sheensantoscapadngan merged 8 commits into
mainfrom
misc/add-support-for-relay-systemd-install
Sep 19, 2025
Merged

misc: add support for relay systemd install#15
sheensantoscapadngan merged 8 commits into
mainfrom
misc/add-support-for-relay-systemd-install

Conversation

@sheensantoscapadngan
Copy link
Copy Markdown
Member

@sheensantoscapadngan sheensantoscapadngan commented Sep 11, 2025
edited
Loading

Description 📣

This PR adds support for installing and uninstalling relay as a systemd service

Type ✨

  • Bug fix
  • New feature
  • Improvement
  • Breaking change
  • Documentation

Tests 🛠️

# Here's some code block to paste some code snippets

greptile-apps[bot]
greptile-apps Bot reviewed Sep 11, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greptile Summary

This PR introduces systemd service management capabilities for the Infisical relay component, allowing it to be installed, managed, and uninstalled as a proper Linux system service. The changes span three files:

  1. Constants Addition (packages/gateway-v2/constants.go): Two new environment variable name constants (RELAY_HOST_ENV_NAME and RELAY_TYPE_ENV_NAME) are added to support consistent configuration between command-line and systemd service modes.

  2. Systemd Management Logic (packages/relay/systemd.go): A new file implementing the core systemd service installation and uninstallation functionality. It creates systemd unit files with security hardening features (PrivateTmp, resource limits), generates configuration files with authentication credentials, and manages the service lifecycle through systemctl commands.

  3. Command Interface (packages/cmd/relay.go): The relay command is enhanced with two new subcommands (install and uninstall) for systemd service management. The existing start command is modified to use environment variables as fallbacks, enabling it to work both interactively and as a systemd service.

The implementation supports both 'org' and 'instance' relay types with different authentication mechanisms - org-type relays use INFISICAL_TOKEN while instance-type relays use INFISICAL_RELAY_AUTH_SECRET. The systemd service template includes proper security configurations and integrates with existing Infisical infrastructure patterns. This change enables production-ready deployment of relay services with standard Linux service management capabilities like automatic startup, proper logging, and service lifecycle management through systemctl.

Confidence score: 3/5

  • This PR introduces significant security-sensitive functionality that requires careful review due to credential handling and systemd service creation
  • Score reflects concerns about sensitive data being written to disk, potential command injection vectors, and the need for root privileges
  • Pay close attention to packages/relay/systemd.go for credential handling and file permission validation

Context used:

Context - For better readability, consider splitting complex expressions into multiple variables. (link)

3 files reviewed, 1 comment

Edit Code Review Bot Settings | Greptile

Comment thread packages/relay/systemd.go
@sheensantoscapadngan sheensantoscapadngan merged commit 5a5af5a into main Sep 19, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@akhilmhdh akhilmhdh akhilmhdh approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sheensantoscapadngan @akhilmhdh