Skip to main content

Overview

For production Linux deployments, systemd provides robust process management, automatic restarts, and service dependency handling. This guide covers creating systemd unit files and managing Template Worker as a system service.

Basic Service Unit

Here’s a complete systemd service unit file for Template Worker: 
[Unit]
Description=Template Worker Service
After=network.target postgresql.service
PartOf=antiraid-v6.target

[Service]
Type=simple
User=antiraid
Group=antiraid
WorkingDirectory=/home/antiraid/template-worker
ExecStart=/home/antiraid/template-worker/template-worker --worker-type processpool
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
TimeoutStopSec=5
PrivateTmp=true
RestartSec=1
Restart=always

[Install]
WantedBy=multi-user.target

Service Configuration Explained

DirectivePurpose
Type=simpleProcess doesn’t fork; stays in foreground
User=antiraidRun as non-privileged user
WorkingDirectorySets working directory for config.yaml
ExecStartCommand to start the worker
ExecReloadSend HUP signal for graceful reload
KillMode=mixedSend SIGTERM to main, SIGKILL to others
TimeoutStopSec=5Wait 5s for graceful shutdown
PrivateTmp=trueIsolate /tmp directory for security
Restart=alwaysAuto-restart on failure
RestartSec=1Wait 1s before restart attempt

Installation

1

Create service user

Create a dedicated user for running the service:
sudo useradd -r -s /bin/false antiraid
2

Deploy binary and config

Copy your built binary and configuration:
sudo mkdir -p /home/antiraid/template-worker
sudo cp target/release/template-worker /home/antiraid/template-worker/
sudo cp config.yaml /home/antiraid/template-worker/
sudo chown -R antiraid:antiraid /home/antiraid/template-worker
3

Create systemd unit file

Create the service file at /etc/systemd/system/template-worker.service:
sudo nano /etc/systemd/system/template-worker.service
Paste the unit file content from above.
4

Reload systemd and enable service

# Reload systemd configuration
sudo systemctl daemon-reload

# Enable service to start on boot
sudo systemctl enable template-worker.service
5

Start the service

sudo systemctl start template-worker.service

Service Management

Common Commands

# Start the service
sudo systemctl start template-worker

# Stop the service
sudo systemctl stop template-worker

# Restart the service
sudo systemctl restart template-worker

# Reload configuration (sends SIGHUP)
sudo systemctl reload template-worker

# View status
sudo systemctl status template-worker

# View logs
sudo journalctl -u template-worker -f

# View logs since boot
sudo journalctl -u template-worker -b

# View logs from last hour
sudo journalctl -u template-worker --since "1 hour ago"

Service Status

Check if the service is running: 
sudo systemctl status template-worker
Output should show: 
● template-worker.service - Template Worker Service
   Loaded: loaded (/etc/systemd/system/template-worker.service; enabled)
   Active: active (running) since ...

Worker Type Configuration

Template Worker supports multiple worker modes via command-line arguments. See Scaling for detailed comparison. 
ExecStart=/home/antiraid/template-worker/template-worker --worker-type processpool
Default mode. Spawns separate processes for isolation.

Thread Pool

ExecStart=/home/antiraid/template-worker/template-worker --worker-type threadpool --tokio-threads-master 15
Uses threads instead of processes. Lower overhead but less isolation.

Custom Worker Count

ExecStart=/home/antiraid/template-worker/template-worker --worker-type processpool --process-workers 8

Multi-Service Deployment

For complex deployments with multiple services, create a target unit to manage them together.

Create Target Unit

Create /etc/systemd/system/antiraid-v6.target: 
[Unit]
Description=AntiRaid v6 Service Stack

[Install]
WantedBy=multi-user.target
In each service unit file, add: 
[Unit]
PartOf=antiraid-v6.target

Example: Multiple Services

Sandwich Gateway Service (ar-sandwich.service): 
[Unit]
Description=AntiRaid Sandwich Daemon (gateway proxy)
After=network.target
PartOf=antiraid-v6.target

[Service]
Type=simple
User=antiraid-secure
Group=antiraid-secure
WorkingDirectory=/home/antiraid-secure/sandwich-daemon
ExecStart=/home/antiraid-secure/sandwich-daemon/sandwich \
  -configurationPath=sandwich.yaml \
  -prometheusAddress :3931 \
  -httpEnabled \
  --httpHost 0.0.0.0:29334 \
  -level debug
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
TimeoutStopSec=5
PrivateTmp=true
RestartSec=1
Restart=always

[Install]
WantedBy=multi-user.target
Template Worker Service (template-worker.service): 
[Unit]
Description=Template Worker Service
After=network.target postgresql.service ar-sandwich.service
PartOf=antiraid-v6.target

[Service]
Type=simple
User=antiraid
Group=antiraid
WorkingDirectory=/home/antiraid/template-worker
ExecStart=/home/antiraid/template-worker/template-worker --worker-type processpool
ExecReload=/bin/kill -s HUP $MAINPID
KillMode=mixed
TimeoutStopSec=5
PrivateTmp=true
RestartSec=1
Restart=always

[Install]
WantedBy=multi-user.target

Managing the Service Stack

# Start all services in target
sudo systemctl start antiraid-v6.target

# Stop all services in target
sudo systemctl stop antiraid-v6.target

# View status of all services
sudo systemctl list-dependencies antiraid-v6.target

Environment Variables

To pass environment variables to your service, use the Environment directive: 
[Service]
Environment="RUST_LOG=template-worker=debug"
Environment="MESOPHYLL_SERVER=localhost:50051"
Or use an environment file: 
[Service]
EnvironmentFile=/home/antiraid/template-worker/.env

Security Hardening

For production deployments, add these security directives: 
[Service]
# Security
PrivateTmp=true
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/home/antiraid/template-worker
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=true

# Resource limits
LimitNOFILE=65536
LimitNPROC=512
MemoryMax=4G
CPUQuota=200%

Monitoring and Logs

Structured Logging

Template Worker logs to stdout/stderr. Systemd captures these via journald: 
# Follow logs in real-time
sudo journalctl -u template-worker -f

# View logs with priority level
sudo journalctl -u template-worker -p err

# Export logs to file
sudo journalctl -u template-worker --since today > worker.log

Log Rotation

Configure journald log retention in /etc/systemd/journald.conf: 
[Journal]
SystemMaxUse=500M
SystemMaxFileSize=100M
MaxRetentionSec=7day

Troubleshooting

Service Won’t Start

  1. Check service status: 
    sudo systemctl status template-worker
  2. View recent logs: 
    sudo journalctl -u template-worker -n 50
  3. Test binary manually: 
    sudo -u antiraid /home/antiraid/template-worker/template-worker

Permission Errors

Ensure the service user owns all required files: 
sudo chown -R antiraid:antiraid /home/antiraid/template-worker
sudo chmod 600 /home/antiraid/template-worker/config.yaml

Service Keeps Restarting

  1. Check for crashes in logs: 
    sudo journalctl -u template-worker | grep -i "error\|panic\|crash"
  2. Verify configuration: 
    sudo -u antiraid /home/antiraid/template-worker/template-worker --help
  3. Temporarily disable auto-restart to debug: 
    [Service]
Restart=on-failure

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us