# Expria auto-deploy webhook listener — systemd unit (VPS Paris). # # DISTINCT from expria-backend.service: this runs the webhook listener, not the # API. Keeping them separate is required — a deploy restarts expria-backend, so # the listener must NOT be a child of it or the deploy would kill itself. # # Install (ops step, after CP1 validation): # sudo cp deploy/expria-deploy.service /etc/systemd/system/expria-deploy.service # sudo systemctl daemon-reload # sudo systemctl enable --now expria-deploy # Logs: # journalctl -u expria-deploy -f [Unit] Description=Expria auto-deploy webhook listener (Forgejo push -> deploy) After=network-online.target Wants=network-online.target [Service] Type=simple User=deploy Group=deploy WorkingDirectory=/opt/expria/expria-backend/deploy EnvironmentFile=/etc/expria/webhook.env ExecStart=/usr/bin/node /opt/expria/expria-backend/deploy/webhook-listener.mjs Restart=always RestartSec=5 # NOTE: NoNewPrivileges MUST stay false (default) — deploy.sh relies on sudo for # the single restricted rule: systemctl restart expria-backend.service. # ProtectSystem=strict is intentionally NOT set: deploy.sh writes the checkout # under /opt/expria/expria-backend (git pull, npm ci, build). [Install] WantedBy=multi-user.target