34 lines
1.2 KiB
Desktop File
34 lines
1.2 KiB
Desktop File
# Expria auto-deploy webhook listener — systemd unit (VPS Paris).
|
|
#
|
|
# DISTINCT from expria-backend.service: this runs the webhook listener, not the
|
|
# API. Keeping them separate is required — a deploy restarts expria-backend, so
|
|
# the listener must NOT be a child of it or the deploy would kill itself.
|
|
#
|
|
# Install (ops step, after CP1 validation):
|
|
# sudo cp deploy/expria-deploy.service /etc/systemd/system/expria-deploy.service
|
|
# sudo systemctl daemon-reload
|
|
# sudo systemctl enable --now expria-deploy
|
|
# Logs:
|
|
# journalctl -u expria-deploy -f
|
|
|
|
[Unit]
|
|
Description=Expria auto-deploy webhook listener (Forgejo push -> deploy)
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=deploy
|
|
Group=deploy
|
|
WorkingDirectory=/opt/expria/expria-backend/deploy
|
|
EnvironmentFile=/etc/expria/webhook.env
|
|
ExecStart=/usr/bin/node /opt/expria/expria-backend/deploy/webhook-listener.mjs
|
|
Restart=always
|
|
RestartSec=5
|
|
# NOTE: NoNewPrivileges MUST stay false (default) — deploy.sh relies on sudo for
|
|
# the single restricted rule: systemctl restart expria-backend.service.
|
|
# ProtectSystem=strict is intentionally NOT set: deploy.sh writes the checkout
|
|
# under /opt/expria/expria-backend (git pull, npm ci, build).
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|