# Systemd units for DChain auto-update

Two files, one-time setup.

## Install

Assumes the repo is checked out at `/opt/dchain`. Adjust `WorkingDirectory=`
and `EnvironmentFile=` in `dchain-update.service` if you put it elsewhere.

```bash
sudo cp dchain-update.{service,timer} /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl enable --now dchain-update.timer
```

## Verify

```bash
# When does the timer next fire?
systemctl list-timers dchain-update.timer

# What did the last run do?
journalctl -u dchain-update.service -n 100 --no-pager

# Run one update immediately, without waiting for the timer
sudo systemctl start dchain-update.service
```

## How it behaves

- Every hour (± up to 15 min jitter) the timer triggers the service.
- The service runs `update.sh` once, which:
  - fetches `origin/main`
  - if HEAD didn't move: exits 0, nothing touched
  - if HEAD moved: fast-forwards, rebuilds image, smoke-tests the new
    binary, restarts the container, polls health
- Downtime per update is ~5-8 seconds (Badger reopen + HTTP listener warm-up).
- Failures write to journal; add `OnFailure=` if you want Pushover/email.

## Disable auto-update

If you want to pin a version and review changes manually:

```bash
sudo systemctl disable --now dchain-update.timer
```

You can still invoke `update.sh` by hand when you've reviewed and
fast-forwarded your working tree.

## Why hourly + jitter

A whole federation restarting in the same 60-second window would drop PBFT
quorum below 2/3 for that window. With 1-hour cadence and 15-min jitter, the
max probability of two validators being down simultaneously is about
`(15s / 15min)² × N_validators²`, which stays safely below the quorum floor
for any realistic N.