# DChain single-node pull-and-restart service.
#
# Install:
#   sudo cp dchain-update.service dchain-update.timer /etc/systemd/system/
#   sudo systemctl daemon-reload
#   sudo systemctl enable --now dchain-update.timer
#
# View runs:
#   systemctl list-timers dchain-update.timer
#   journalctl -u dchain-update.service -n 200 --no-pager
#
# The timer (sibling file) fires the service; the service runs update.sh
# once per fire, which itself is a no-op when HEAD hasn't moved.

[Unit]
Description=DChain node: fetch latest, rebuild, rolling restart
Documentation=file:///opt/dchain/deploy/UPDATE_STRATEGY.md
# Don't try to update while Docker is still coming up after a host reboot.
After=docker.service network-online.target
Requires=docker.service

[Service]
Type=oneshot
# REPO_DIR + COMPOSE_FILE come from the update script's defaults; override
# here with Environment= if you moved the checkout to a non-default path.
WorkingDirectory=/opt/dchain
EnvironmentFile=-/opt/dchain/deploy/single/node.env
ExecStart=/opt/dchain/deploy/single/update.sh

# Lock down the unit — update.sh only needs git + docker + curl.
PrivateTmp=true
NoNewPrivileges=true
ProtectSystem=strict
ReadWritePaths=/opt/dchain /var/run/docker.sock
ProtectHome=true