deploy: add systemd unit + show-secret CLI command

bincio-auth.service: runs at port 4040, reads BINCIO_AUTH_JWT_SECRET from /etc/bincio/secrets.env (shared with bincio-activity). show-secret: prints the JWT secret stored by 'bincio-auth init', so the operator can add it to secrets.env without raw sqlite3.
2026-06-02 15:09:00 +02:00
parent 0e0e5d5622
commit 3dafe3840b
2 changed files with 34 additions and 0 deletions
@@ -0,0 +1,17 @@
+[Unit]
+Description=bincio-auth API
+After=network.target
+
+[Service]
+WorkingDirectory=/opt/bincio-auth
+ExecStart=/root/.local/bin/uv run bincio-auth serve \
+    --data-dir /var/bincio-auth/data \
+    --host 127.0.0.1 \
+    --port 4040
+EnvironmentFile=/etc/bincio/secrets.env
+Environment=SESSION_DOMAIN=.bincio.org
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target