- Move deploy/nginx.conf -> deploy/conf.d/default.conf and mount the
directory so future config changes can be hot-reloaded with
`nginx -s reload` instead of a full container restart.
- Add deploy/hook.py: a tiny stdlib HMAC-validated webhook listener that
runs pull.sh on Gitea push events. Bound to 127.0.0.1:9528 and
fronted by openresty at /_hook/deploy.
- Add the matching systemd unit at deploy/facere-deploy-hook.service.
- Teach pull.sh the new layout (reload vs. restart vs. compose up -d)
and self-restart the hook listener if hook.py changes.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Cron on the host runs deploy/pull.sh every minute. It fetches main,
fast-forwards the working tree, and restarts the facere-web container
when deploy/nginx.conf changes (Docker bind-mounts the file by inode,
so the in-container view is otherwise stale after a git reset).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
