[Unit]
Description=POC portal hub (Next.js) — served at /
After=network.target

[Service]
Type=simple
User=__USER__
WorkingDirectory=__ROOT__/portal
Environment=NODE_ENV=production
Environment=PORT=3000
Environment=HOSTNAME=127.0.0.1
# Keep accounts + app registry in the rsync-excluded data/ dir so they survive deploys
# (the portal otherwise writes them under <cwd>/data, which --delete would wipe).
Environment=USERS_PATH=__ROOT__/data/portal/users.json
Environment=REGISTRY_PATH=__ROOT__/data/portal/apps.json
# Secrets (AUTH_SECRET, HUB_ADMIN_EMAIL/PASSWORD, optional GOOGLE_*) come from
# portal/.env.local, which server-setup.sh symlinks to data/secrets/portal.env
# (Next auto-loads .env.local). Kept in data/ so rsync --delete can't wipe it.
ExecStart=__ROOT__/portal/node_modules/.bin/next start -p 3000 -H 127.0.0.1
Restart=on-failure
RestartSec=3

[Install]
WantedBy=multi-user.target