fix(deploy): use port 17380 and add journal diagnostics on failure

- Change mm-dash default bind from 3000 to 17380 to avoid collisions with existing services on shared hosts - Add journal output for failed units in the verification step so startup errors are immediately visible in deploy output - Stop services before restarting to release ports cleanly Tested end-to-end: all 7 services active, nginx configured and reloading, postgres bootstrapped with mTLS ident mapping. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-23 08:40:56 +03:00
parent aea675fc90
commit a986bb72c4
7 changed files with 12 additions and 7 deletions
--- a/asset/config/config.toml.tmpl
+++ b/asset/config/config.toml.tmpl
@@ -34,4 +34,4 @@ forge = "gitea-internal"
 username = "grenade"

 [dash]
-bind = "127.0.0.1:3000"
+bind = "127.0.0.1:17380"
--- a/asset/firewalld/mm-dash.xml
+++ b/asset/firewalld/mm-dash.xml
@@ -2,5 +2,5 @@
 <service>
  <short>mm-dash</short>
  <description>mm dashboard REST API</description>
-  <port protocol="tcp" port="3000"/>
+  <port protocol="tcp" port="17380"/>
 </service>
--- a/asset/manifest.yml
+++ b/asset/manifest.yml
@@ -5,7 +5,7 @@ environments:
      services:
        hosts: [nikola.kosherinata.internal]
        config:
-          bind: 127.0.0.1:3000
+          bind: 127.0.0.1:17380
          log_level: info
      nginx:
        hosts: [oolon.kosherinata.internal]
--- a/asset/nginx/mm.kosherinata.conf
+++ b/asset/nginx/mm.kosherinata.conf
@@ -9,7 +9,7 @@ server {

    # API — reverse proxy to mm-dash on nikola
    location /api/ {
-        proxy_pass http://nikola.kosherinata.internal:3000;
+        proxy_pass http://nikola.kosherinata.internal:17380;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
--- a/crates/mm-core/src/config.rs
+++ b/crates/mm-core/src/config.rs
@@ -197,7 +197,7 @@ impl Default for DashConfig {
 }

 fn default_dash_bind() -> String {
-    "0.0.0.0:3000".to_string()
+    "127.0.0.1:17380".to_string()
 }

 #[derive(Debug, Deserialize)]
--- a/mm.toml.example
+++ b/mm.toml.example
@@ -45,4 +45,4 @@ forge = "gitea-internal"
 username = "grenade"

 [dash]
-bind = "127.0.0.1:3000"
+bind = "127.0.0.1:17380"
--- a/script/deploy.sh
+++ b/script/deploy.sh
@@ -218,8 +218,11 @@ deploy_services() {
            sudo firewall-cmd --zone=\$zone --add-service=mm-dash
        fi

-        # systemd
+        # systemd — stop first to release ports, then reload and restart
        sudo systemctl daemon-reload
+        for svc in ${SERVICES[*]}; do
+            sudo systemctl stop \$svc 2>/dev/null || true
+        done
        for svc in ${SERVICES[*]}; do
            sudo systemctl enable --now \$svc
        done
@@ -233,6 +236,8 @@ deploy_services() {
                info "  $svc: active"
            else
                warn "  $svc: NOT active"
+                ssh -o BatchMode=yes "$APP_HOST" "sudo journalctl --no-pager -l --unit $svc -n 10" 2>/dev/null || true
+                echo
            fi
        fi
    done