feat: add systemd timer for automatic git pull + service restart

auto-update.sh fetches origin every 5 minutes. If new commits are
found it pulls and selectively restarts only what changed:
- server/ or Cargo.*  → rebuild + restart server container
- docker-compose.yml  → full stack up -d
- proxy/Caddyfile     → caddy reload
- anything else       → no restart needed

start.sh now installs hiy-update.service + hiy-update.timer alongside
the existing hiy.service boot unit.

https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH

infra/auto-update.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+# auto-update.sh — pull latest changes and restart affected services.
+# Run by the hiy-update.timer systemd user unit every 5 minutes.
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+log() { echo "[hiy-update] $(date '+%H:%M:%S') $*"; }
+
+cd "$REPO_ROOT"
+
+# Fetch without touching the working tree.
+git fetch origin 2>&1 | sed 's/^/[git] /' || { log "git fetch failed — skipping"; exit 0; }
+
+LOCAL=$(git rev-parse HEAD)
+REMOTE=$(git rev-parse "@{u}" 2>/dev/null || echo "$LOCAL")
+
+if [ "$LOCAL" = "$REMOTE" ]; then
+    log "Already up to date ($LOCAL)."
+    exit 0
+fi
+
+log "New commits detected — pulling ($LOCAL → $REMOTE)…"
+git pull 2>&1 | sed 's/^/[git] /'
+
+# Determine which services need restarting based on what changed.
+CHANGED=$(git diff --name-only "$LOCAL" "$REMOTE")
+log "Changed files: $(echo "$CHANGED" | tr '\n' ' ')"
+
+# Always rebuild the server if any server-side code changed.
+SERVER_CHANGED=$(echo "$CHANGED" | grep -E '^server/|^Cargo' || true)
+COMPOSE_CHANGED=$(echo "$CHANGED" | grep '^infra/docker-compose' || true)
+CADDY_CHANGED=$(echo "$CHANGED"  | grep '^proxy/Caddyfile' || true)
+
+COMPOSE_CMD="podman compose --env-file $REPO_ROOT/.env -f $SCRIPT_DIR/docker-compose.yml"
+
+if [ -n "$COMPOSE_CHANGED" ]; then
+    log "docker-compose.yml changed — restarting full stack…"
+    $COMPOSE_CMD up -d
+elif [ -n "$SERVER_CHANGED" ]; then
+    log "Server code changed — rebuilding server…"
+    $COMPOSE_CMD up -d --build server
+elif [ -n "$CADDY_CHANGED" ]; then
+    log "Caddyfile changed — reloading Caddy…"
+    $COMPOSE_CMD exec caddy caddy reload --config /etc/caddy/Caddyfile --adapter caddyfile
+else
+    log "No service restart needed for these changes."
+fi
+
+log "Done."

infra/start.sh

@@ -183,3 +183,37 @@ systemctl --user daemon-reload
 systemctl --user enable hiy.service
 loginctl enable-linger "$(id -un)" 2>/dev/null || true
 echo "[hiy] Boot service installed: systemctl --user status hiy.service"
+
+# ── Install systemd timer for auto-update ─────────────────────────────────────
+UPDATE_SERVICE="$SERVICE_DIR/hiy-update.service"
+UPDATE_TIMER="$SERVICE_DIR/hiy-update.timer"
+
+cat > "$UPDATE_SERVICE" <<UNIT
+[Unit]
+Description=HIY auto-update (git pull + restart changed services)
+After=network-online.target
+
+[Service]
+Type=oneshot
+Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/$(id -un)/.local/bin
+ExecStart=${SCRIPT_DIR}/auto-update.sh
+StandardOutput=journal
+StandardError=journal
+UNIT
+
+cat > "$UPDATE_TIMER" <<UNIT
+[Unit]
+Description=HIY auto-update every 5 minutes
+
+[Timer]
+OnBootSec=2min
+OnUnitActiveSec=5min
+Unit=hiy-update.service
+
+[Install]
+WantedBy=timers.target
+UNIT
+
+systemctl --user daemon-reload
+systemctl --user enable --now hiy-update.timer
+echo "[hiy] Auto-update timer installed: systemctl --user status hiy-update.timer"