feat: sync current progress (P0 hardening + P1 observability + deploy docs/systemd)

deploy/systemd/asset-tracker.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=Asset Tracker Service
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/root/.openclaw/workspace/asset-tracker
+EnvironmentFile=-/root/.openclaw/workspace/asset-tracker/.env.production
+Environment=APP_ENV=production
+Environment=HTTP_ADDR=:9530
+Environment=DB_PATH=/root/.openclaw/workspace/asset-tracker/data/asset-tracker.db
+Environment=DEFAULT_TIMEZONE=Asia/Shanghai
+ExecStart=/root/.openclaw/workspace/asset-tracker/bin/asset-tracker
+Restart=always
+RestartSec=3
+LimitNOFILE=65535
+StandardOutput=append:/root/.openclaw/workspace/asset-tracker/logs/server.log
+StandardError=append:/root/.openclaw/workspace/asset-tracker/logs/server.log
+
+[Install]
+WantedBy=multi-user.target

deploy/systemd/install_systemd.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SERVICE_NAME=asset-tracker.service
+SRC_DIR="$(cd "$(dirname "$0")" && pwd)"
+SRC_FILE="$SRC_DIR/$SERVICE_NAME"
+DST_FILE="/etc/systemd/system/$SERVICE_NAME"
+ENV_FILE="/root/.openclaw/workspace/asset-tracker/.env.production"
+
+if [[ ! -f "$SRC_FILE" ]]; then
+  echo "missing $SRC_FILE"
+  exit 1
+fi
+
+install -m 0644 "$SRC_FILE" "$DST_FILE"
+systemctl daemon-reload
+
+if [[ ! -f "$ENV_FILE" ]]; then
+  cp /root/.openclaw/workspace/asset-tracker/.env.production.example "$ENV_FILE"
+  echo "Created $ENV_FILE from example. Please set JWT_SECRET before start."
+fi
+
+echo "Installed $DST_FILE"
+echo "Next: edit $ENV_FILE and set strong JWT_SECRET"
+echo "Then run: systemctl enable --now asset-tracker"