fix(deploy): ExecStart srcds_run from merged overlay, not installation/

srcds_run is a shell script that cd's to its own dirname before exec'ing srcds_linux, so WorkingDirectory has no effect — the binary's path is what determines where the engine reads gameinfo.txt and addons from. Pointing at installation/srcds_run resolved everything against the lower layer, so overlay-provided Metamod/SourceMod plugins and cfgs (zonemod, confogl) never loaded. Switch to runtime/%i/merged/srcds_run so the engine sees the merged tree. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
test(deploy): drop stale web.env lifecycle assertions
2026-05-09 14:03:12 +02:00 · 2026-05-09 13:33:05 +02:00
2 changed files with 20 additions and 4 deletions
--- a/deploy/files/usr/local/lib/systemd/system/left4me-server@.service
+++ b/deploy/files/usr/local/lib/systemd/system/left4me-server@.service
@ -33,7 +33,13 @@ WorkingDirectory=-/var/lib/left4me/runtime/%i/merged/left4dead2
 # anyway. ExecStopPost (not ExecStop) so unmount runs after the cgroup is
 # cleared; ExecStop runs while srcds is still alive and would EBUSY.
 ExecStartPre=+/usr/local/libexec/left4me/left4me-overlay mount %i
-ExecStart=/var/lib/left4me/installation/srcds_run -game left4dead2 +hostport ${L4D2_PORT} $L4D2_ARGS
+# Run from the merged overlay, NOT installation/. srcds_run is a shell
+# script that `cd`s to its own dirname before exec'ing srcds_linux, so the
+# binary's path determines where the engine reads gameinfo.txt and addons
+# from — WorkingDirectory has no effect. Invoking installation/srcds_run
+# would resolve everything against the lower layer and never see overlay-
+# provided plugins (Metamod/SourceMod) or cfgs (zonemod, confogl).
+ExecStart=/var/lib/left4me/runtime/%i/merged/srcds_run -game left4dead2 +hostport ${L4D2_PORT} $L4D2_ARGS
 ExecStopPost=+/usr/local/libexec/left4me/left4me-overlay umount %i
 Restart=on-failure
 RestartSec=5
--- a/deploy/tests/test_deploy_artifacts.py
+++ b/deploy/tests/test_deploy_artifacts.py
@ -67,7 +67,11 @@ def test_server_unit_contains_required_runtime_contract():
    # mount helper before the merged dir exists. ExecStart re-applies and
    # finds the dir once the mount has landed.
    assert "WorkingDirectory=-/var/lib/left4me/runtime/%i/merged/left4dead2" in unit
-    assert "ExecStart=/var/lib/left4me/installation/srcds_run" in unit
+    # ExecStart must invoke srcds_run from the *merged* overlay tree, not
+    # from installation/. srcds_run cds to its own dirname; if we point at
+    # installation/, the engine reads gameinfo.txt and addons from the lower
+    # layer and never sees overlay plugins (Metamod/SourceMod) or cfgs.
+    assert "ExecStart=/var/lib/left4me/runtime/%i/merged/srcds_run" in unit
    assert "$L4D2_ARGS" in unit
    assert "${L4D2_ARGS}" not in unit
    assert "NoNewPrivileges=true" in unit
@ -423,8 +427,14 @@ def test_deploy_script_has_safe_defaults_and_preserves_state() -> None:
    assert "for attempt in" in script
    assert "/opt/left4me/.venv" in script
    assert "visudo -cf /etc/sudoers.d/left4me" in script
-    assert "if [ ! -f /etc/left4me/web.env ]" in script
-    assert ". /etc/left4me/web.env\n" not in script
+    # Note: assertions about web.env's lifecycle (create-only-if-missing /
+    # never-sourced-from-deploy) used to live here. They became stale in
+    # commit caa8b83, which switched to "rewrite web.env every deploy with a
+    # machine-id-derived SECRET_KEY" and started sourcing web.env in the
+    # alembic + seed helper subprocesses. Removed entirely; current behavior
+    # is covered by `install -m 0640 ... /etc/left4me/web.env` which is
+    # checked indirectly via the SECRET_KEY rewrite + run_left4me_with_env
+    # plumbing below.
    assert "run_left4me_with_env" in script
    assert "LEFT4ME_ADMIN_USERNAME" in script
    assert "LEFT4ME_ADMIN_PASSWORD" in script