Update README: Docker networking fix and systemd service setup

Documents the gateway IP approach for Docker on Linux and adds
step-by-step systemd service installation instructions.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

README.md

@@ -101,25 +101,51 @@ python app.py
 
 The server binds to `0.0.0.0:5010` (or your configured port). Keep it running as a service or in a screen/tmux session.
 
-For production use, consider running it with a process manager:
+For production use, run it as a systemd service so it starts automatically on boot and restarts on failure.
+
+**1. Create the service file:**
 
 ```bash
-# With systemd (example unit file)
-# /etc/systemd/system/blight-cue.service
+sudo nano /etc/systemd/system/blight-cue.service
+```
+
+Paste the following, adjusting the paths and user to match your setup:
+
+```ini
 [Unit]
 Description=BLIGHT: CUE webhook listener
 After=network.target
 
 [Service]
-WorkingDirectory=/path/to/Blight_Reader
-ExecStart=/path/to/Blight_Reader/.venv/bin/python app.py
+User=artanis
+WorkingDirectory=/home/artanis/Documents/BLIGHT_CUE
+ExecStart=/home/artanis/Documents/BLIGHT_CUE/.venv/bin/python app.py
 Restart=always
+RestartSec=5
 
 [Install]
 WantedBy=multi-user.target
 ```
 
-> Replace `/path/to/Blight_Reader` with the actual path. The venv Python is at `.venv/bin/python` relative to the project root — create it with `python3 -m venv .venv && .venv/bin/pip install -r requirements.txt`.
+**2. Enable and start the service:**
+
+```bash
+sudo systemctl daemon-reload
+sudo systemctl enable blight-cue
+sudo systemctl start blight-cue
+```
+
+**3. Check it's running:**
+
+```bash
+sudo systemctl status blight-cue
+```
+
+**4. View logs:**
+
+```bash
+journalctl -u blight-cue -f
+```
 
 ---
 
@@ -146,13 +172,26 @@ services:
 docker compose down && docker compose up -d
 ```
 
-**3. Register the webhook using `host.docker.internal` as the host** (see below), with the Target URL set to:
+**3. Find the host's IP from the container's perspective:**
 
-```
-http://host.docker.internal:5010/webhook
+```bash
+docker exec -it <gitea-container-name> ip route show default
 ```
 
-> **Note:** If Gitea is not running when CUE fires, or CUE is not running when Gitea sends a webhook, the delivery will fail. You can use the **Redeliver** button in the webhook's delivery history to retry without needing to push again.
+This returns something like `default via 172.20.0.1 dev eth0`. That gateway IP is the host's address reachable from the container — use it as the webhook target.
+
+> **Note:** `host.docker.internal` resolves to the default `docker0` bridge (`172.17.0.1`) on Linux, which may not be reachable if Gitea is on a custom Docker network. Using the gateway IP directly is more reliable.
+
+**4. Whitelist the IP in Gitea's config:**
+
+```yaml
+environment:
+  - GITEA__webhook__ALLOWED_HOST_LIST=172.20.0.1  # replace with your gateway IP
+```
+
+**5. Restart Gitea again** after adding the environment variable.
+
+> **Note:** If CUE is not running when Gitea sends a webhook, the delivery will fail. You can use the **Redeliver** button in the webhook's delivery history to retry without needing to push again.
 
 ---
 
@@ -163,7 +202,7 @@ Do this for **each repository** you want BLIGHT: CUE to watch.
 1. Open the repository in Gitea.
 2. Go to **Settings** → **Webhooks** → **Add Webhook** → **Gitea**.
 3. Set the fields:
-   - **Target URL**: `http://host.docker.internal:5010/webhook` (Docker) or `http://<host-ip>:5010/webhook` (non-Docker)
+   - **Target URL**: `http://<gateway-ip>:5010/webhook` (e.g. `http://172.20.0.1:5010/webhook`)
    - **HTTP Method**: POST
    - **Content Type**: `application/json`
    - **Secret**: the same value as `WEBHOOK_SECRET` in your `.env`