Add production Jenkins release pipelines

deploy/systemd/genarrative-api.service

@@ -0,0 +1,26 @@
+[Unit]
+Description=Genarrative Rust API Server
+After=network-online.target spacetimedb.service
+Wants=network-online.target
+Requires=spacetimedb.service
+
+[Service]
+Type=simple
+User=genarrative
+Group=genarrative
+WorkingDirectory=/opt/genarrative/current
+EnvironmentFile=/etc/genarrative/api-server.env
+ExecStart=/opt/genarrative/current/api-server
+Restart=always
+RestartSec=5
+KillSignal=SIGINT
+TimeoutStopSec=30
+
+# api-server 只读发布目录，运行态写入必须显式落到环境变量指定的服务端私有目录。
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=full
+ReadWritePaths=/opt/genarrative /var/lib/genarrative
+
+[Install]
+WantedBy=multi-user.target

deploy/systemd/spacetimedb.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=SpacetimeDB Server
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=spacetimedb
+Group=spacetimedb
+WorkingDirectory=/stdb
+ExecStart=/stdb/spacetime --root-dir=/stdb start --listen-addr=127.0.0.1:3000
+Restart=always
+RestartSec=5
+LimitNOFILE=1048576
+
+# 生产库只监听本机端口，由 Nginx 暴露最小客户端路由。
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=full
+ReadWritePaths=/stdb
+
+[Install]
+WantedBy=multi-user.target