Grant devs journal access

Update dev-add to add systemd-journal group and extend check-deploy output.

scripts/check-deploy

@@ -49,3 +49,33 @@ echo
 
 echo "== Remote current system =="
 ssh "root@${HOST}" 'readlink /run/current-system'
+
+echo
+
+echo "== Musiclink local repo HEAD =="
+musiclink_repo="/home/dan/proj/musiclink"
+if [[ -d "$musiclink_repo/.git" ]]; then
+  git -C "$musiclink_repo" rev-parse HEAD
+else
+  echo "(missing $musiclink_repo)"
+fi
+
+echo
+
+echo "== Musiclink flake.lock rev =="
+python3 - <<'PY'
+import json
+from pathlib import Path
+lock_path = Path("flake.lock")
+try:
+    data = json.loads(lock_path.read_text())
+    rev = data["nodes"]["musiclink"]["locked"].get("rev")
+    print(rev or "(missing rev)")
+except Exception as exc:
+    print(f"(error reading flake.lock: {exc})")
+PY
+
+echo
+
+echo "== Musiclink running ExecStart =="
+ssh "root@${HOST}" 'systemctl show -p ExecStart musiclink --value'

scripts/dev-add.sh

@@ -76,6 +76,12 @@ create_user() {
         log_info "Added to devs group"
     fi
 
+    # Add to systemd-journal group for log access
+    if ! groups "$username" | grep -q '\bsystemd-journal\b'; then
+        usermod -aG systemd-journal "$username"
+        log_info "Added to systemd-journal group"
+    fi
+
     # Set up SSH directory and login key (authorized_keys)
     local ssh_dir="/home/$username/.ssh"
     mkdir -p "$ssh_dir"