(ops) Add native update wrapper for production deploys

Add scripts/update-systemd as a safer routine deploy entrypoint for native
systemd installations. The wrapper keeps updates non-interactive, preserves the
existing environment file, skips OS package installation, and avoids superuser
creation prompts while still reusing the installer refresh flow.

Document the update path in the README and capture the maintenance expectation
in the development notes.

README.md

@@ -177,16 +177,27 @@ From a fresh checkout or the existing app directory:
 
 ```
 git pull
-sudo scripts/install-systemd --non-interactive
+sudo scripts/update-systemd
 ```
 
-The installer preserves an existing `/etc/pobsync/pobsync.env` unless you pass `--force-env`. It refreshes the installed
-app, Python dependencies, migrations, static files, and restarts the systemd services so new Django code is loaded.
+The updater is a thin wrapper around the installer for normal production deploys. It preserves the existing
+`/etc/pobsync/pobsync.env`, skips OS package installation, skips superuser creation, refreshes the installed app, updates
+Python dependencies, runs migrations, collects static files, and restarts the systemd services so new Django code is
+loaded.
+
+Use the full installer again when you intentionally want to change install-time settings, install OS packages, enable
+nginx, or rewrite the environment file:
+
+```
+sudo scripts/install-systemd --non-interactive
+sudo scripts/install-systemd --force-env
+```
 
 Then check:
 
 ```
 systemctl status pobsync-web pobsync-worker pobsync-scheduler
+sudo -u pobsync pobsync-manage check
 ```
 
 ## Development

docs/development.md

@@ -74,12 +74,17 @@ sudo scripts/install-systemd
 sudo scripts/install-systemd --non-interactive
 sudo scripts/install-systemd --verbose
 sudo scripts/install-systemd --create-superuser --superuser-username admin
+sudo scripts/update-systemd
 ```
 
 The installer should print a short completion summary with the control panel URL, Self Check reminder, and service log
 commands. Keep normal output user-facing: pobsync step names with OK, FAILED, or SKIPPED. Full apt, pip, Django, and
 systemd output belongs behind `--verbose` or in the failed step output.
 
+The updater is intentionally a small wrapper around the installer for routine production deploys. It should stay
+non-interactive, preserve the existing environment file, skip OS package installation, skip superuser creation, and still
+run the Django/runtime refresh steps needed after a code update.
+
 ## Migration Helpers
 
 Import existing legacy YAML configs:

scripts/update-systemd

@@ -0,0 +1,41 @@
+#!/bin/sh
+set -eu
+
+SCRIPT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
+
+show_help() {
+    cat <<'EOF'
+Usage: sudo scripts/update-systemd [options]
+
+Refresh an existing native pobsync systemd install from the current checkout.
+
+This is a thin, safer update wrapper around scripts/install-systemd. It keeps
+the install non-interactive, preserves the existing environment file, skips
+superuser creation, and skips OS package installation by default.
+
+Common options are forwarded to install-systemd, for example:
+  --source-dir PATH
+  --app-dir PATH
+  --venv-dir PATH
+  --env-file PATH
+  --service-user USER
+  --service-group GROUP
+  --install-extras mariadb
+  --verbose
+
+If OS packages need to be refreshed, run scripts/install-systemd directly.
+EOF
+}
+
+case "${1:-}" in
+    -h|--help)
+        show_help
+        exit 0
+        ;;
+esac
+
+exec "$SCRIPT_DIR/install-systemd" \
+    --non-interactive \
+    --no-install-os-packages \
+    --no-create-superuser \
+    "$@"