Guard deploy workflow against running on the bare template repo

.gitea/workflows/deploy.yml

@@ -31,6 +31,9 @@ concurrency:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    # Skip on the template repo itself (placeholders unsubstituted → would fail).
+    # Generated repos have a different name, so this guard passes for them.
+    if: ${{ gitea.repository != 'pplate/homelab-app-template' }}
     env:
       COMPOSE: docker compose -f docker-compose.yml -f docker-compose.truenas.yml -p __PROJECT__
       # Production secrets — set in Gitea repo Settings → Actions → Secrets.

README.md

@@ -52,7 +52,11 @@ You bring the actual app code (Spring backend in `backend/`, Next.js frontend in
    for s in AUTH_SECRET JWT_SECRET DB_PASSWORD; do echo "$s=$(openssl rand -base64 32)"; done
    ```
 
-4. **Push to `main`.** The instance-level act_runner on TrueNAS auto-deploys.
+4. **Remove the template guard** in `.gitea/workflows/deploy.yml` — delete the
+   line `if: ${{ gitea.repository != 'pplate/homelab-app-template' }}` (it exists
+   only so the bare template repo doesn't try to deploy unsubstituted placeholders).
+
+5. **Push to `main`.** The instance-level act_runner on TrueNAS auto-deploys.
    App is live at `http://192.168.188.119:$FRONTEND_PORT`. Done — you can stay
    here for the whole early-alpha period.