feat: systemd user service file for headless deployment

Hardened unit with ProtectSystem/ProtectHome, auto-restart on failure, and ExecReload for SIGHUP hot config reload. Docs updated with setup, management, and enable-linger instructions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 19:25:36 +01:00
parent 638f12dbb3
commit f4f3132b6b
7 changed files with 104 additions and 5 deletions
--- a/docs/INSTALL.md
+++ b/docs/INSTALL.md
@@ -68,6 +68,45 @@ Verify:
 which bouncer
 ```

+## Systemd (User Service)
+
+Install and enable the bouncer as a user service (no root required):
+
+```bash
+mkdir -p ~/.config/systemd/user
+cp config/bouncer.service ~/.config/systemd/user/bouncer.service
+```
+
+Edit `ExecStart=` paths if your install differs from the defaults:
+
+```bash
+$EDITOR ~/.config/systemd/user/bouncer.service
+```
+
+Enable and start:
+
+```bash
+systemctl --user daemon-reload
+systemctl --user enable bouncer
+systemctl --user start bouncer
+```
+
+Enable lingering so the service runs without an active login session:
+
+```bash
+sudo loginctl enable-linger $USER
+```
+
+### Management
+
+```bash
+systemctl --user status bouncer       # check status
+systemctl --user restart bouncer      # restart
+systemctl --user stop bouncer         # stop
+journalctl --user -u bouncer -f       # follow logs
+systemctl --user reload bouncer       # hot reload config (SIGHUP)
+```
+
 ## Dependencies

 Installed automatically by `make dev`: