[Unit]
Description=OpenClaw AI Gateway
After=network.target docker.service
Requires=docker.service

[Service]
Type=simple
User={{ openclaw_user }}
Group={{ openclaw_user }}
WorkingDirectory={{ openclaw_home }}

# Environment variables
Environment="PNPM_HOME={{ openclaw_home }}/.local/share/pnpm"
Environment="PATH={{ openclaw_home }}/.local/bin:{{ openclaw_home }}/.local/share/pnpm:/usr/local/bin:/usr/bin:/bin"
Environment="HOME={{ openclaw_home }}"
Environment="XDG_RUNTIME_DIR=/run/user/{{ openclaw_uid_value }}"

# DBus session bus
Environment="DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/{{ openclaw_uid_value }}/bus"

# Start command
ExecStart=openclaw gateway

# Restart policy
Restart=always
RestartSec=10

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths={{ openclaw_home }}/.openclaw
ReadWritePaths={{ openclaw_home }}/.local

# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=openclaw

[Install]
WantedBy=multi-user.target