# Bento app-build controller (bentod) — systemd USER service under the operator.
#
# bentod is a user service (not system) because it builds the apps and so needs
# the operator's environment directly: SSH keys to the tailnet build hosts + the
# mbp ops-agent, the app checkouts under ~/Code/Apps, and the _private layer for
# signing secrets (secrets_root). A hardened system user can't reach those.
#
# Install (one-time, no sudo except enable-linger):
#   mkdir -p ~/.config/systemd/user
#   install -m 0644 bentod.service ~/.config/systemd/user/
#   loginctl enable-linger "$USER"        # keep it running across logout/reboot
#   systemctl --user daemon-reload
#   systemctl --user enable --now bentod
#
# Watch:  journalctl --user -u bentod -f
# Deploy a new bentod: build, copy to ~/.local/bin/bentod, `systemctl --user
# restart bentod` (no sudo — that's the point of a user service).
[Unit]
Description=Bento app build controller
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=%h/.local/bin/bentod
Restart=on-failure
RestartSec=5
Environment=BENTO_CONFIG=%h/.config/bento/bento-daemon.toml
# Loopback bind (default) needs no token. For a tailnet bind, set listen to the
# tailnet IP in bento-daemon.toml AND provide BENTO_API_TOKEN here, e.g.:
#   EnvironmentFile=-%h/.config/bento/bento.env   # contains BENTO_API_TOKEN=...
StandardOutput=journal
StandardError=journal
SyslogIdentifier=bentod

[Install]
WantedBy=default.target