[Unit]
Description=agent-watcher Collector — converts external events to ping inbox writes
Documentation=https://git.botbought.ai/foreman/agent-watcher
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=%h/.local/bin/agent-watcher --json-log
Restart=on-failure
RestartSec=5
# small daemon; no need for elevated limits
LimitNOFILE=4096
# read-only by intent; the daemon writes only to the inbox dir which is
# inside $HOME and unaffected by ProtectSystem.
ProtectSystem=strict
ProtectHome=read-write
PrivateTmp=yes
NoNewPrivileges=yes
# stdout/stderr go to journald automatically; --json-log makes them parseable
StandardOutput=journal
StandardError=journal
SyslogIdentifier=agent-watcher

[Install]
WantedBy=default.target