[Unit]
Description=EnvGuard Server
After=network.target

[Service]
# User/Group: Run as root by default to ensure permission to write to /var/lib/env-guard
# You can change this to a specific user if preferred (e.g., User=envguard), 
# but remember to 'chown -R envguard:envguard /var/lib/env-guard'
User=root
Group=root

# Path to the binary
ExecStart=/usr/local/bin/env-guard-server

# Directory where services.json and history.json will be stored
WorkingDirectory=/var/lib/env-guard

# Restart policy
Restart=always
RestartSec=5

# Environment variables if needed
# Environment=ENVGUARD_SECRET_TOKEN=your-secret-token

[Install]
WantedBy=multi-user.target