alfred-proxy/alfred-proxy.service

[Unit]
Description=Alfred Authentication Proxy
Documentation=file:///home/jknapp/.openclaw/workspace/alfred-proxy/README.md
After=network.target openclaw-gateway.service
Wants=openclaw-gateway.service

[Service]
Type=simple
WorkingDirectory=/home/jknapp/.openclaw/workspace/alfred-proxy
ExecStart=/home/jknapp/.nvm/versions/node/v24.13.0/bin/node server.js
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal

# Environment (override with ~/.config/systemd/user/alfred-proxy.service.d/override.conf)
Environment="NODE_ENV=production"
Environment="PROXY_PORT=18790"
Environment="OPENCLAW_URL=ws://127.0.0.1:18789"
Environment="OPENCLAW_TOKEN=9b87d15fee3922ecfbe77b0ea1744851757cda618beceeba"
Environment="AUTHENTIK_URL=https://auth.dnspegasus.net"
Environment="AUTHENTIK_CLIENT_ID="
Environment="REQUIRE_AUTH=true"

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=/home/jknapp/.openclaw/workspace/alfred-proxy

[Install]
WantedBy=default.target