- Add AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN to systemd service files
- Add sensorpajen user to bluetooth group in postinst
- Improve setcap error handling in postinst with clearer messaging
- Add comprehensive troubleshooting section for Bluetooth permission errors
This fixes the 'Operation not permitted' error when the service tries to
access Bluetooth hardware. The fix uses two layers of protection:
1. systemd AmbientCapabilities (modern, robust)
2. File capabilities via setcap (traditional, wider compatibility)
NoNewPrivileges=true prevents file capabilities from working.
Since we need CAP_NET_RAW/CAP_NET_ADMIN for Bluetooth, we must
disable this security feature.
- Created systemd/sensorpajen.service user service unit
- Uses %h for portability across systems
- Loads environment from EnvironmentFile
- Auto-restart with bluetooth capabilities
- Comprehensive security settings
- Created systemd/README.md
- Installation instructions
- Service management commands
- Troubleshooting guide
- Log viewing examples
- Updated ROADMAP.md to mark Phase 6 complete
