fix: enable loginctl linger so user service survives SSH logout

Without linger enabled, systemd terminates all user-level processes
(including the NanoClaw service) when the last SSH session closes.
This adds `loginctl enable-linger` during setup for non-root users.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

setup/service.ts

@@ -266,6 +266,20 @@ WantedBy=${runningAsRoot ? 'multi-user.target' : 'default.target'}`;
   // Kill orphaned nanoclaw processes to avoid channel connection conflicts
   killOrphanedProcesses(projectRoot);
 
+  // Enable lingering so the user service survives SSH logout.
+  // Without linger, systemd terminates all user processes when the last session closes.
+  if (!runningAsRoot) {
+    try {
+      execSync('loginctl enable-linger', { stdio: 'ignore' });
+      logger.info('Enabled loginctl linger for current user');
+    } catch (err) {
+      logger.warn(
+        { err },
+        'loginctl enable-linger failed — service may stop on SSH logout',
+      );
+    }
+  }
+
   // Enable and start
   try {
     execSync(`${systemctlPrefix} daemon-reload`, { stdio: 'ignore' });
@@ -301,6 +315,7 @@ WantedBy=${runningAsRoot ? 'multi-user.target' : 'default.target'}`;
     UNIT_PATH: unitPath,
     SERVICE_LOADED: serviceLoaded,
     ...(dockerGroupStale ? { DOCKER_GROUP_STALE: true } : {}),
+    LINGER_ENABLED: !runningAsRoot,
     STATUS: 'success',
     LOG: 'logs/setup.log',
   });