[Unit]
Description=LibreTime Worker Service
PartOf=libretime.target

[Service]
NoNewPrivileges=true
CapabilityBoundingSet=
PrivateDevices=true
PrivateTmp=true
PrivateUsers=true
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=full

Environment=PYTHONOPTIMIZE=2
Environment=LIBRETIME_CONFIG_FILEPATH=@@CONFIG_FILEPATH@@
Environment=LIBRETIME_LOG_FILEPATH=@@LOG_DIR@@/worker.log
WorkingDirectory=@@WORKING_DIR@@/worker

ExecStart=/usr/local/bin/libretime-worker
Restart=always

User=libretime
Group=libretime

[Install]
WantedBy=multi-user.target