# Multithreaded forum systemd service
# Place in /etc/systemd/system/multithreaded.service
#
# Commands:
#   sudo systemctl daemon-reload
#   sudo systemctl enable multithreaded
#   sudo systemctl start multithreaded
#   sudo systemctl status multithreaded
#   journalctl -u multithreaded -f

[Unit]
Description=Multithreaded - Forum-first community software
After=network.target postgresql.service
Requires=postgresql.service

[Service]
Type=simple
User=multithreaded
Group=multithreaded
WorkingDirectory=/opt/multithreaded
ExecStart=/opt/multithreaded/multithreaded
Restart=always
RestartSec=5

# Environment file with secrets
EnvironmentFile=/opt/multithreaded/.env
Environment=HOME=/opt/multithreaded

# Security hardening
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
ReadWritePaths=/opt/multithreaded
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
LockPersonality=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
SystemCallArchitectures=native

# Resource limits
LimitNOFILE=65535
MemoryMax=512M

# Logging (goes to journald)
StandardOutput=journal
StandardError=journal
SyslogIdentifier=multithreaded

[Install]
WantedBy=multi-user.target