# systemd unit for the FastAPI process.
#
# Install:
#   sudo cp deploy/systemd/rfc-app.service /etc/systemd/system/
#   sudo systemctl daemon-reload
#   sudo systemctl enable --now rfc-app
#   sudo systemctl status rfc-app
#
# Logs:
#   sudo journalctl -u rfc-app -f
#
# Per §4.2 the app is intentionally single-process — one uvicorn
# worker, colocated SQLite. If the deployment ever needs more than one
# worker, the spec calls for a planned migration to Postgres first;
# raising `--workers` here would break the WAL-mode SQLite invariant.

[Unit]
Description=Wiggleverse RFC app
After=network.target
Documentation=https://git.wiggleverse.org/ben.stull/rfc-app

[Service]
Type=simple
User=rfc-app
Group=rfc-app
WorkingDirectory=/opt/rfc-app/backend
EnvironmentFile=/opt/rfc-app/backend/.env
ExecStart=/opt/rfc-app/backend/.venv/bin/uvicorn app.main:app \
    --host 127.0.0.1 \
    --port 8000 \
    --proxy-headers \
    --forwarded-allow-ips 127.0.0.1
Restart=on-failure
RestartSec=5s

# Hardening — modest defaults; tighten further if the host runs other
# services. The bot wrapper writes only to its own data dir; everything
# else is read-only.
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
ReadWritePaths=/opt/rfc-app/backend/data

[Install]
WantedBy=multi-user.target