[Unit]
Description=DeBros Namespace Gateway (%i)
Documentation=https://github.com/DeBrosOfficial/network
After=network.target debros-namespace-rqlite@%i.service debros-namespace-olric@%i.service
Requires=debros-namespace-rqlite@%i.service debros-namespace-olric@%i.service
PartOf=debros-node.service

[Service]
Type=simple
User=debros
Group=debros
WorkingDirectory=/home/debros

EnvironmentFile=/home/debros/.orama/data/namespaces/%i/gateway.env

# Use shell to properly expand NODE_ID from env file
ExecStart=/bin/sh -c 'exec /home/debros/bin/gateway --config ${GATEWAY_CONFIG}'

TimeoutStopSec=30s
KillMode=mixed
KillSignal=SIGTERM

Restart=on-failure
RestartSec=5s

StandardOutput=journal
StandardError=journal
SyslogIdentifier=debros-gateway-%i

# Security hardening
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=read-only
ProtectKernelTunables=yes
ProtectKernelModules=yes
ReadWritePaths=/home/debros/.orama/data/namespaces

LimitNOFILE=65536
MemoryMax=1G

[Install]
WantedBy=multi-user.target