[Unit]
Description=Netdata Zulip Bot - Webhook service for Netdata Cloud notifications
After=network.target network-online.target
Wants=network-online.target

[Service]
Type=simple
User=netdata-bot
Group=netdata-bot
WorkingDirectory=/opt/netdata-zulip-bot
Environment=PATH=/opt/netdata-zulip-bot/.venv/bin:/usr/local/bin:/usr/bin:/bin

# Server configuration
Environment=SERVER_DOMAIN=your-webhook-domain.com
Environment=SERVER_HOST=0.0.0.0
Environment=SERVER_PORT=8443
Environment=SERVER_CERT_PATH=/etc/letsencrypt/live
Environment=SERVER_ENABLE_MTLS=true

# Zulip configuration (if using environment variables instead of zuliprc)
# Environment=ZULIP_SITE=https://yourorg.zulipchat.com
# Environment=ZULIP_EMAIL=netdata-bot@yourorg.zulipchat.com
# Environment=ZULIP_API_KEY=your-api-key
# Environment=ZULIP_STREAM=netdata-alerts

ExecStart=/opt/netdata-zulip-bot/.venv/bin/netdata-zulip-bot
ExecReload=/bin/kill -HUP $MAINPID

# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/netdata-zulip-bot
ReadOnlyPaths=/etc/letsencrypt/live

# Resource limits
LimitNOFILE=65536
MemoryHigh=256M
MemoryMax=512M

# Restart settings
Restart=always
RestartSec=5
StartLimitInterval=60
StartLimitBurst=3

# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=netdata-zulip-bot

[Install]
WantedBy=multi-user.target