[Unit]
Description=RPA Vision V3 - Upload API (FastAPI)
After=network-online.target
Wants=network-online.target

[Service]
Type=simple

# ---- Runtime ----
User=rpa
Group=rpa
WorkingDirectory=/opt/rpa_vision_v3/server
EnvironmentFile=/etc/rpa_vision_v3/rpa_vision_v3.env
Environment="PYTHONUNBUFFERED=1"
Environment="ENVIRONMENT=production"
Environment="RPA_SERVICE_NAME=rpa-vision-v3-api"

# Sécurité : valide les secrets (exit !=0 => systemd restart)
ExecStart=/opt/rpa_vision_v3/venv_v3/bin/python api_upload.py

# ---- Resilience ----
Restart=on-failure
RestartSec=3
TimeoutStopSec=30

# ---- Hardening (raisonnable pour un MVP) ----
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/rpa_vision_v3/data /opt/rpa_vision_v3/logs

# Logs -> journald
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target