[Unit]
Description=Skull AI Service - LLM Client for Skull Pi
After=network.target mosquitto.service
Requires=mosquitto.service
StartLimitIntervalSec=60
StartLimitBurst=3

[Service]
Type=simple
User=skull
Group=skull
WorkingDirectory=/opt/Skull/apps
Environment=PYTHONPATH=/opt/Skull/apps
EnvironmentFile=-/opt/Skull/config/ai.env
ExecStart=/opt/Skull/bin/skull-ai.sh
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=5
TimeoutStopSec=30
KillMode=mixed
KillSignal=SIGTERM

# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=skull-ai

# Security hardening
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=yes
PrivateTmp=yes
ReadWritePaths=/opt/Skull/logs
ReadOnlyPaths=/opt/Skull/config

# Resource limits
LimitNOFILE=1024
LimitNPROC=512
MemoryMax=256M
CPUQuota=50%

[Install]
WantedBy=multi-user.target
Alias=skull-ai