[Unit]
Description=MYP Kiosk Watchdog Service - Python-basierte intelligente Überwachung
Documentation=https://github.com/MYP-Druckerverwaltung
After=multi-user.target myp-https.service
Wants=myp-https.service

[Service]
Type=simple
User=root
Restart=always
RestartSec=30
TimeoutStartSec=60
TimeoutStopSec=30

# Python-basierter Watchdog mit erweiterten Features
WorkingDirectory=/opt/myp
ExecStartPre=/usr/bin/python3 -c "import psutil, requests; print('Python-Dependencies verfügbar')"
ExecStart=/usr/bin/python3 /opt/myp/utils/watchdog_manager.py --app-dir /opt/myp --daemon

# Umgebungsvariablen für Python-Watchdog
Environment=PYTHONPATH=/opt/myp
Environment=PYTHONUNBUFFERED=1
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Environment=DISPLAY=:0
Environment=SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
Environment=LC_ALL=C.UTF-8
Environment=LANG=C.UTF-8

# Logging-Konfiguration
StandardOutput=journal
StandardError=journal
SyslogIdentifier=myp-watchdog-python

# Sicherheitseinstellungen
NoNewPrivileges=false
PrivateTmp=false
ProtectSystem=strict
ReadWritePaths=/var/log
ReadWritePaths=/opt/myp
ReadWritePaths=/home/kiosk
ReadWritePaths=/proc/sys/vm
ReadWritePaths=/tmp

# Resource-Limits für Python-Prozess
MemoryMax=512M
CPUQuota=50%

# Restart-Verhalten bei Fehlern
StartLimitBurst=5
StartLimitInterval=300

[Install]
WantedBy=multi-user.target