[Unit]
Description=Xonotic Prometheus Exporter
Documentation=https://git.cyperpunk.de/DerGrumpf/Xonotic-Exporter
After=network.target

[Service]
Type=simple

# ── User / group ──────────────────────────────────────────────────────────────
User=monitoring
Group=monitoring

# ── Working directory & binary ────────────────────────────────────────────────
WorkingDirectory=/opt/xonotic_exporter

# Single command — the TOML file contains all server definitions.
# Adjust the path to the venv and config file as needed.
ExecStart=/opt/xonotic_exporter/venv/bin/xonotic-exporter serve \
    /etc/xonotic_exporter/xonotic_exporter.toml

# Send SIGHUP to reload config without restarting the process
ExecReload=/bin/kill -HUP $MAINPID

# ── Restart policy ────────────────────────────────────────────────────────────
Restart=on-failure
RestartSec=5s
KillSignal=SIGTERM
TimeoutStopSec=10s

# ── Hardening ─────────────────────────────────────────────────────────────────
NoNewPrivileges=yes
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=strict
ReadWritePaths=/var/log/xonotic_exporter
SystemCallFilter=~@debug @keyring @module @mount @reboot @swap
CapabilityBoundingSet=

[Install]
WantedBy=multi-user.target