[Unit]
Description=Systant MQTT Daemon
After=network.target

[Service]
Type=exec
User=root
Group=root
ExecStart=/opt/systant/bin/systant start
ExecStop=/opt/systant/bin/systant stop
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal
SyslogIdentifier=systant
WorkingDirectory=/opt/systant

# Security settings - still apply restrictions where possible
NoNewPrivileges=true
PrivateTmp=true
ProtectHome=true
# Don't use ProtectSystem=strict since we need to read system stats
ProtectSystem=false

[Install]
WantedBy=multi-user.target