[Unit]
Description=Yimaru CI/CD Webhook Server
After=network.target

[Service]
Type=simple
User=yimaru
Group=yimaru
WorkingDirectory=/home/yimaru/Yimaru-CICD
Environment="NODE_ENV=production"
Environment="PATH=/home/yimaru/.bun/bin:/home/yimaru/.local/bin:/usr/local/bin:/usr/bin:/bin"
Environment="BUN_TMPDIR=/home/yimaru/Yimaru-CICD/.tmp"
Environment="BUN_INSTALL=/home/yimaru/.bun"
EnvironmentFile=/home/yimaru/Yimaru-CICD/.env
ExecStart=/home/yimaru/.bun/bin/bun dist/index.js
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
SyslogIdentifier=yimaru-cd

# Security settings
NoNewPrivileges=true
PrivateTmp=false
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=/home/yimaru/Yimaru-CICD /home/yimaru/.npm /var/www/html /home/yimaru/yimaru_admin /home/yimaru/Yimaru-BackEnd

# Resource limits
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target