[Unit]
Description=Kernos MCP Server
After=network.target

[Service]
Type=simple
User={{kernos_user}}
Group={{kernos_group}}
WorkingDirectory={{kernos_directory}}
ExecStart={{kernos_directory}}/.venv/bin/kernos
EnvironmentFile={{kernos_directory}}/.env
Restart=on-failure
RestartSec=5

# Security hardening
NoNewPrivileges=false
ProtectSystem=false
ProtectHome=false
PrivateTmp=false
ReadWritePaths=/

[Install]
WantedBy=multi-user.target