[Unit]
Description=FreeCAD Robust MCP Server
After=network.target

[Service]
Type=simple
User={{ freecad_mcp_user }}
Group={{ freecad_mcp_group }}
WorkingDirectory={{ freecad_mcp_directory }}
ExecStart={{ freecad_mcp_directory }}/.venv/bin/freecad-mcp
EnvironmentFile={{ freecad_mcp_directory }}/.env
Restart=on-failure
RestartSec=5

# Security hardening — MCP server needs no special privileges
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=read-only
PrivateTmp=true
ReadWritePaths={{ freecad_mcp_directory }}

[Install]
WantedBy=multi-user.target