[Unit]
Description=Pollux Gemini Server
After=network.target
Wants=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/pollux
Restart=on-failure
RestartSec=5
User=pollux
Group=pollux
NoNewPrivileges=yes
ProtectHome=yes
ProtectSystem=strict
ReadOnlyPaths=/etc/pollux /var/gemini
# NOTE: Adjust paths to match your config:
# - /etc/pollux for config and TLS certificates
# - /var/gemini for your content root
# The server needs read access to config, certificates, and content files

[Install]
WantedBy=multi-user.target