[Unit]
Description=Pollux Gemini Server
After=network.target
Wants=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/pollux
Restart=on-failure
RestartSec=5
User=pollux
Group=pollux
NoNewPrivileges=yes
ProtectHome=yes
ProtectSystem=strict
ReadOnlyPaths=/etc/pollux /etc/letsencrypt/live/example.com /var/www/example.com
# NOTE: Adjust /etc/letsencrypt/live/example.com and /var/www/example.com to match your config
# The server needs read access to config, certificates, and content files
# NOTE: Adjust paths to match your config:
# - /etc/letsencrypt/live/example.com for Let's Encrypt certs
# - /var/www/example.com for your content root
# The server needs read access to config, certificates, and content files

[Install]
WantedBy=multi-user.target