[Unit]
Description=SkyView Multi-Source ADS-B Aircraft Tracker
Documentation=https://github.com/skyview/skyview
After=network.target
Wants=network.target

[Service]
Type=simple
User=skyview
Group=skyview
ExecStart=/usr/bin/skyview -config /etc/skyview/config.json
WorkingDirectory=/var/lib/skyview
StandardOutput=journal
StandardError=journal
SyslogIdentifier=skyview
Restart=always
RestartSec=5

# Security settings
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictSUIDSGID=true
RemoveIPC=true
RestrictNamespaces=true

# Allow network access
PrivateNetwork=false

# Allow writing to log directory
ReadWritePaths=/var/log/skyview

# Capabilities
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target