[Unit]
Description=Semblance back end service
After=network.target

[Service]
Type=exec
User=www-data
Group=www-data
WorkingDirectory=/opt/semblance/backend
EnvironmentFile=/opt/semblance/backend/.env
Environment=PATH=/opt/semblance/backend/venv/bin
ExecStart=/opt/semblance/backend/venv/bin/python /opt/semblance/backend/run.py
Restart=always
RestartSec=5

# Output to journal
StandardOutput=journal
StandardError=journal
SyslogIdentifier=semblance

# Security settings (adjusted for file uploads)
NoNewPrivileges=yes
ProtectSystem=false
ProtectHome=yes

# Allow access to temp directories
PrivateTmp=no

# Writable directories for uploads and temp files
ReadWritePaths=/opt/semblance/backend/uploads
ReadWritePaths=/opt/semblance/backend/temp
ReadWritePaths=/tmp
ReadWritePaths=/var/tmp

# Create necessary directories
ExecStartPre=/bin/mkdir -p /opt/semblance/backend/uploads
ExecStartPre=/bin/mkdir -p /opt/semblance/backend/temp
ExecStartPre=/bin/chown -R www-data:www-data /opt/semblance/backend/uploads
ExecStartPre=/bin/chown -R www-data:www-data /opt/semblance/backend/temp

[Install]
WantedBy=multi-user.target