[Unit]
Description=Provisioning Platform Stack
Documentation=https://github.com/provisioning/docs
Requires=docker.service
After=docker.service network-online.target
Wants=network-online.target

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/opt/provisioning/platform
EnvironmentFile=-/opt/provisioning/platform/.env

# Pre-start checks
ExecStartPre=-/usr/bin/docker network inspect provisioning-net || /usr/bin/docker network create provisioning-net
ExecStartPre=-/usr/bin/docker-compose -f docker-compose.yaml pull

# Start all services
ExecStart=/usr/bin/docker-compose -f docker-compose.yaml up -d

# Reload configuration
ExecReload=/usr/bin/docker-compose -f docker-compose.yaml up -d --force-recreate

# Stop all services
ExecStop=/usr/bin/docker-compose -f docker-compose.yaml down

# Restart policy
Restart=on-failure
RestartSec=10s

# Timeouts
TimeoutStartSec=0
TimeoutStopSec=120s

# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=provisioning-platform

# Security
ProtectSystem=strict
ProtectHome=yes
NoNewPrivileges=yes
PrivateTmp=yes

# Resource limits
LimitNOFILE=65535
LimitNPROC=4096

[Install]
WantedBy=multi-user.target