[Unit]
Description=Genarrative Production Health Patrol
After=network-online.target genarrative-api.service spacetimedb.service nginx.service
Wants=network-online.target
ConditionPathExists=/opt/genarrative/current/scripts/ops/production-health-patrol.mjs

[Service]
Type=oneshot
User=root
Group=root
WorkingDirectory=/opt/genarrative/current
EnvironmentFile=-/etc/genarrative/health-patrol.env
ExecStart=/usr/bin/node /opt/genarrative/current/scripts/ops/production-health-patrol.mjs --status-file /var/lib/genarrative/health-patrol/status.json
TimeoutStartSec=30

# 巡检只读 systemd、HTTP 和 journal；只允许写入自己的最近一次状态文件。
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=full
ReadWritePaths=/var/lib/genarrative/health-patrol