[Unit]
Description=Overnight Trading Bot
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=overnight-bot
Group=overnight-bot
EnvironmentFile=/etc/overnight-trading-bot/overnight-trading-bot.env
ExecStart=/usr/local/bin/overnight-trading-bot
Restart=always
RestartSec=10s
TimeoutStartSec=120s

NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
LockPersonality=true
MemoryDenyWriteExecute=true
SystemCallArchitectures=native
CapabilityBoundingSet=
AmbientCapabilities=

[Install]
WantedBy=multi-user.target