[Unit]
Description=VPN Gateway WebUI Service
Documentation=https://github.com/yourusername/vpn-gateway
After=network-online.target vpn-killswitch.service
Wants=network-online.target
Requires=vpn-killswitch.service

[Service]
Type=simple
User=root
Group=root
WorkingDirectory=/opt/vpn-gateway

# Environment
Environment="PATH=/opt/vpn-gateway/venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Environment="PYTHONPATH=/opt/vpn-gateway"
Environment="FLASK_APP=app.py"
Environment="FLASK_ENV=production"

# Pre-start delay to ensure network is ready
ExecStartPre=/bin/bash -c 'sleep 5'

# Start command with gunicorn
ExecStart=/opt/vpn-gateway/venv/bin/gunicorn \
    --bind 0.0.0.0:5000 \
    --workers 2 \
    --threads 4 \
    --worker-class sync \
    --worker-connections 1000 \
    --max-requests 1000 \
    --max-requests-jitter 50 \
    --timeout 120 \
    --keepalive 5 \
    --access-logfile /var/log/vpn-gateway-access.log \
    --error-logfile /var/log/vpn-gateway-error.log \
    --log-level info \
    --capture-output \
    app:app

# Restart policy
Restart=always
RestartSec=10
StartLimitInterval=60
StartLimitBurst=3

# Security settings
NoNewPrivileges=true
PrivateTmp=true

# Resource limits
LimitNOFILE=65536
LimitNPROC=4096

# Kill settings
KillMode=mixed
KillSignal=SIGTERM
TimeoutStopSec=30

[Install]
WantedBy=multi-user.target