[Unit]
Description="stechuhr-server daemon, receives Post requests"
Before=nginx.service

[Service]
Type=simple
User=wwwrun
Environment="STECHUHR_SERVER_CONFIG_PATH=/etc/stechuhr-server/config.toml"
WorkingDirectory=/srv/stechuhr-server
ExecStart=/srv/stechuhr-server/env/bin/gunicorn stechuhr_server.server:app
Restart=always
RestartSec=30
PrivateDevices=yes
PrivateTmp=yes
ProtectSystem=full
NoNewPrivileges=yes
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target