[Unit]
Description=Camoufox MSC tracker worker (rastreador)
Documentation=https://camoufox.com/
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=rastreador
Group=rastreador

ExecStart=/home/rastreador/worker/run.sh
Restart=always
RestartSec=5
TimeoutStopSec=20

# Resource limits (ajustables)
MemoryMax=2G
CPUQuota=200%
TasksMax=500

# Logs
StandardOutput=journal
StandardError=journal
SyslogIdentifier=worker

# --- Hardening ---
PrivateTmp=true
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=/home/rastreador/worker /home/rastreador/.cache
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX

[Install]
WantedBy=multi-user.target