[Unit]
Description=Contact Scrape Service
After=network.target

[Service]
Type=simple
User=www-data
WorkingDirectory=/opt/contact-scrape
ExecStart=/opt/contact-scrape/contact-scrape
Restart=always
RestartSec=5
Environment=PORT=8080

# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/contact-scrape/data
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE

# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=contact-scrape

[Install]
WantedBy=multi-user.target