[Unit]
Description=OpenBrain MCP Server - Vector Memory for AI Agents
After=network-online.target postgresql.service
Wants=network-online.target postgresql.service

[Service]
Type=simple
User=openbrain
Group=openbrain
WorkingDirectory=/opt/openbrain-mcp
EnvironmentFile=/opt/openbrain-mcp/.env
ExecStart=/opt/openbrain-mcp/openbrain-mcp
Restart=on-failure
RestartSec=5
StandardOutput=journal
StandardError=journal
SyslogIdentifier=openbrain-mcp

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/openbrain-mcp /opt/openbrain-mcp/logs /opt/openbrain-mcp/models /opt/openbrain-mcp/lib

# Resource limits
LimitNOFILE=65535
MemoryMax=1G

[Install]
WantedBy=multi-user.target