[Unit]
Description=Panso
Requires=panso.socket
After=network.target

[Service]
Type=simple
User=panso
Group=panso
WorkingDirectory=/home/panso/panso
EnvironmentFile=/home/panso/panso/.env
RuntimeDirectory=panso
UMask=0077
ExecStart=/usr/bin/uv run gunicorn config.wsgi:application --bind unix:/run/panso/panso.sock --workers 13 --name panso --max-requests-jitter 50 --max-requests 1200
ExecReload=/bin/kill -s HUP $MAINPID

NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=full
ProtectHome=no
ReadWritePaths=/home/panso/panso /run/panso
PrivateDevices=yes
CapabilityBoundingSet=
AmbientCapabilities=
RestrictRealtime=yes
LockPersonality=yes

Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target