[Unit]
Description=AITBC Advanced AI Service - Enhanced AI Capabilities
After=network.target
Wants=network.target

[Service]
Type=simple
User=root
Group=root
WorkingDirectory=/opt/aitbc/apps/coordinator-api
Environment=PATH=/usr/bin
Environment=PYTHONPATH=/opt/aitbc/apps/coordinator-api/src
ExecStart=/opt/aitbc/venv/bin/python -m app.services.advanced_ai_service
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
SyslogIdentifier=aitbc-advanced-ai

# Security settings (relaxed for development)
# NoNewPrivileges=true
# PrivateTmp=true
# ProtectSystem=strict
# ProtectHome=true
ReadWritePaths=/var/log/aitbc /var/lib/aitbc/data /opt/aitbc/apps/coordinator-api

# Resource limits
LimitNOFILE=65536
LimitNPROC=4096

# GPU access (if available)
DeviceAllow=/dev/nvidia0 rw
DeviceAllow=/dev/nvidiactl rw
DeviceAllow=/dev/nvidia-uvm rw

[Install]
WantedBy=multi-user.target