[Unit]
Description=Coder Development Environment Platform
Documentation=https://coder.com/docs
After=network-online.target
Wants=network-online.target
{% if coder.database.typ == "postgresql" and coder.database.host == "127.0.0.1" %}
After=postgresql.service
Wants=postgresql.service
{% endif %}

[Service]
Type=simple
User={{ coder.run_user.name }}
Group={{ coder.run_user.group }}
EnvironmentFile={{ coder.config_path }}/coder.env
WorkingDirectory={{ coder.work_path }}
ExecStart={{ coder.run_path }} server
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=10

# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths={{ coder.work_path }} {{ coder.config_path }}
CapabilityBoundingSet=CAP_NET_BIND_SERVICE

# Resource limits
LimitNOFILE=65536
{% if coder.oauth.enabled %}
# Additional memory for OAuth operations
MemoryMax=2G
{% endif %}

[Install]
WantedBy=multi-user.target