[Unit]
Description=Deep Dive Intelligence Pipeline
Documentation=https://github.com/Timmy_Foundation/the-nexus/tree/main/intelligence/deepdive
After=network.target

[Service]
Type=oneshot
WorkingDirectory=%h/wizards/the-nexus/intelligence/deepdive
Environment=PYTHONPATH=%h/wizards/the-nexus/intelligence/deepdive
Environment=HOME=%h
ExecStart=%h/.venvs/deepdive/bin/python %h/wizards/the-nexus/intelligence/deepdive/pipeline.py --config config.yaml
StandardOutput=journal
StandardError=journal

# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=%h/.cache/deepdive

[Install]
WantedBy=default.target