[Unit]
Description=Telegram CLI Bot
After=network.target

[Service]
Type=simple
User=%USER%
WorkingDirectory=%WORKDIR%
Environment="PATH=%VENV_PATH%"
ExecStart=%VENV_PATH%/python bot.py
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
SyslogIdentifier=telegram-bot

# Security hardening с исключениями для работы бота
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=read-only
PrivateTmp=true
ReadWritePaths=%WORKDIR%

[Install]
WantedBy=multi-user.target