[Unit]
Description=Beat Harvester, minimal self-hosted music downloader
After=network.target

[Service]
Type=simple
User=musicdl
Group=musicdl
WorkingDirectory=/opt/beat-harvester
ExecStart=/opt/beat-harvester/beat-harvester
Restart=always
RestartSec=10
Environment=PORT=3000
Environment=OUTPUT_PATH=/home/user/Music

# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
# ProtectHome=true
ReadWritePaths=/home/user/Music

[Install]
WantedBy=multi-user.target