[Unit]
Description=Solstice CI Orchestrator
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
EnvironmentFile=-/etc/solstice/orchestrator.env
ExecStart=/usr/bin/orchestrator
Restart=on-failure
RestartSec=3s
# Hardening (adjust as needed for libvirt access etc.)
NoNewPrivileges=true
ProtectSystem=full
ProtectHome=true
PrivateTmp=true

[Install]
WantedBy=multi-user.target