[Unit]
Description=Pluggable System Condition Monitoring Daemon
Documentation=https://github.com/pscand/pscand
After=network.target

[Service]
Type=simple
ExecStart=pscand run --config /etc/pscand/pscand.conf
Restart=on-failure
RestartSec=5
User=root
Group=root

# Log to journal
StandardOutput=journal
StandardError=journal

# Capabilities for sensor access
AmbientCapabilities=CAP_SYS_ADMIN CAP_DAC_OVERRIDE

# Security hardening
ProtectSystem=full
ProtectHome=true
NoNewPrivileges=false

# Runtime directory
RuntimeDirectory=pscand
RuntimeDirectoryMode=0755

# Tempfs for sensitive /proc data
PrivateTmp=true

[Install]
WantedBy=multi-user.target