[Unit]
Description=LLM Sidecar Service — manages llama-server subprocess
After=network.target

[Service]
Type=simple
User=bigt
WorkingDirectory=/home/bigt/AI/llm

# Environment
EnvironmentFile=-/home/bigt/AI/llm/.env
Environment=MANIFEST_PATH=/home/bigt/AI/llm/manifest.yaml
Environment=SIDECAR_PORT=8081
Environment=PATH=/home/bigt/AI/llm/venv/bin:/usr/local/bin:/usr/bin:/bin

# Use the sidecar's venv — install deps via deploy/README.md
ExecStart=/home/bigt/AI/llm/venv/bin/uvicorn sidecar.app:app --host 0.0.0.0 --port 8080
Restart=always
RestartSec=3

# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=llm-sidecar

# Security hardening (optional, adjust as needed)
NoNewPrivileges=true
ProtectSystem=strict
ReadWritePaths=/home/bigt/AI/llm

[Install]
WantedBy=multi-user.target