[Unit]
Description=CIS490 lab-host daily doctor check (ships JSON to receiver)
Documentation=https://maxgit.wg/spectral/CIS490
After=network-online.target wg-quick@wg0.service cis490-shipper.service

[Service]
Type=oneshot
User=cis490
Group=cis490
WorkingDirectory=/opt/cis490
ExecStart=/opt/cis490/.venv/bin/python /opt/cis490/tools/ship_health_check.py \
    --config /etc/cis490/lab-host.toml
StandardOutput=journal
StandardError=journal

NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true

[Install]
WantedBy=multi-user.target