[Unit]
Description=CIS490 trainer-receiver (training-fleet coordinator)
After=network-online.target
Wants=network-online.target
Documentation=https://maxgit.wg/spectral/CIS490

[Service]
Type=simple
User=cis490
Group=cis490

EnvironmentFile=-/etc/cis490/trainer-receiver.env

ExecStart=/opt/cis490/.venv/bin/python -m training.fleet.receiver \
    --listen-addr 127.0.0.1:8445 \
    --manifest /etc/cis490/training_manifest.toml \
    --db /var/lib/cis490/training_jobs.db \
    --store-root /var/lib/cis490/models \
    --incoming-root /var/lib/cis490/incoming-models \
    --index-path /var/lib/cis490/models/index.jsonl

# Reload behavior — SIGHUP re-reads manifest into the queue without dropping
# in-flight jobs. The receiver's own /v1/manifest/reload endpoint is the
# preferred control surface; this is for systemctl reload compatibility.
ExecReload=/bin/kill -HUP $MAINPID

WorkingDirectory=/opt/cis490
Restart=on-failure
RestartSec=5s
RestartPreventExitStatus=78          # sysadmin error — don't respawn

# Hardening — same shape as cis490-receiver.service
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
NoNewPrivileges=true
ReadWritePaths=/var/lib/cis490

[Install]
WantedBy=multi-user.target