[Unit]
Description=Immich machine learning
Documentation=https://github.com/immich-app/immich
After=network.target
Wants=network-online.target
After=network-online.target

[Service]
User=immich
Group=immich
Type=simple
Restart=on-failure

EnvironmentFile=/etc/immich.conf

# environment variables
# from: machine-learning/Dockerfile
Environment=NODE_ENV=production
Environment=TRANSFORMERS_CACHE=/var/lib/immich/.cache
Environment=VIRTUAL_ENV=/opt/immich-machine-learning/venv
Environment=PYTHONDONTWRITEBYTECODE=1
Environment=PYTHONUNBUFFERED=1

SyslogIdentifier=immich-machine-learning
#ExecStart=/opt/immich-machine-learning/venv/bin/python -m app.main
ExecStart=/opt/immich-machine-learning/venv/bin/gunicorn app.main:app \
	-k uvicorn.workers.UvicornWorker \
	-w 1 -b 0.0.0.0:3003 -t 120 \
	--log-config-json log_conf.json

PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes

RestrictNamespaces=yes

SystemCallArchitectures=native
AmbientCapabilities=
CapabilityBoundingSet=
NoNewPrivileges=yes

WorkingDirectory=/opt/immich-machine-learning
ReadWritePaths=/tmp /var/tmp /var/lib/immich/.cache /var/lib/immich/.config

[Install]
WantedBy=multi-user.target