[Unit]
Description=IDS Auto-Blocking Service - Detect and Block Malicious IPs
Documentation=https://github.com/yourusername/ids
After=network.target ids-ml-backend.service postgresql-16.service
Requires=ids-ml-backend.service

[Service]
Type=oneshot
User=ids
Group=ids
WorkingDirectory=/opt/ids
EnvironmentFile=/opt/ids/.env

# Esegui script auto-blocking (usa venv Python)
ExecStart=/opt/ids/python_ml/venv/bin/python3 /opt/ids/python_ml/auto_block.py

# Logging
StandardOutput=append:/var/log/ids/auto_block.log
StandardError=append:/var/log/ids/auto_block.log
SyslogIdentifier=ids-auto-block

# Security
NoNewPrivileges=true
PrivateTmp=true

# Timeout: max 3 minuti per detection+blocking
TimeoutStartSec=180

[Install]
WantedBy=multi-user.target