[Unit]
Description=Service batch IA pour utilisateur fabnum
After=network.target

[Service]
Type=simple
User=fabnum
WorkingDirectory=/home/fabnum/fabnum-public/batch_ia
Environment=PYTHONPATH=/home/fabnum/fabnum-public
ExecStart=/home/fabnum/fabnum-public/venv/bin/python /home/fabnum/fabnum-public/batch_ia/batch_runner.py
Restart=always
Nice=10
CPUSchedulingPolicy=batch

# Limites de ressources
CPUQuota=87.5%            # ~14 cores sur 16
MemoryMax=12G             # RAM maximale autorisée
TasksMax=1                # maximum 1 subprocess/thread simultané

# Sécurité renforcée
ProtectSystem=full
ReadWritePaths=/home/fabnum/fabnum-public/batch_ia

# Journal propre
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target

# semanage fcontext -a -t svirt_sandbox_file_t "/home/fabnum/fabnum-dev/batch_ia(/.*)?"