aitrader/deploy/systemd/aitrader.service

[Unit]
Description=aitrader bot (Gemini+Claude → Kraken Demo)
After=network-online.target tailscaled.service
Wants=network-online.target

[Service]
Type=simple
User=aitrader
Group=aitrader
WorkingDirectory=/opt/aitrader
EnvironmentFile=/opt/aitrader/.env
ExecStart=/opt/aitrader/.venv/bin/python -m aitrader.main
Restart=on-failure
RestartSec=10
StandardOutput=journal
StandardError=journal

# Hardening
NoNewPrivileges=true
ProtectSystem=strict
# ProtectHome=false weil uv den Python-Interpreter in /home/aitrader/.local/share/uv ablegt
ProtectHome=false
ReadWritePaths=/opt/aitrader/data
PrivateTmp=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictSUIDSGID=true
LockPersonality=true

[Install]
WantedBy=multi-user.target
initial: aitrader bot (Gemini+Groq ensemble, Kraken Demo, Discord notifier) 2026-05-07 12:06:34 +00:00			`[Unit]`
			`Description=aitrader bot (Gemini+Claude → Kraken Demo)`
			`After=network-online.target tailscaled.service`
			`Wants=network-online.target`

			`[Service]`
			`Type=simple`
			`User=aitrader`
			`Group=aitrader`
			`WorkingDirectory=/opt/aitrader`
			`EnvironmentFile=/opt/aitrader/.env`
			`ExecStart=/opt/aitrader/.venv/bin/python -m aitrader.main`
			`Restart=on-failure`
			`RestartSec=10`
			`StandardOutput=journal`
			`StandardError=journal`

			`# Hardening`
			`NoNewPrivileges=true`
			`ProtectSystem=strict`
fix(systemd): disable ProtectHome (uv stores python in user home) 2026-05-07 12:36:46 +00:00			`# ProtectHome=false weil uv den Python-Interpreter in /home/aitrader/.local/share/uv ablegt`
			`ProtectHome=false`
initial: aitrader bot (Gemini+Groq ensemble, Kraken Demo, Discord notifier) 2026-05-07 12:06:34 +00:00			`ReadWritePaths=/opt/aitrader/data`
			`PrivateTmp=true`
			`ProtectKernelTunables=true`
			`ProtectKernelModules=true`
			`ProtectControlGroups=true`
			`RestrictSUIDSGID=true`
			`LockPersonality=true`

			`[Install]`
			`WantedBy=multi-user.target`