[Unit]
Description=GeoIP Ban Generator WebApp (Instance %i)
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=www-data
Group=www-data
WorkingDirectory=/opt/geoip_block_generator

# Pass instance port as argument
ExecStart=/opt/geoip_block_generator/start-instance.sh %i

Restart=always
RestartSec=10

# Logging per instance
StandardOutput=append:/var/log/geoip-ban/webapp-%i.log
StandardError=append:/var/log/geoip-ban/webapp-%i-error.log
SyslogIdentifier=geoip-webapp-%i

# Security
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/geoip_block_generator/geoip_db /var/log/geoip-ban

[Install]
WantedBy=multi-user.target