[Unit]
Description=Watch for .infra.* changes and run infra-controller
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=infractl
Group=infractl
EnvironmentFile=/etc/infra-controller/controller.env
Environment=PYTHONUNBUFFERED=1
WorkingDirectory=/opt/infra-controller
ExecStart=/bin/sh -lc 'inotifywait -m -r -e create,modify,delete,move --format "%w%f" /home /opt/apps | while read -r p; do case "$p" in *"/.infra."*) /opt/infra-controller/venv/bin/infra-controller --once ;; esac; done'
Restart=always
RestartSec=2

NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=/var/lib/infra-controller /var/log/infra-controller
CapabilityBoundingSet=

StandardOutput=journal
StandardError=journal
SyslogIdentifier=infra-controller

[Install]
WantedBy=multi-user.target