[Unit]
Description=DECNET Credential-Reuse Correlator (cross-target secret-reuse detection)
Documentation=https://git.resacachile.cl/anti/DECNET/wiki/Workers#reuse-correlator
After=network-online.target decnet-bus.service
Wants=network-online.target decnet-bus.service

[Service]
Type=simple
User={{ user }}
Group={{ group }}
WorkingDirectory={{ install_dir }}
EnvironmentFile=-{{ install_dir }}/.env.local
Environment=DECNET_SYSTEM_LOGS=/var/log/decnet/decnet.reuse-correlator.log
# Subscribes to credential.captured and attacker.observed; falls back to
# a 60s slow-tick poll when the bus is idle or unavailable. Publishes
# credential.reuse.detected once per new/grown finding.
ExecStart={{ venv_dir }}/bin/decnet reuse-correlate
StandardOutput=append:/var/log/decnet/decnet.reuse-correlator.log
StandardError=append:/var/log/decnet/decnet.reuse-correlator.log

CapabilityBoundingSet=
AmbientCapabilities=

# Security Hardening
NoNewPrivileges=yes
ProtectSystem=full
ProtectHome=read-only
PrivateTmp=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictSUIDSGID=yes
LockPersonality=yes
ReadWritePaths={{ install_dir }} /var/log/decnet

Restart=on-failure
RestartSec=5
TimeoutStopSec=15

[Install]
WantedBy=multi-user.target