[Unit]
Description=Maglev health-checker daemon
Documentation=man:maglevd(8)
After=network-online.target
Wants=network-online.target

[Service]
User=maglevd
Group=maglevd
EnvironmentFile=/etc/default/vpp-maglev
ExecStart=/usr/sbin/maglevd --config ${MAGLEV_CONFIG}
Restart=on-failure
RestartSec=5s
Type=simple

# Capabilities:
#   CAP_NET_RAW   — required to open ICMP raw sockets for L3 probes.
#   CAP_SYS_ADMIN — required for setns(CLONE_NEWNET) when the healthcheck
#                   block sets `netns: <name>` in maglev.yaml. Per
#                   setns(2) the kernel demands CAP_SYS_ADMIN in the
#                   user namespace that owns the target net namespace;
#                   without it the probe loop logs
#                   `enter netns "<name>": operation not permitted`
#                   and every backend flips to down/L4CON on first probe.
#                   Drop this bound + ambient pair if the deployment
#                   doesn't use `netns:` — the probes still work, they
#                   just run in maglevd's own namespace.
AmbientCapabilities=CAP_NET_RAW CAP_SYS_ADMIN
CapabilityBoundingSet=CAP_NET_RAW CAP_SYS_ADMIN
NoNewPrivileges=yes

[Install]
WantedBy=multi-user.target