{
  config,
  lib,
  pkgs,
  ...
}:
lib.mkIf config.services.llama-cpp.enable {
  systemd.services.llama-cpp-xmrig-pause = {
    description = "Pause xmrig while llama-cpp is processing requests";
    after = [
      "llama-cpp.service"
      "xmrig.service"
    ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.python3}/bin/python3 ${./llama-cpp-xmrig-pause.py}";
      Restart = "always";
      RestartSec = "10s";
      # Needs /proc access (default) and AF_UNIX for systemctl
      NoNewPrivileges = true;
      ProtectHome = true;
      ProtectSystem = "strict";
      PrivateTmp = true;
      RestrictAddressFamilies = [
        "AF_UNIX" # systemctl talks to systemd over D-Bus unix socket
      ];
      MemoryDenyWriteExecute = true;
    };
    environment = {
      POLL_INTERVAL = "3";
      GRACE_PERIOD = "10";
      CPU_THRESHOLD = "50";
    };
  };
}