{# SPDX-FileCopyrightText: 2024 MDAD Team and contributors SPDX-License-Identifier: AGPL-3.0-or-later #} #jinja2: lstrip_blocks: "True" [Unit] Description=Matrix ma1sd Identity server {% for service in matrix_ma1sd_systemd_required_services_list %} Requires={{ service }} After={{ service }} {% endfor %} {% for service in matrix_ma1sd_systemd_wanted_services_list %} Wants={{ service }} {% endfor %} DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ma1sd 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' # ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there, # so /tmp needs to be mounted with an exec option. ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --rm \ --name=matrix-ma1sd \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --cap-drop=ALL \ --read-only \ --tmpfs=/tmp:rw,exec,nosuid,size=10m \ --network={{ matrix_ma1sd_container_network }} \ {% if matrix_ma1sd_container_http_host_bind_port %} -p {{ matrix_ma1sd_container_http_host_bind_port }}:{{ matrix_ma1sd_container_port }} \ {% endif %} {% if matrix_ma1sd_verbose_logging %} -e MA1SD_LOG_LEVEL=debug \ {% endif %} --mount type=bind,src={{ matrix_ma1sd_config_path }},dst=/etc/ma1sd,ro \ --mount type=bind,src={{ matrix_ma1sd_data_path }},dst=/var/ma1sd \ --label-file={{ matrix_ma1sd_base_path }}/labels \ {% for arg in matrix_ma1sd_container_extra_arguments %} {{ arg }} \ {% endfor %} {{ matrix_ma1sd_docker_image }} {% for network in matrix_ma1sd_container_additional_networks %} ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-ma1sd {% endfor %} ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-ma1sd ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-ma1sd 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-ma1sd 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-ma1sd [Install] WantedBy=multi-user.target