matrix-docker-ansible-deploy/roles/matrix-ma1sd/templates/systemd/matrix-ma1sd.service.j2

#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix ma1sd Identity server
{% for service in matrix_ma1sd_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_ma1sd_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}

[Service]
Type=simple
ExecStartPre=-{{ matrix_host_command_docker }} kill matrix-ma1sd
ExecStartPre=-{{ matrix_host_command_docker }} rm matrix-ma1sd

# ma1sd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
# so /tmp needs to be mounted with an exec option.
ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-ma1sd \
			--log-driver=none \
			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
			--cap-drop=ALL \
			--read-only \
			--tmpfs=/tmp:rw,exec,nosuid,size=10m \
			--network={{ matrix_docker_network }} \
			{% if matrix_ma1sd_container_http_host_bind_port %}
			-p {{ matrix_ma1sd_container_http_host_bind_port }}:8090 \
			{% endif %}
			{% if matrix_ma1sd_verbose_logging %}
			-e MA1SD_LOG_LEVEL=debug \
			{% endif %}
			-v {{ matrix_ma1sd_config_path }}:/etc/ma1sd:ro \
			-v {{ matrix_ma1sd_data_path }}:/var/ma1sd:rw \
			{% for arg in matrix_ma1sd_container_extra_arguments %}
			{{ arg }} \
			{% endfor %}
			{{ matrix_ma1sd_docker_image }}

ExecStop=-{{ matrix_host_command_docker }} kill matrix-ma1sd
ExecStop=-{{ matrix_host_command_docker }} rm matrix-ma1sd
Restart=always
RestartSec=30
SyslogIdentifier=matrix-ma1sd

[Install]
WantedBy=multi-user.target