#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix mxisd Identity server
{% for service in matrix_mxisd_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_mxisd_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}

[Service]
Type=simple
ExecStartPre=-/usr/bin/docker kill matrix-mxisd
ExecStartPre=-/usr/bin/docker rm matrix-mxisd

# mxisd writes an SQLite shared library (libsqlitejdbc.so) to /tmp and executes it from there,
# so /tmp needs to be mounted with an exec option.
ExecStart=/usr/bin/docker run --rm --name matrix-mxisd \
			--log-driver=none \
			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
			--cap-drop=ALL \
			--read-only \
			--tmpfs=/tmp:rw,exec,nosuid,size=10m \
			--network={{ matrix_docker_network }} \
			{% if matrix_mxisd_container_expose_port %}
			-p 127.0.0.1:8090:8090 \
			{% endif %}
			-v {{ matrix_mxisd_config_path }}:/etc/mxisd:ro \
			-v {{ matrix_mxisd_data_path }}:/var/mxisd:rw \
			{% for arg in matrix_mxisd_container_extra_arguments %}
			{{ arg }} \
			{% endfor %}
			{{ matrix_mxisd_docker_image }}

ExecStop=-/usr/bin/docker kill matrix-mxisd
ExecStop=-/usr/bin/docker rm matrix-mxisd
Restart=always
RestartSec=30

[Install]
WantedBy=multi-user.target