{# SPDX-FileCopyrightText: 2024 MDAD Team and contributors SPDX-License-Identifier: AGPL-3.0-or-later #} #jinja2: lstrip_blocks: "True" [Unit] Description=Maubot {% for service in matrix_bot_maubot_systemd_required_services_list %} Requires={{ service }} After={{ service }} {% endfor %} {% for service in matrix_bot_maubot_systemd_wanted_services_list %} Wants={{ service }} {% endfor %} DefaultDependencies=no [Service] Type=simple Environment="HOME={{ devture_systemd_docker_base_systemd_unit_home_path }}" ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-maubot 2>/dev/null || true' ExecStartPre=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' {# We mount a tmpfs at /tmp, because some maubot plugins may wish to write to it. It makes sense to provide at least some sort of temporary storage. #} ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} create \ --rm \ --name=matrix-bot-maubot \ --log-driver=none \ --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ --read-only \ --cap-drop=ALL \ --mount type=bind,src={{ matrix_bot_maubot_config_path }},dst=/config,ro \ --mount type=bind,src={{ matrix_bot_maubot_data_path }},dst=/data \ --tmpfs=/tmp:rw,noexec,nosuid,size=1024m \ --label-file={{ matrix_bot_maubot_base_path }}/labels \ {% for arg in matrix_bot_maubot_container_extra_arguments %} {{ arg }} \ {% endfor %} --network={{ matrix_bot_maubot_container_network }} \ {% if matrix_bot_maubot_container_management_interface_http_bind_port %} -p {{ matrix_bot_maubot_container_management_interface_http_bind_port }}:{{ matrix_bot_maubot_server_port }} \ {% endif %} {{ matrix_bot_maubot_docker_image }} \ python3 -m maubot -c /config/config.yaml --no-update {% for network in matrix_bot_maubot_container_additional_networks %} ExecStartPre={{ devture_systemd_docker_base_host_command_docker }} network connect {{ network }} matrix-bot-maubot {% endfor %} ExecStart={{ devture_systemd_docker_base_host_command_docker }} start --attach matrix-bot-maubot ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} stop --time={{ devture_systemd_docker_base_container_stop_grace_time_seconds }} matrix-bot-maubot 2>/dev/null || true' ExecStop=-{{ devture_systemd_docker_base_host_command_sh }} -c '{{ devture_systemd_docker_base_host_command_docker }} rm matrix-bot-maubot 2>/dev/null || true' Restart=always RestartSec=30 SyslogIdentifier=matrix-bot-maubot [Install] WantedBy=multi-user.target