# {{ ansible_managed }} [Unit] Description={{ item.service_name }} service {% if (systemd_PrivateNetwork | bool) %} BindsTo=systemd-netns@{{ item.service_name | replace(' ', '_') }}.service JoinsNamespaceOf=systemd-netns@{{ item.service_name | replace(' ', '_') }}.service {% if (item.after_targets is defined) %} {% set _ = item.after_targets.append('systemd-netns@' + item.service_name | replace(' ', '_') + '.service') %} {% else %} {% set _ = systemd_after_targets.append('systemd-netns@' + item.service_name | replace(' ', '_') + '.service') %} {% endif %} {% endif %} {% set after_targets = item.after_targets | default(systemd_after_targets) %} {% for target in after_targets %} After={{ target }} {% endfor %} {% for item in systemd_unit_docs %} Documentation={{ item }} {% endfor %} {% if (systemd_partof is defined) or (item.partof is defined) %} PartOf={{ item.partof | default(systemd_partof) }} {% endif %} [Service] {% set service_type = item.service_type | default(systemd_default_service_type) %} Type={{ service_type }} User={{ item.systemd_user_name | default(systemd_user_name) }} Group={{ item.systemd_group_name | default(systemd_group_name) }} {% if systemd_version|int >= 235 and item.dynamic_user is defined %} DynamicUser={{ item.dynamic_user|bool }} {% endif %} {% for key, value in (item.environment | default(systemd_environment)).items() %} Environment="{{ key }}={{ value }}" {% endfor %} {% if (item.environment_file is defined) or (systemd_environment_file is defined) %} EnvironmentFile={{ item.environment_file | default(systemd_environment_file) }} {% endif %} {% set _execstarts = item.execstarts %} {% if _execstarts is string %} {% set _execstarts = [_execstarts] %} {% endif %} {% for execstart in _execstarts %} ExecStart={{ execstart }} {% endfor %} {% set _execreloads = item.execreloads | default((service_type == 'simple') | ternary(['/bin/kill -HUP $MAINPID'], [])) %} {% if _execreloads is string %} {% set _execreloads = [_execreloads] %} {% endif %} {% for execreload in _execreloads %} ExecReload={{ execreload }} {% endfor %} {% set _execstops = item.execstops | default([]) %} {% if _execstops is string %} {% set _execstops = [_execstops] %} {% endif %} {% for execstop in _execstops %} ExecStop={{ execstop }} {% endfor %} # Give a reasonable amount of time for the server to start up/shut down TimeoutSec={{ systemd_TimeoutSec }} {% if service_type != 'oneshot' %} Restart={{ systemd_Restart }} RestartSec={{ systemd_RestartSec }} {% endif %} # This creates a specific slice which all services will operate from # The accounting options give us the ability to see resource usage through # the `systemd-cgtop` command. Slice={{ systemd_slice_name }}.slice # Set Accounting {% if item.program_accounting is defined %} {% for key, value in item.program_accounting.items() %} {{ key }}={{ value }} {% endfor %} {% else %} CPUAccounting={{ systemd_CPUAccounting }} BlockIOAccounting={{ systemd_BlockIOAccounting }} MemoryAccounting={{ systemd_MemoryAccounting }} TasksAccounting={{ systemd_TasksAccounting }} {% endif %} {% if service_type != 'oneshot' %} # Set Sandboxing {% if item.program_sandboxing is defined %} {% for key, value in item.program_sandboxing.items() %} {{ key }}={{ value }} {% endfor %} {% else %} PrivateTmp={{ systemd_PrivateTmp }} PrivateDevices={{ systemd_PrivateDevices }} PrivateNetwork={{ systemd_PrivateNetwork }} {# NOTE(cloudnull): Limit the use of PrivateUsers The systemd directive "PrivateUsers" was implemented in systemd version 232. To correct a lot of spam messages in the journal the default directive is limited when to systemd version greater than or equal to 232 #} {% if (systemd_version | int) >= 232 %} PrivateUsers={{ systemd_PrivateUsers }} {% endif %} {% endif %} {% if systemd_version|int >= 235 and item.state_directory is defined %} StateDirectory={{ item.state_directory }} {% endif %} {% endif %} [Install] WantedBy=multi-user.target