<% if @wants -%>
Wants=<%= Array(@wants).join(" ") %>
<% end -%>
+<% if @requires -%>
+Requires=<%= Array(@requires).join(" ") %>
+<% end -%>
+<% if @joins_namespace_of -%>
+JoinsNamespaceOf=<%= Array(@joins_namespace_of).join(" ") %>
+<% end -%>
[Service]
<% if @type -%>
Type=<%= @type %>
<% end -%>
+<% if @notify_access -%>
+NotifyAccess=<%= @notify_access %>
+<% end -%>
<% if @limit_nofile -%>
LimitNOFILE=<%= @limit_nofile %>
<% end -%>
<% if @group -%>
Group=<%= @group %>
<% end -%>
+<% if @dynamic_user -%>
+DynamicUser=<%= @dynamic_user %>
+<% end -%>
<% if @working_directory -%>
WorkingDirectory=<%= @working_directory %>
<% end -%>
+<% if @umask -%>
+UMask=<%= @umask %>
+<% end -%>
<% if @exec_start_pre -%>
<% if @dropin -%>
ExecStartPre=
<% end -%>
-ExecStartPre=<%= @exec_start_pre %>
+<% Array(@exec_start_pre).each do |exec_start_pre| -%>
+ExecStartPre=<%= exec_start_pre %>
+<% end -%>
<% end -%>
<% if @exec_start -%>
<% if @dropin -%>
ExecStart=
<% end -%>
-ExecStart=<%= @exec_start %>
+<% Array(@exec_start).each do |exec_start| -%>
+ExecStart=<%= exec_start %>
+<% end -%>
<% end -%>
<% if @exec_start_post -%>
<% if @dropin -%>
ExecStartPost=
<% end -%>
-ExecStartPost=<%= @exec_start_post %>
+<% Array(@exec_start_post).each do |exec_start_post| -%>
+ExecStartPost=<%= exec_start_post %>
+<% end -%>
<% end -%>
<% if @exec_stop -%>
<% if @dropin -%>
ExecStop=
<% end -%>
-ExecStop=<%= @exec_stop %>
+<% Array(@exec_stop).each do |exec_stop| -%>
+ExecStop=<%= exec_stop %>
+<% end -%>
+<% end -%>
+<% if @exec_stop_post -%>
+<% if @dropin -%>
+ExecStopPost=
+<% end -%>
+<% Array(@exec_stop_post).each do |exec_stop_post| -%>
+ExecStopPost=<%= exec_stop_post %>
+<% end -%>
<% end -%>
<% if @exec_reload -%>
<% if @dropin -%>
<% end -%>
ExecReload=<%= @exec_reload %>
<% end -%>
+<% if @runtime_max_sec -%>
+RuntimeMaxSec=<%= @runtime_max_sec %>
+<% end -%>
<% if @runtime_directory -%>
RuntimeDirectory=<%= @runtime_directory %>
<% end -%>
<% if @runtime_directory_mode -%>
RuntimeDirectoryMode=<%= sprintf("0%o", @runtime_directory_mode) %>
<% end -%>
-<% if @runtime_max_sec -%>
-RuntimeMaxSec=<%= @runtime_max_sec %>
+<% if @runtime_directory_preserve -%>
+RuntimeDirectoryPreserve=<%= @runtime_directory_preserve %>
+<% end -%>
+<% if @state_directory -%>
+StateDirectory=<%= @state_directory %>
+<% end -%>
+<% if @state_directory_mode -%>
+StateDirectoryMode=<%= sprintf("0%o", @state_directory_mode) %>
+<% end -%>
+<% if @cache_directory -%>
+CacheDirectory=<%= @cache_directory %>
+<% end -%>
+<% if @cache_directory_mode -%>
+CacheDirectoryMode=<%= sprintf("0%o", @cache_directory_mode) %>
+<% end -%>
+<% if @logs_directory -%>
+LogsDirectory=<%= @logs_directory %>
+<% end -%>
+<% if @logs_directory_mode -%>
+LogsDirectoryMode=<%= sprintf("0%o", @logs_directory_mode) %>
+<% end -%>
+<% if @configuration_directory -%>
+ConfigurationDirectory=<%= @configuration_directory %>
+<% end -%>
+<% if @configuration_directory_mode -%>
+ConfigurationDirectoryMode=<%= sprintf("0%o", @configuration_directory_mode) %>
<% end -%>
<% if @standard_input -%>
StandardInput=<%= @standard_input %>
<% if @standard_error -%>
StandardError=<%= @standard_error %>
<% end -%>
-<% if @protect_proc -%>
+<% if @protect_proc && node[:lsb][:release].to_f >= 22.04 -%>
ProtectProc=<%= @protect_proc %>
<% end -%>
-<% if @proc_subset -%>
+<% if @proc_subset && node[:lsb][:release].to_f >= 22.04 -%>
ProcSubset=<%= @proc_subset %>
<% end -%>
+<% if @bind_paths -%>
+BindPaths=<%= Array(@bind_paths).sort.uniq.join(" ") %>
+<% end -%>
+<% if @bind_read_only_paths -%>
+BindReadOnlyPaths=<%= Array(@bind_read_only_paths).sort.uniq.join(" ") %>
+<% end -%>
<% if @no_new_privileges -%>
NoNewPrivileges=<%= @no_new_privileges %>
<% end -%>
<% if @capability_bounding_set -%>
-CapabilityBoundingSet=<%= Array(@capability_bounding_set).join(" ") %>
+CapabilityBoundingSet=<%= Array(@capability_bounding_set).sort.uniq.join(" ") %>
+<% end -%>
+<% if @ambient_capabilities -%>
+AmbientCapabilities=<%= Array(@ambient_capabilities).sort.uniq.join(" ") %>
<% end -%>
<% if @protect_system -%>
ProtectSystem=<%= @protect_system %>
ProtectHome=<%= @protect_home %>
<% end -%>
<% if @read_write_paths -%>
-ReadWritePaths=<%= Array(@read_write_paths).join(" ") %>
+ReadWritePaths=<%= Array(@read_write_paths).sort.uniq.join(" ") %>
<% end -%>
<% if @read_only_paths -%>
-ReadOnlyPaths=<%= Array(@read_only_paths).join(" ") %>
+ReadOnlyPaths=<%= Array(@read_only_paths).sort.uniq.join(" ") %>
<% end -%>
<% if @inaccessible_paths -%>
-InaccessiblePaths=<%= Array(@inaccessible_paths).join(" ") %>
+InaccessiblePaths=<%= Array(@inaccessible_paths).sort.uniq.join(" ") %>
<% end -%>
<% if @private_tmp -%>
PrivateTmp=<%= @private_tmp %>
<% if @private_network -%>
PrivateNetwork=<%= @private_network %>
<% end -%>
-<% if @private_ipc -%>
+<% if @private_ipc && node[:lsb][:release].to_f >= 22.04 -%>
PrivateIPC=<%= @private_ipc %>
<% end -%>
<% if @private_users -%>
ProtectControlGroups=<%= @protect_control_groups %>
<% end -%>
<% if @restrict_address_families -%>
-RestrictAddressFamilies=<%= Array(@restrict_address_families).join(" ") %>
+RestrictAddressFamilies=<%= Array(@restrict_address_families).sort.uniq.join(" ") %>
<% end -%>
<% if @restrict_namespaces -%>
-RestrictNamespaces=<%= Array(@restrict_namespaces).join(" ") %>
+RestrictNamespaces=<%= Array(@restrict_namespaces).sort.uniq.join(" ") %>
<% end -%>
<% if @lock_personality -%>
LockPersonality=<%= @lock_personality %>
SystemCallFilter=<%= Array(@system_call_filter).join(" ") %>
<% end -%>
<% if @system_call_architectures -%>
-SystemCallArchitectures=<%= Array(@system_call_architectures).join(" ") %>
+SystemCallArchitectures=<%= Array(@system_call_architectures).sort.uniq.join(" ") %>
<% end -%>
<% if @tasks_max -%>
TasksMax=<%= @tasks_max %>
<% if @restart -%>
Restart=<%= @restart %>
<% end -%>
+<% if @restart_sec -%>
+RestartSec=<%= @restart_sec %>
+<% end -%>
<% if @timeout_start_sec -%>
TimeoutStartSec=<%= @timeout_start_sec %>
<% end -%>