# {{ ansible_managed }}
[Unit]
Description=Minecraft Server (Spigot {{ minecraft_version }})
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User={{ minecraft_user }}
Group={{ minecraft_group }}
WorkingDirectory={{ minecraft_server_dir }}

# Start command with optimized JVM flags
ExecStart=/usr/bin/java \
    -Xms{{ minecraft_memory_min }}M \
    -Xmx{{ minecraft_memory_max }}M \
    {{ jvm_flags }} \
    -jar {{ spigot_jar_name }} \
    --nogui

# Stop command using mcrcon
ExecStop={{ minecraft_tools_dir }}/mcrcon -H localhost -P {{ rcon_port }} -p "{{ rcon_password }}" stop

# Restart settings
Restart=on-failure
RestartSec=10
StartLimitInterval=600
StartLimitBurst=3

# Security settings
PrivateTmp=yes
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths={{ minecraft_base_dir }}
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
LockPersonality=true

# Resource limits
LimitNOFILE=100000
LimitNPROC=512

# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=minecraft

[Install]
WantedBy=multi-user.target