[Unit]
Description=Zigbee2MQTT
After=network-online.target
After=time-sync.target
Wants=network-online.target
Wants=time-sync.target

[Service]
Type=notify
NotifyAccess=all
ExecStartPre=/usr/bin/setfacl -m zigbee2mqtt:rw {{ zigbee2mqtt_device }}
ExecStartPre=/usr/bin/chcon -t console_device_t {{ zigbee2mqtt_device }}
ExecStartPre=-/usr/bin/podman container rm --ignore -f zigbee2mqtt
ExecStart=/usr/bin/podman run \
    --pull never \
    --sdnotify=conmon --cgroups=no-conmon \
    --rm \
    --network=host \
    --name zigbee2mqtt \
    -v /var/lib/zigbee2mqtt:/app/data:Z \
    --uidmap 0:{{ zigbee2mqtt_user.uid }}:1 \
    --gidmap 0:{{ zigbee2mqtt_user.group }}:1 \
    --uidmap 1:5100001:1024 \
    --gidmap 1:5100001:1024 \
    --device {{ zigbee2mqtt_device }}:{{ zigbee2mqtt_container_device }}:rw \
    docker.io/koenkk/zigbee2mqtt:latest
Restart=always
ProtectSystem=full
UMask=0077
TimeoutStartSec=5min

[Install]
WantedBy=multi-user.target