Introduction

System administrators managing fleets of servers often face the same challenge: how to create and maintain systemd unit files that adapt to changing environments. Manually writing .service files for every container, application instance, or mount point does not scale. Linux systemd provides three powerful mechanisms for dynamic service creation: systemd generators (run at boot to create transient units), socket activation (start services on-demand), and template units (parameterized service definitions).

This guide compares these three approaches, providing Docker Compose examples for testing, real-world configuration patterns, and guidance on choosing the right method for your infrastructure.

Comparison Table

Featuresystemd GeneratorsSocket ActivationTemplate Units
TriggerBoot / daemon-reloadIncoming connectionManual instantiation
Unit CreationProgrammatic at runtimeDeclarative .socketParameterized @
ComplexityHigh (requires scripting)MediumLow
Dynamic DiscoveryYes (scan filesystems/APIs)No (static port)No (manual instantiate)
Resource EfficiencyUnits created eagerlyOn-demand (lazy)Depends on template
Best ForAuto-discovering servicesInfrequent-use servicesMultiple similar services
Example UseDocker container → unitSSH on non-standard portMultiple web app instances
LanguageAny executablesystemd .socket syntaxsystemd .service syntax
Hot ReloadVia systemctl daemon-reloadAutomaticVia systemctl enable

systemd Generators: Programmatic Unit Creation

systemd generators are executables that run very early in the boot process (before any units are started) and output unit files to specific directories. They enable dynamic discovery — a generator can scan /var/lib/containers/ for container runtimes, /etc/fstab for mount points, or query an API for service definitions.

Generator Lifecycle

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

# Generators run from these directories (in order):
# /run/systemd/system-generators/
# /etc/systemd/system-generators/
# /usr/local/lib/systemd/system-generators/
# /usr/lib/systemd/system-generators/

# Output directories:
# normal/    → /run/systemd/generator/
# early/     → /run/systemd/generator.early/
# late/      → /run/systemd/generator.late/

Docker-Based Generator Testing Environment

Deploy a test environment to develop and validate generators:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

version: "3.8"
services:
generator-sandbox:
image: debian:bookworm-slim
container_name: systemd-generator-sandbox
privileged: true
tmpfs:
- /run
- /tmp
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
- ./generators:/usr/local/lib/systemd/system-generators:ro
- ./output:/run/systemd/generator
command: |
sh -c 'apt-get update && apt-get install -y systemd &&
/lib/systemd/systemd --test --system --unit=multi-user.target'

Example: Docker Container Auto-Generator

This generator scans running Docker containers and creates systemd units for each one:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

#!/bin/bash
# /usr/local/lib/systemd/system-generators/docker-container-generator
# Creates systemd units from running Docker containers

set -e
OUTDIR="$1/normal"  # systemd passes output dir as arg

mkdir -p "$OUTDIR"

# Only run if Docker is available
command -v docker >/dev/null 2>&1 || exit 0

for container_id in $(docker ps -q); do
name=$(docker inspect -f '{{.Name}}' "$container_id" | sed 's|^/||')
image=$(docker inspect -f '{{.Config.Image}}' "$container_id")

cat > "$OUTDIR/docker-${name}.service" << UNIT
[Unit]
Description=Docker Container: ${name}
After=docker.service
Requires=docker.service

[Service]
ExecStart=/usr/bin/docker start -a ${name}
ExecStop=/usr/bin/docker stop ${name}
ExecReload=/usr/bin/docker restart ${name}
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
UNIT
done

Install and activate:

1
2
3
4

sudo chmod +x /usr/local/lib/systemd/system-generators/docker-container-generator
sudo systemctl daemon-reload
# Units for running containers appear as docker-<name>.service
systemctl list-units | grep docker-

Example: Mount Point Auto-Generator

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

#!/bin/bash
# /usr/local/lib/systemd/system-generators/nfs-mount-generator
OUTDIR="$1/normal"
mkdir -p "$OUTDIR"

# Scan for NFS entries in fstab and create dependency units
awk '$3 == "nfs" || $3 == "nfs4" {print $2}' /etc/fstab | while read mountpoint; do
unitname=$(systemd-escape --path "$mountpoint")
cat > "$OUTDIR/network-${unitname}.service" << UNIT
[Unit]
Description=Network requirement for ${mountpoint}
After=network-online.target
Wants=network-online.target
Before=remote-fs.target
UNIT
done

Socket Activation: On-Demand Service Startup

Socket activation allows systemd to listen on a socket and only start the associated service when a connection arrives. This is ideal for infrequently used services, reducing memory footprint.

Basic Socket Activation

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

# /etc/systemd/system/myapp.socket
[Unit]
Description=MyApp Socket

[Socket]
ListenStream=8080
Accept=no

[Install]
WantedBy=sockets.target

1
2
3
4
5
6
7
8

# /etc/systemd/system/myapp@.service
[Unit]
Description=MyApp Instance %i

[Service]
ExecStart=/usr/bin/python3 -m http.server %i
StandardInput=socket
StandardOutput=socket

Activate:

1
2

sudo systemctl enable --now myapp.socket
# Service starts ONLY when port 8080 receives a connection

Advanced: Multi-Port Socket Activation with Containers

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

version: "3.8"
services:
socket-activated-web:
image: nginx:alpine
container_name: socket-nginx
network_mode: host
volumes:
- ./sites:/usr/share/nginx/html:ro
# This container is started by systemd socket activation
# The socket unit passes the listening fd to the container

Corresponding systemd units:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

# /etc/systemd/system/webapp.socket
[Unit]
Description=WebApp Socket

[Socket]
ListenStream=80
ListenStream=443
FreeBind=yes

[Install]
WantedBy=sockets.target

# /etc/systemd/system/webapp.service
[Unit]
Description=WebApp Service
After=docker.service

[Service]
ExecStart=/usr/bin/docker run --rm --network host   -v /srv/web:/usr/share/nginx/html:ro   nginx:alpine
ExecStop=/usr/bin/docker stop webapp

Real-World Pattern: SSH on Non-Standard Port

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# /etc/systemd/system/ssh-secondary.socket
[Unit]
Description=SSH Secondary Port Socket
Conflicts=sshd.service

[Socket]
ListenStream=2222
FreeBind=yes

[Install]
WantedBy=sockets.target

This starts SSH on port 2222 without modifying SSH config — systemd passes the open socket to sshd.

Template Units: Parameterized Service Definitions

Template units (files ending in @.service) allow a single service definition to be instantiated multiple times with different parameters.

Basic Template Pattern

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

# /etc/systemd/system/webapp@.service
[Unit]
Description=WebApp Instance %i
After=network.target

[Service]
Type=simple
Environment=PORT=%i
ExecStart=/usr/bin/python3 -m http.server ${PORT}
Restart=on-failure
User=www-data

[Install]
WantedBy=multi-user.target

Instantiate:

1
2
3
4

sudo systemctl enable webapp@8080.service
sudo systemctl enable webapp@8081.service
sudo systemctl enable webapp@8082.service
sudo systemctl start webapp@808{0,1,2}.service

Template with Docker Compose

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

# /etc/systemd/system/container@.service
[Unit]
Description=Container Stack %i
After=docker.service
Requires=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/srv/stacks/%i
ExecStart=/usr/bin/docker compose up -d
ExecStop=/usr/bin/docker compose down
ExecReload=/usr/bin/docker compose restart
TimeoutStartSec=120

[Install]
WantedBy=multi-user.target

Usage:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

# Deploy a WordPress stack
sudo mkdir -p /srv/stacks/wordpress
sudo tee /srv/stacks/wordpress/compose.yml << 'YAML'
services:
wp:
image: wordpress:latest
ports: ["8080:80"]
environment:
WORDPRESS_DB_HOST: db
restart: unless-stopped
db:
image: mariadb:11
environment:
MARIADB_ROOT_PASSWORD: changeme
YAML

sudo systemctl enable --now container@wordpress.service

Droplet-Style Service Orchestration

For services where you want per-instance customization, combine templates with drop-in files:

1
2
3
4
5
6
7
8

# Override specific instance settings
sudo mkdir -p /etc/systemd/system/container@wordpress.service.d
sudo tee /etc/systemd/system/container@wordpress.service.d/override.conf << 'EOF'
[Service]
Environment=EXTRA_OPTS=--profile production
TimeoutStartSec=300
EOF
sudo systemctl daemon-reload

Choosing the Right Approach

ScenarioBest Approach
Auto-discover services from filesystem/APIGenerators
Multiple identical service instancesTemplate Units
Infrequently used services (save RAM)Socket Activation
Container orchestration on single hostGenerators + Templates
Development/staging environmentsTemplate Units
Zero-downtime service migrationSocket Activation
System service from third-party softwareGenerators

Why Self-Host Dynamic Service Management?

Automated service management is the foundation of self-hosted infrastructure. Generators, socket activation, and template units eliminate the manual toil of writing unit files for every service. They enable patterns like auto-discovery of Docker containers, on-demand service startup for memory-constrained VPS instances, and consistent deployment of multi-instance applications. These systemd features are built into the Linux kernel’s init system — no external orchestration tool required.

For related Linux service management topics, see our systemd journal and logging guide and process supervisor comparison.

For container-focused service management, our Docker log drivers guide and sidecar proxy comparison cover complementary patterns.

Integration with Configuration Management

Systemd generators pair naturally with configuration management tools like Ansible and Puppet. Instead of managing individual unit files, your Ansible playbook drops a generator script into /usr/local/lib/systemd/system-generators/ that discovers services from your infrastructure metadata — Consul service registrations, Kubernetes labels, or cloud instance tags. This makes service definitions self-updating: when a new backend comes online, the generator creates its unit automatically on the next daemon-reload. Combined with socket-activated monitoring endpoints, this pattern enables fully autonomous service lifecycle management.

FAQ

Do generators run on every boot?

Yes. Generators execute during early boot and on every systemctl daemon-reload. Their output is stored in /run/ (tmpfs), so it does not persist across reboots — but it is regenerated each time. Keep generators fast (<2 seconds) to avoid delaying boot.

Can socket activation work with Docker containers?

Yes. Docker 1.12+ supports passing file descriptors via systemd-socket-activate. Use docker run with --network host and the StandardInput=socket directive, or use systemd-socket-proxyd as a bridge between the socket and container port.

What is the difference between a generator and a oneshot service with RemainAfterExit?

Generators run before ANY unit is started and produce transient unit files. Oneshot services run later in the boot process and can perform actions but cannot dynamically create unit definitions for systemd to manage. Use generators for unit creation, oneshot services for initialization tasks.

How do I debug a failing generator?

Run systemd in test mode: SYSTEMD_LOG_LEVEL=debug /lib/systemd/systemd --test --system --unit=multi-user.target 2>&1 | grep generator. Generator output goes to /run/systemd/generator*/ — check those directories for the generated unit files. Generators returning non-zero exit code are skipped silently.

Can template units reference other template instances?

Yes, using the %i specifier. For example, a database@.service can have After=backup@%i.service which references the same instance name. You can also use %j for the instance name with unescaped characters.

💰 想测试你的市场判断力?我用 Polymarket 做预测市场交易——这是全球最大的预测市场平台,从大选结果到 人工智能监管时间线,什么都可以押注。和赌博不同,这是真正的信息市场:你懂的信息越多,胜率越高。我靠预测 人工智能相关事件的走向已经赚了不少。用我的邀请链接注册:Polymarket.com