diff --git a/README.md b/README.md
index 9b1c1a5..7a40f43 100644
--- a/README.md
+++ b/README.md
@@ -25,10 +25,10 @@ You can also use the ``ansible-galaxy`` command on the ``ansible-role-requiremen
 #  define "program_override" option in the systemd_services dictionary.
 systemd_bin_path: /usr/local/bin
 
-system_user_name: root
-system_group_name: root
-system_slice_name: system
-system_lock_path: /var/lock
+systemd_user_name: root
+systemd_group_name: root
+systemd_slice_name: system
+systemd_lock_path: /var/lock
 
 # This is the prefix used for all temp files of a given type.
 systemd_tempd_prefix: tempd
@@ -38,11 +38,17 @@ systemd_TimeoutSec: 120
 systemd_Restart: on-failure
 systemd_RestartSec: 2
 
-# Set accounting on systemd service
-system_CPUAccounting: true
-system_BlockIOAccounting: true
-system_MemoryAccounting: true
-system_TasksAccounting: true
+# Accounting options
+systemd_CPUAccounting: true
+systemd_BlockIOAccounting: true
+systemd_MemoryAccounting: true
+systemd_TasksAccounting: true
+
+# Sandboxing options
+systemd_PrivateTmp: true
+systemd_PrivateDevices: false
+systemd_PrivateNetwork: true
+systemd_PrivateUsers: true
 
 # Start service after a given target. This is here because we want to define common
 #  after targets used on most services. This can be overridden or agumented using
@@ -51,16 +57,13 @@ systemd_after_targets:
   - syslog.target
   - network.target
 
-# Set the service state. Valid options are: [started, stopped, restarted, reloaded].
-systemd_service_state: started
-
 # Set the service enabled state. Valid options are: [yes, no]
 systemd_service_enabled: yes
 
 # Set global service overrides used within the service unit file.
 systemd_service_config_overrides: {}
 
-# The systemD services dictionary is a set of services that will be created. The dictionary
+# The systemd services dictionary is a set of services that will be created. The dictionary
 #  can contain the following options:
 #  `service_name` -- (required) used to define the name of the service. This is typically the name of the executable.
 #  `init_config_overrides` -- (optional) This allows any section or key=value pair to be set within the systemd unit file.
@@ -108,4 +111,4 @@ systemd_services: {}
       tags:
         - servicex-init
 
-```
\ No newline at end of file
+```
diff --git a/ansible-role-requirements.yaml b/ansible-role-requirements.yaml
index ecfa1da..11fad79 100644
--- a/ansible-role-requirements.yaml
+++ b/ansible-role-requirements.yaml
@@ -1,4 +1,4 @@
 - name: "plugins"
   src: "https://git.openstack.org/openstack/openstack-ansible-plugins"
   scm: git
-  version: "master"
\ No newline at end of file
+  version: "master"
diff --git a/defaults/main.yml b/defaults/main.yml
index e7796b9..1166fe1 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -17,10 +17,10 @@
 #  define "program_override" option in the systemd_services dictionary.
 systemd_bin_path: /usr/local/bin
 
-system_user_name: root
-system_group_name: root
-system_slice_name: system
-system_lock_path: /var/lock
+systemd_user_name: root
+systemd_group_name: root
+systemd_slice_name: system
+systemd_lock_path: /var/lock
 
 # This is the prefix used for all temp files of a given type.
 systemd_tempd_prefix: tempd
@@ -30,11 +30,17 @@ systemd_TimeoutSec: 120
 systemd_Restart: on-failure
 systemd_RestartSec: 2
 
-# Set accounting on systemd service
-system_CPUAccounting: true
-system_BlockIOAccounting: true
-system_MemoryAccounting: true
-system_TasksAccounting: true
+# Accounting options
+systemd_CPUAccounting: true
+systemd_BlockIOAccounting: true
+systemd_MemoryAccounting: true
+systemd_TasksAccounting: true
+
+# Sandboxing options
+systemd_PrivateTmp: true
+systemd_PrivateDevices: false
+systemd_PrivateNetwork: false
+systemd_PrivateUsers: true
 
 # Start service after a given target. This is here because we want to define common
 #  after targets used on most services. This can be overridden or agumented using
@@ -43,16 +49,13 @@ systemd_after_targets:
   - syslog.target
   - network.target
 
-# Set the service state. Valid options are: [started, stopped, restarted, reloaded].
-systemd_service_state: started
-
 # Set the service enabled state. Valid options are: [yes, no]
 systemd_service_enabled: yes
 
 # Set global service overrides used within the service unit file.
 systemd_service_config_overrides: {}
 
-# The systemD services dictionary is a set of services that will be created. The dictionary
+# The systemd services dictionary is a set of services that will be created. The dictionary
 #  can contain the following options:
 #  `service_name` -- (required) used to define the name of the service. This is typically the name of the executable.
 #  `init_config_overrides` -- (optional) This allows any section or key=value pair to be set within the systemd unit file.
@@ -70,6 +73,10 @@ systemd_service_config_overrides: {}
 #       service_name: ServiceX
 #       init_config_overrides: {}  # This is used to add in arbitratry unit file options
 #       program_config_options: '--flag1 things --flag2 other'
+#       program_sandboxing:
+#         PrivateTmp: true
+#       program_accounting:
+#         CPUAccounting: true
 #     ServiceY:
 #       service_name: ServiceY
 #       init_config_overrides: {}  # This is used to add in arbitratry unit file options
diff --git a/html-docs/index.html b/html-docs/index.html
index cced088..24aaa45 100644
--- a/html-docs/index.html
+++ b/html-docs/index.html
@@ -29,7 +29,7 @@
     <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
 <![endif]-->
 <link rel="stylesheet" href="_static/sphinxmark.css" type="text/css" />
-  
+
 
 
 <!-- Google Analytics -->
@@ -185,11 +185,11 @@ ga('send', 'pageview');
 <div class="row">
   <div class="col-lg-8">
       <h2>systemd_init role for OpenStack-Ansible</h2>
-    
+
   </div>
   <div class="docs-actions">
-    
-    
+
+
     <a id="logABugLink1" href="" target="_blank" title="Found an error? Report a bug against this page"><i class="fa fa-bug" data-toggle="tooltip" data-placement="top" title="Report a Bug"></i></a>
   </div>
 </div>
@@ -264,7 +264,7 @@ ga('send', 'pageview');
 <span class="c1"># Set the service enabled state. Valid options are: [yes, no]</span>
 <span class="l l-Scalar l-Scalar-Plain">systemd_service_enabled</span><span class="p p-Indicator">:</span> <span class="l l-Scalar l-Scalar-Plain">yes</span>
 
-<span class="c1"># The systemD services dictionary is a set of services that will be created. The dictionary</span>
+<span class="c1"># The systemd services dictionary is a set of services that will be created. The dictionary</span>
 <span class="c1">#  can contain the following options:</span>
 <span class="c1">#  `service_name` -- (required) used to define the name of the service. This is typically the name of the executable.</span>
 <span class="c1">#  `init_config_overrides` -- (optional) This allows any section or key=value pair to be set within the systemd unit file.</span>
@@ -325,8 +325,8 @@ ga('send', 'pageview');
             </div>
           </div>
           <div class="docs-actions">
-          
-          
+
+
             <a id="logABugLink3" href="" target="_blank" title="Found an error? Report a bug against this page"><i class="fa fa-bug" data-toggle="tooltip" data-placement="top" title="Report a Bug"></i></a>
           </div>
           <div class="row docs-byline bottom">
@@ -376,7 +376,7 @@ ga('send', 'pageview');
   <div class="docs-sidebar-toc">
     <div class="docs-sidebar-section" id="table-of-contents">
       <a href="#" class="docs-sidebar-section-title"><h4>Contents</h4></a>
-      
+
     </div>
   </div>
 </div>
@@ -505,4 +505,4 @@ s.parentNode.insertBefore(gcse, s);
 </script>
 
   </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/meta/main.yml b/meta/main.yml
index 9bd9ca0..ee3a77c 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -26,8 +26,13 @@ galaxy_info:
     - name: EL
       versions:
         - 7
+    - name: opensuse
+      versions:
+        - 42.1
+        - 42.2
+        - 42.3
   categories:
-    - systemd_init
+    - systemd
     - development
   dependencies:
-    - role: plugins
+    - plugins
diff --git a/tasks/main.yml b/tasks/main.yml
index 5aeaffe..d125f25 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -15,56 +15,66 @@
 
 - name: Create TEMP run dir
   file:
-    path: "/var/run/{{ item.value.service_name }}"
+    path: "/var/run/{{ item.service_name }}"
     state: directory
-    owner: "{{ system_user_name }}"
-    group: "{{ system_group_name }}"
+    owner: "{{ systemd_user_name }}"
+    group: "{{ systemd_group_name }}"
     mode: "02755"
-  with_dict: "{{ systemd_services }}"
+  with_items: "{{ systemd_services }}"
   tags:
    - systemd-init
 
 - name: Create TEMP lock dir
   file:
-    path: "/var/lock/{{ item.value.service_name }}"
+    path: "/var/lock/{{ item.service_name }}"
     state: directory
-    owner: "{{ system_user_name }}"
-    group: "{{ system_group_name }}"
+    owner: "{{ systemd_user_name }}"
+    group: "{{ systemd_group_name }}"
     mode: "02755"
-  with_dict: "{{ systemd_services }}"
+  with_items: "{{ systemd_services }}"
   tags:
     - systemd-init
 
 - name: Create tmpfiles.d entry
   template:
     src: "systemd-tmpfiles.j2"
-    dest: "/etc/tmpfiles.d/{{ systemd_tempd_prefix }}-{{ item.value.service_name }}.conf"
+    dest: "/etc/tmpfiles.d/{{ systemd_tempd_prefix }}-{{ item.service_name }}.conf"
+    mode: "0644"
+    owner: "root"
+    group: "root"
+  with_items: "{{ systemd_services }}"
+  tags:
+    - systemd-init
+
+- name: Create tmpfiles.d entry
+  template:
+    src: "systemd-tmpfiles-lock.j2"
+    dest: "/etc/tmpfiles.d/{{ systemd_tempd_prefix }}-{{ systemd_lock_path.strip('/') | replace('/', '-') }}-lock.conf"
     mode: "0644"
     owner: "root"
     group: "root"
-  with_dict: "{{ systemd_services }}"
   tags:
     - systemd-init
 
 - name: Place the systemd init script
   config_template:
-    src: "systemd-init.j2"
-    dest: "/etc/systemd/system/{{ item.value.service_name }}.service"
+    src: "systemd-service.j2"
+    dest: "/etc/systemd/system/{{ item.service_name }}.service"
     mode: "0644"
     owner: "root"
     group: "root"
-    config_overrides: "{{ item.value.init_config_overrides | default(systemd_service_config_overrides) }}"
+    config_overrides: "{{ item.init_config_overrides | default(systemd_service_config_overrides) }}"
     config_type: "ini"
-  with_dict: "{{ systemd_services }}"
+  with_items: "{{ systemd_services }}"
   tags:
     - systemd-init
 
 - name: Load service
   systemd:
-    name: "{{ item.value.service_name }}"
+    name: "{{ item.service_name }}"
     daemon_reload: yes
-    enabled: "{{ item.value.enabled | default(systemd_service_enabled) }}"
-    state: "{{ item.value.service_state | default(systemd_service_state) }}"
-  with_dict: "{{ systemd_services }}"
+    enabled: "{{ item.enabled | default(systemd_service_enabled) }}"
+    state: "{{ item.state | default(omit) }}"
+  with_items: "{{ systemd_services }}"
   tags:
     - systemd-init
diff --git a/templates/systemd-init.j2 b/templates/systemd-init.j2
deleted file mode 100644
index 6c61439..0000000
--- a/templates/systemd-init.j2
+++ /dev/null
@@ -1,37 +0,0 @@
-# {{ ansible_managed }}
-
-[Unit]
-Description={{ item.value.service_name }} service
-{% for item in systemd_after_targets %}
-After={{ item }}
-{% endfor %}
-
-[Service]
-Type=simple
-User={{ system_user_name }}
-Group={{ system_group_name }}
-
-{% if item.value.program_override is defined %}
-ExecStart={{ item.value.program_override }} {{ item.value.program_config_options | default('') }}
-{% else %}
-ExecStart={{ systemd_bin_path }}/{{ item.value.service_name }} {{ item.value.program_config_options | default('') }}
-{% endif %}
-
-# Give a reasonable amount of time for the server to start up/shut down
-TimeoutSec={{ systemd_TimeoutSec }}
-Restart={{ systemd_Restart }}
-RestartSec={{ systemd_RestartSec }}
-
-# This creates a specific slice which all services will operate from
-#  The accounting options give us the ability to see resource usage through
-#  the `systemd-cgtop` command.
-Slice={{ system_slice_name }}.slice
-
-# Set Accounting
-CPUAccounting={{ system_CPUAccounting }}
-BlockIOAccounting={{ system_BlockIOAccounting }}
-MemoryAccounting={{ system_MemoryAccounting }}
-TasksAccounting={{ system_TasksAccounting }}
-
-[Install]
-WantedBy=multi-user.target
diff --git a/templates/systemd-service.j2 b/templates/systemd-service.j2
new file mode 100644
index 0000000..00a1f1f
--- /dev/null
+++ b/templates/systemd-service.j2
@@ -0,0 +1,61 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description={{ item.service_name }} service
+{% for item in systemd_after_targets %}
+After={{ item }}
+{% endfor %}
+
+[Service]
+Type={{ item.service_type | default('simple') }}
+User={{ systemd_user_name }}
+Group={{ systemd_group_name }}
+
+{% if item.program_override is defined %}
+ExecStart={{ item.program_override }} {{ item.program_config_options | default('') }}
+{% else %}
+ExecStart={{ systemd_bin_path }}/{{ item.service_name }} {{ item.program_config_options | default('') }}
+{% endif %}
+
+{% if item.program_reload is defined %}
+ExecReload={{ item.program_reload }}
+{% else %}
+ExecReload=/bin/kill -HUP $MAINPID
+{% endif %}
+
+# Give a reasonable amount of time for the server to start up/shut down
+TimeoutSec={{ systemd_TimeoutSec }}
+Restart={{ systemd_Restart }}
+RestartSec={{ systemd_RestartSec }}
+
+# This creates a specific slice which all services will operate from
+#  The accounting options give us the ability to see resource usage through
+#  the `systemd-cgtop` command.
+Slice={{ systemd_slice_name }}.slice
+
+# Set Accounting
+{% if item.program_accounting is defined %}
+{%   for key, value in item.program_accounting.items() %}
+{{ key }}={{ value }}
+{%   endfor %}
+{% else %}
+CPUAccounting={{ systemd_CPUAccounting }}
+BlockIOAccounting={{ systemd_BlockIOAccounting }}
+MemoryAccounting={{ systemd_MemoryAccounting }}
+TasksAccounting={{ systemd_TasksAccounting }}
+{% endif %}
+
+# Set Sandboxing
+{% if item.program_sandboxing is defined %}
+{%   for key, value in item.program_sandboxing.items() %}
+{{ key }}={{ value }}
+{%   endfor %}
+{% else %}
+PrivateTmp={{ systemd_PrivateTmp }}
+PrivateDevices={{ systemd_PrivateDevices }}
+PrivateNetwork={{ systemd_PrivateNetwork }}
+PrivateUsers={{ systemd_PrivateUsers }}
+{% endif %}
+
+[Install]
+WantedBy=multi-user.target
diff --git a/templates/systemd-tmpfiles-lock.j2 b/templates/systemd-tmpfiles-lock.j2
new file mode 100644
index 0000000..e570245
--- /dev/null
+++ b/templates/systemd-tmpfiles-lock.j2
@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+D {{ systemd_lock_path }} 2755 {{ systemd_user_name }} {{ systemd_group_name }}
diff --git a/templates/systemd-tmpfiles.j2 b/templates/systemd-tmpfiles.j2
index 18100cf..11d1ee1 100644
--- a/templates/systemd-tmpfiles.j2
+++ b/templates/systemd-tmpfiles.j2
@@ -1,5 +1,4 @@
 # {{ ansible_managed }}
 
-D /var/lock/{{ item.value.service_name }} 2755 {{ system_user_name }} {{ system_group_name }}
-D /var/run/{{ item.value.service_name }} 2755 {{ system_user_name }} {{ system_group_name }}
-D {{ system_lock_path }} 2755 {{ system_user_name }} {{ system_group_name }}
+D /var/lock/{{ item.service_name }} 2755 {{ systemd_user_name }} {{ systemd_group_name }}
+D /var/run/{{ item.service_name }} 2755 {{ systemd_user_name }} {{ systemd_group_name }}