diff --git a/matrix-synapse.spec b/matrix-synapse.spec
index c0947cf..c95b95d 100644
--- a/matrix-synapse.spec
+++ b/matrix-synapse.spec
@@ -1,7 +1,7 @@
 %global srcname synapse
 
 # Version suffix in URL when building release candidates
-%global rcx rc1
+%global rcx %{nil}
 %global ghversion 1.37.0
 
 %{?python_enable_dependency_generator}
@@ -22,6 +22,7 @@ Source0:    %{url}/archive/v%{ghversion}%{rcx}/%{srcname}-%{ghversion}%{rcx}.tar
 Source1:    synapse.sysconfig
 Source2:    synapse.service
 Source3:    synapse-homeserver
+Source4:    synapse@.service
 BuildArch:  noarch
 
 BuildRequires:  python3-devel
@@ -127,13 +128,15 @@ exit 0
 
 %post
 %systemd_post synapse.service
+%systemd_post synapse@.service
 
 %preun
 %systemd_preun synapse.service
+%systemd_preun synapse@.service
 
 %postun
 %systemd_postun_with_restart synapse.service
-
+%systemd_postun_with_restart synapse@.service
 
 %files
 %license LICENSE
@@ -143,6 +146,7 @@ exit 0
 %{python3_sitelib}/matrix_synapse*.egg-info/
 %{_bindir}/*
 %{_unitdir}/synapse.service
+%{_unitdir}/synapse@.service
 %attr(755,synapse,synapse) %dir %{_sharedstatedir}/synapse
 %attr(755,synapse,synapse) %dir %{_sysconfdir}/synapse
 %attr(644,synapse,synapse) %config(noreplace) %{_sysconfdir}/synapse/*
diff --git a/synapse@.service b/synapse@.service
new file mode 100644
index 0000000..4439cbd
--- /dev/null
+++ b/synapse@.service
@@ -0,0 +1,70 @@
+[Unit]
+Description=Synapse Worker %i
+AssertPathExists=/etc/synapse/workers/%i.yaml
+
+# This service should be restarted when the synapse target is restarted.
+#PartOf=synapse.target
+#ReloadPropagatedFrom=synapse.target
+
+# if this is started at the same time as the main, let the main process start
+# first, to initialise the database schema.
+After=synapse.service
+
+[Service]
+Type=notify
+NotifyAccess=main
+User=synapse
+WorkingDirectory=/var/lib/synapse
+ExecStart=/usr/bin/python -m synapse.app.generic_worker --config-path=/etc/synapse/homeserver.yaml --config-path=/etc/synapse/workers/%i.yaml
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=3
+SyslogIdentifier=synapse-%i
+
+Environment="LD_PRELOAD=/usr/lib64/libjemalloc.so.2"
+CPUAccounting=on
+MemoryAccounting=on
+
+MemoryHigh=500M
+MemoryMax=1G
+MemorySwapMax=1G
+
+CPUWeight=75
+
+PrivateTmp=yes
+PrivateDevices=true
+PrivateUsers=true
+
+CapabilityBoundingSet=
+AmbientCapabilities=
+
+DevicePolicy=closed
+
+ProtectSystem=strict
+ProtectHome=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectClock=true
+ProtectKernelLogs=yes
+ProtectHostname=true
+
+ProtectProc=invisible
+ProcSubset=pid
+
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+
+NoNewPrivileges=yes
+LockPersonality=yes
+
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources @obsolete
+
+RemoveIPC=true
+
+[Install]
+WantedBy=multi-user.target