Based on chungy's system service
Place minecraft@.service in /lib/systemd/system, and run systemctl daemon-reload. mc-< your server name > should go into /etc/conf.d or an equivalent directory (change the path in the service too). /etc/conf.d/mc-<your server name> should not have world permissions. chown root:root and chmod 600 the file. Your server should be at /opt/minecraft/<your server name> and your server executable should be called server.jar.
The user and group minecraft should exist. The minecraft user should only be a member of the minecraft group, for system security. The service is set up as such that security exploits of the Minecraft server and/or Java do not severely affect the rest of the system. /home is entirely inaccessible, /tmp and /var/tmp are sandboxed, no real device access is possible, and system directories like /etc cannot be written to. This takes hold even if there are otherwise file modes that would allow it.
In order to access the server terminal rcon should be enabled in you server. In server.properties:
enable-rcon=true
rcon.port=<your desired port>
rcon.password=<A stron password>To connec to the rcon terminal mcrcon is recomended.
mcrcon -H localhost -P <your rcon port> -p <your rcon password>
Tested on minecraft 1.14.4 (Vanilla and PaperMC)