infrastructure/roles/synapse/templates/synapse.container.j2

{{ ansible_managed | comment }}

[Unit]
Description = Synapse Server
Requires = synapse-postgres.service
After = synapse-postgres.service

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ synapse_containerimage }}:{{ synapse_image_tag }}
ContainerName = synapse

# AutoUpdate = registry
LogDriver = journald

User = 991

ReadOnly = true
NoNewPrivileges = true
DropCapability = all
UserNS = auto:size=65535
{% if synapse_selinux_level != omit %}
SecurityLabelLevel = {{ synapse_selinux_level }}
{% endif %}

Network = caddy.network

Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=64M
Tmpfs = /compiled:rw,noexec,nosuid,nodev,size=128K

EnvironmentFile = {{ synapse_install_dir }}/synapse.env

Volume = {{ synapse_install_dir }}/data:/data:U
Volume = synapse-postgres-socket:/var/run/postgresql:z

PodmanArgs = --memory={{ synapse_memory_high }}
PodmanArgs = --memory-swap={{ synapse_swap_max }}
PodmanArgs = --memory-reservation={{ synapse_memory_low }}

[Install]
WantedBy = default.target
refactor!(matrix): migrate to podman quadlet & rename Merged delegate and synapse together. THIS IS BREAKING! 2025-01-19 22:09:06 +01:00			`{{ ansible_managed \| comment }}`

			`[Unit]`
			`Description = Synapse Server`
			`Requires = synapse-postgres.service`
			`After = synapse-postgres.service`

			`[Service]`
			`Restart = always`
			`RestartSec = 5s`

			`[Container]`
			`Image = {{ synapse_containerimage }}:{{ synapse_image_tag }}`
			`ContainerName = synapse`

			`# AutoUpdate = registry`
			`LogDriver = journald`

			`User = 991`

			`ReadOnly = true`
			`NoNewPrivileges = true`
			`DropCapability = all`
			`UserNS = auto:size=65535`
			`{% if synapse_selinux_level != omit %}`
			`SecurityLabelLevel = {{ synapse_selinux_level }}`
			`{% endif %}`

			`Network = caddy.network`

			`Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=64M`
			`Tmpfs = /compiled:rw,noexec,nosuid,nodev,size=128K`

			`EnvironmentFile = {{ synapse_install_dir }}/synapse.env`

			`Volume = {{ synapse_install_dir }}/data:/data:U`
			`Volume = synapse-postgres-socket:/var/run/postgresql:z`

			`PodmanArgs = --memory={{ synapse_memory_high }}`
			`PodmanArgs = --memory-swap={{ synapse_swap_max }}`
			`PodmanArgs = --memory-reservation={{ synapse_memory_low }}`

			`[Install]`
			`WantedBy = default.target`