infrastructure/roles/mastodon/templates/mastodon-nginx.container.j2

{{ ansible_managed | comment }}

[Unit]
Description = Nginx for Mastodon
Requires = mastodon-web.service mastodon-streaming.service
After = mastodon-web.service mastodon-streaming.service

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ mastodon_nginx_containerimage }}:{{ mastodon_nginx_image_tag }}
ContainerName = mastodon-nginx

# AutoUpdate = registry
LogDriver = journald

ReadOnly = true
NoNewPrivileges = true
DropCapability = all
UserNS = container:mastodon-web
{% if mastodon_nginx_selinux_level != omit %}
SecurityLabelLevel = {{ mastodon_nginx_selinux_level }}
{% endif %}

Network = mastodon-backend.network
Network = caddy.network:alias=caddy-mastodon-nginx
ExposeHostPort = 8080

# Equal to mastodon user, so it can stat the public folder
User = 991

Volume = {{ mastodon_public_location }}:/usr/share/nginx/html/system:ro
Volume = {{ mastodon_install_location }}/default.conf:/etc/nginx/conf.d/default.conf:U,ro

Tmpfs = /var/cache/nginx:rw,noexec,nosuid,nodev,size=1g
Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=100m

PodmanArgs = --memory={{ mastodon_nginx_memory_high }}
PodmanArgs = --memory-swap={{ mastodon_nginx_swap_max }}
PodmanArgs = --memory-reservation={{ mastodon_nginx_memory_low }}

[Install]
WantedBy = default.target
refactor!(mastodon): Migrate to podman quadlet 2025-01-18 17:10:42 +01:00			`{{ ansible_managed \| comment }}`

			`[Unit]`
			`Description = Nginx for Mastodon`
			`Requires = mastodon-web.service mastodon-streaming.service`
			`After = mastodon-web.service mastodon-streaming.service`

			`[Service]`
			`Restart = always`
			`RestartSec = 5s`

			`[Container]`
			`Image = {{ mastodon_nginx_containerimage }}:{{ mastodon_nginx_image_tag }}`
			`ContainerName = mastodon-nginx`

			`# AutoUpdate = registry`
			`LogDriver = journald`

			`ReadOnly = true`
			`NoNewPrivileges = true`
			`DropCapability = all`
			`UserNS = container:mastodon-web`
			`{% if mastodon_nginx_selinux_level != omit %}`
			`SecurityLabelLevel = {{ mastodon_nginx_selinux_level }}`
			`{% endif %}`

			`Network = mastodon-backend.network`
			`Network = caddy.network:alias=caddy-mastodon-nginx`
			`ExposeHostPort = 8080`

			`# Equal to mastodon user, so it can stat the public folder`
			`User = 991`

			`Volume = {{ mastodon_public_location }}:/usr/share/nginx/html/system:ro`
			`Volume = {{ mastodon_install_location }}/default.conf:/etc/nginx/conf.d/default.conf:U,ro`

			`Tmpfs = /var/cache/nginx:rw,noexec,nosuid,nodev,size=1g`
			`Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=100m`

			`PodmanArgs = --memory={{ mastodon_nginx_memory_high }}`
			`PodmanArgs = --memory-swap={{ mastodon_nginx_swap_max }}`
			`PodmanArgs = --memory-reservation={{ mastodon_nginx_memory_low }}`

			`[Install]`
			`WantedBy = default.target`