{{ ansible_managed | comment }}

[Unit]
Description = Postgres for Mastodon

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ mastodon_postgres_containerimage }}:{{ mastodon_postgres_image_tag }}
ContainerName = mastodon-postgres

HealthCmd = CMD pg_isready -U postgres

# AutoUpdate = registry
LogDriver = journald

# User = 70
# Group = 70

# TODO: Investigate necessary capabilities
# NoNewPrivileges = true
ReadOnly = true
DropCapability = all
AddCapability = CHOWN DAC_OVERRIDE SETUID SETGID
UserNS = auto:size=65535
{% if mastodon_postgres_selinux_level != omit %}
SecurityLabelLevel = {{ mastodon_postgres_selinux_level }}
{% endif %}

EnvironmentFile = {{ mastodon_install_location }}/mastodon-postgres.env

Volume = mastodon-postgres-socket:/var/run/postgresql:U,z
Volume = {{ mastodon_postgres_location }}:/var/lib/postgresql/data:U
Tmpfs = /run/postgresql:rw,noexec,nosuid,nodev,size=1m
Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=50m

ExposeHostPort = 5432

PodmanArgs = --memory={{ mastodon_postgres_memory_high }}
PodmanArgs = --memory-swap={{ mastodon_postgres_swap_max }}
PodmanArgs = --memory-reservation={{ mastodon_postgres_memory_low }}

PodmanArgs = --stop-signal=SIGINT

[Install]
WantedBy = default.target