{{ ansible_managed | comment }}

[Unit]
Description=Caddy reverse proxy

[Service]
Restart=always
RestartSec=5s

ExecReload=/usr/bin/podman exec \
    -w /config \
    caddy \
    caddy reload

[Container]
Image={{ caddy_container_image }}:{{ caddy_image_tag }}
ContainerName=caddy

Exec=caddy run \
    --config /config/Caddyfile \
    --adapter caddyfile

AutoUpdate=registry
LogDriver=journald

NoNewPrivileges=true
ReadOnly=true
DropCapability=all
AddCapability=CAP_NET_BIND_SERVICE
UserNS=auto:size=65535
{% if caddy_selinux_level != omit %}
SecurityLabelLevel={{ caddy_selinux_level }}
{% endif %}

Network=caddy.network

PublishPort=80:80/tcp
PublishPort=443:443/tcp
PublishPort=443:443/udp

Volume={{ caddy_install_dir }}/config:/config:ro,U
Volume={{ caddy_install_dir }}/data:/data:U
Volume={{ caddy_install_dir }}/srv:/srv:U

PodmanArgs=--memory={{ caddy_memory_high }}
PodmanArgs=--memory-swap={{ caddy_swap_max }}
PodmanArgs=--memory-reservation={{ caddy_memory_low }}

[Install]
WantedBy=default.target