{{ ansible_managed | comment }}

[Unit]
Description = Element Web

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ elementweb_containerimage }}:{{ elementweb_image_tag }}
ContainerName = elementweb

# AutoUpdate = registry
LogDriver = journald

ReadOnly = true
NoNewPrivileges = true
DropCapability = all
AddCapability = DAC_OVERRIDE
UserNS = auto:size=65535
{% if elementweb_selinux_level != omit %}
SecurityLabelLevel = {{ elementweb_selinux_level }}
{% endif %}

Network = caddy.network

Environment = ELEMENT_WEB_PORT=8000

Volume = {{ elementweb_install_dir }}/config.json:/app/config.json:ro,U

Tmpfs = /var/cache/nginx:rw,noexec,nosuid,nodev,size=1m
Tmpfs = /var/run:rw,noexec,nosuid,nodev,size=1m
Tmpfs = /etc/nginx/conf.d:rw,noexec,nosuid,nodev,size=8m,mode=1770,U

PodmanArgs = --memory={{ elementweb_memory_high }}
PodmanArgs = --memory-swap={{ elementweb_swap_max }}
PodmanArgs = --memory-reservation={{ elementweb_memory_low }}

[Install]
WantedBy = default.target