{{ ansible_managed | comment }}

[Unit]
Description = ElasticSearch for Mastodon

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ mastodon_elasticsearch_containerimage }}:{{ mastodon_elasticsearch_image_tag }}
ContainerName = mastodon-elasticsearch

# To prevent it from using chroot
User = 1000

HealthCmd = CMD-SHELL curl --silent --fail localhost:9200/_cluster/health || exit 1

# AutoUpdate = registry
LogDriver = journald

NoNewPrivileges = true
DropCapability = all
UserNS = auto:size=65535
{% if mastodon_elasticsearch_selinux_level != omit %}
SecurityLabelLevel = {{ mastodon_elasticsearch_selinux_level }}
{% endif %}

EnvironmentFile = {{ mastodon_install_location }}/mastodon-elasticsearch.env

Network = mastodon-backend.network:alias=backend-mastodon-elasticsearch

Volume = {{ mastodon_elasticsearch_location }}:/usr/share/elasticsearch/data:U

Ulimit = nofile=65536:65536
Ulimit = memlock=-1:-1

PodmanArgs = --memory={{ mastodon_memory_high }}
PodmanArgs = --memory-swap={{ mastodon_swap_max }}
PodmanArgs = --memory-reservation={{ mastodon_memory_low }}

[Install]
WantedBy = default.target