{{ ansible_managed | comment }}

[Unit]
Description = Nginx for Mastodon
Requires = mastodon-web.service mastodon-streaming.service
After = mastodon-web.service mastodon-streaming.service

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ mastodon_nginx_containerimage }}:{{ mastodon_nginx_image_tag }}
ContainerName = mastodon-nginx

# AutoUpdate = registry
LogDriver = journald

ReadOnly = true
NoNewPrivileges = true
DropCapability = all
UserNS = container:mastodon-web
{% if mastodon_nginx_selinux_level != omit %}
SecurityLabelLevel = {{ mastodon_nginx_selinux_level }}
{% endif %}

Network = mastodon-backend.network
Network = caddy.network:alias=caddy-mastodon-nginx
ExposeHostPort = 8080

# Equal to mastodon user, so it can stat the public folder
User = 991

Volume = {{ mastodon_public_location }}:/usr/share/nginx/html/system:ro
Volume = {{ mastodon_install_location }}/default.conf:/etc/nginx/conf.d/default.conf:U,ro

Tmpfs = /var/cache/nginx:rw,noexec,nosuid,nodev,size=1g
Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=100m

PodmanArgs = --memory={{ mastodon_nginx_memory_high }}
PodmanArgs = --memory-swap={{ mastodon_nginx_swap_max }}
PodmanArgs = --memory-reservation={{ mastodon_nginx_memory_low }}

[Install]
WantedBy = default.target