{{ ansible_managed | comment }}

[Unit]
Description = Synapse Server
Requires = synapse-postgres.service
After = synapse-postgres.service

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ synapse_containerimage }}:{{ synapse_image_tag }}
ContainerName = synapse

# AutoUpdate = registry
LogDriver = journald

User = 991

ReadOnly = true
NoNewPrivileges = true
DropCapability = all
UserNS = auto:size=65535
{% if synapse_selinux_level != omit %}
SecurityLabelLevel = {{ synapse_selinux_level }}
{% endif %}

Network = caddy.network

Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=64M
Tmpfs = /compiled:rw,noexec,nosuid,nodev,size=128K

EnvironmentFile = {{ synapse_install_dir }}/synapse.env

Volume = {{ synapse_install_dir }}/data:/data:U
Volume = synapse-postgres-socket:/var/run/postgresql:z

PodmanArgs = --memory={{ synapse_memory_high }}
PodmanArgs = --memory-swap={{ synapse_swap_max }}
PodmanArgs = --memory-reservation={{ synapse_memory_low }}

[Install]
WantedBy = default.target