{{ ansible_managed | comment }}

[Unit]
Description = Grafana Server

[Service]
Restart = always
RestartSec = 5s

[Container]
Image={{ monitoring_grafana_containerimage }}:{{ monitoring_grafana_image_tag }}
ContainerName = grafana

AutoUpdate = registry
LogDriver = journald

NoNewPrivileges = true
ReadOnly = true
DropCapability = all
UserNS = auto:size=65535
{% if monitoring_grafana_selinux_level != omit %}
SecurityLabelLevel = {{ monitoring_grafana_selinux_level }}
{% endif %}

Network = caddy.network

ExposeHostPort = 3000

Volume = {{ monitoring_install_dir }}/grafana/data:/var/lib/grafana:U
Volume = {{ monitoring_install_dir }}/grafana/config/grafana.ini:/etc/grafana/grafana.ini:ro,U
Volume = {{ monitoring_install_dir }}/grafana/config/provisioning:/etc/grafana/provisioning:ro,U

Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=64m

PodmanArgs = --memory={{ monitoring_grafana_memory_high }}
PodmanArgs = --memory-swap={{ monitoring_grafana_swap_max }}
PodmanArgs = --memory-reservation={{ monitoring_grafana_memory_low }}

[Install]
WantedBy = default.target