{{ ansible_managed | comment }}

[Unit]
Description = Postgres for keycloak

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ keycloak_postgres_containerimage }}:{{ keycloak_postgres_image_tag }}
ContainerName = keycloak-postgres

AutoUpdate = registry
LogDriver = journald

NoNewPrivileges = true
ReadOnly = true
DropCapability = all
AddCapability = CHOWN DAC_OVERRIDE SETUID SETGID
UserNS = auto:size=65535
{% if keycloak_selinux_level != omit %}
SecurityLabelLevel = {{ keycloak_selinux_level }}
{% endif %}

Network = keycloak.network
ExposeHostPort = 5432

EnvironmentFile = {{ keycloak_install_dir }}/keycloak-postgres.env

Volume = {{ keycloak_install_dir }}/postgres:/var/lib/postgresql/data:U
Tmpfs = /run/postgresql:rw,noexec,nosuid,nodev,size=1m
Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=50m

PodmanArgs = --memory={{ keycloak_postgres_memory_high }}
PodmanArgs = --memory-swap={{ keycloak_postgres_swap_max }}
PodmanArgs = --memory-reservation={{ keycloak_postgres_memory_low }}

PodmanArgs = --stop-signal=SIGINT

[Install]
WantedBy = default.target