{{ ansible_managed | comment }}

[Unit]
Description = hedgedoc Server
Requires = hedgedoc-postgres.service
After = hedgedoc-postgres.service

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ hedgedoc_containerimage }}:{{ hedgedoc_image_tag }}
ContainerName = hedgedoc

# Required for it to not use root / gosu in entrypoint
User = 10000

# AutoUpdate = registry
LogDriver = journald

ReadOnly = true
NoNewPrivileges = true
DropCapability = all
UserNS = auto:size=65535
{% if hedgedoc_selinux_level != omit %}
SecurityLabelLevel = {{ hedgedoc_selinux_level }}
{% endif %}

Network = caddy.network

Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=10m

EnvironmentFile = {{ hedgedoc_install_dir }}/hedgedoc.env

Volume = {{ hedgedoc_install_dir }}/uploads:/hedgedoc/public/uploads:U
Volume = hedgedoc-postgres-socket:/var/run/postgresql:z

PodmanArgs = --memory={{ hedgedoc_memory_high }}
PodmanArgs = --memory-swap={{ hedgedoc_swap_max }}
PodmanArgs = --memory-reservation={{ hedgedoc_memory_low }}

[Install]
WantedBy = default.target