50 lines
1,017 B
Django/Jinja
50 lines
1,017 B
Django/Jinja
{{ ansible_managed | comment }}
|
|
|
|
[Unit]
|
|
Description=Caddy reverse proxy
|
|
|
|
[Service]
|
|
Restart=always
|
|
RestartSec=5s
|
|
|
|
ExecReload=/usr/bin/podman exec \
|
|
-w /config \
|
|
caddy \
|
|
caddy reload
|
|
|
|
[Container]
|
|
Image={{ caddy_container_image }}:{{ caddy_image_tag }}
|
|
ContainerName=caddy
|
|
|
|
Exec=caddy run \
|
|
--config /config/Caddyfile \
|
|
--adapter caddyfile
|
|
|
|
AutoUpdate=registry
|
|
LogDriver=journald
|
|
|
|
NoNewPrivileges=true
|
|
ReadOnly=true
|
|
DropCapability=all
|
|
AddCapability=CAP_NET_BIND_SERVICE
|
|
UserNS=auto:size=65535
|
|
{% if caddy_selinux_level != omit %}
|
|
SecurityLabelLevel={{ caddy_selinux_level }}
|
|
{% endif %}
|
|
|
|
Network=caddy.network
|
|
|
|
PublishPort=80:80/tcp
|
|
PublishPort=443:443/tcp
|
|
PublishPort=443:443/udp
|
|
|
|
Volume={{ caddy_install_dir }}/config:/config:ro,U
|
|
Volume={{ caddy_install_dir }}/data:/data:U
|
|
Volume={{ caddy_install_dir }}/srv:/srv:U
|
|
|
|
PodmanArgs=--memory={{ caddy_memory_high }}
|
|
PodmanArgs=--memory-swap={{ caddy_swap_max }}
|
|
PodmanArgs=--memory-reservation={{ caddy_memory_low }}
|
|
|
|
[Install]
|
|
WantedBy=default.target
|