infrastructure/roles/saiblog/templates/saiblog.container.j2

{{ ansible_managed | comment }}

[Unit]
Description = Saiblog

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ saiblog_containerimage }}:{{ saiblog_image_tag }}
ContainerName = saiblog

# AutoUpdate = registry
LogDriver = journald

ReadOnly = true
NoNewPrivileges = true
DropCapability = all
UserNS = auto:size=65535
{% if saiblog_selinux_level != omit %}
SecurityLabelLevel = {{ saiblog_selinux_level }}
{% endif %}

Network = caddy.network

Tmpfs = /var/cache/nginx:rw,noexec,nosuid,nodev,size=74m
Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=8m

PodmanArgs = --memory={{ saiblog_memory_high }}
PodmanArgs = --memory-swap={{ saiblog_swap_max }}
PodmanArgs = --memory-reservation={{ saiblog_memory_low }}

[Install]
WantedBy = default.target