39 lines
1 KiB
Django/Jinja
39 lines
1 KiB
Django/Jinja
{{ ansible_managed | comment }}
|
|
|
|
[Unit]
|
|
Description = Postgres for synapse
|
|
|
|
[Service]
|
|
Restart = always
|
|
RestartSec = 5s
|
|
|
|
[Container]
|
|
Image = {{ synapse_postgres_containerimage }}:{{ synapse_postgres_image_tag }}
|
|
ContainerName = synapse-postgres
|
|
|
|
# AutoUpdate = registry
|
|
LogDriver = journald
|
|
|
|
# NoNewPrivileges = true
|
|
ReadOnly = true
|
|
DropCapability = all
|
|
AddCapability = CHOWN DAC_OVERRIDE SETUID SETGID
|
|
UserNS = auto:size=65535
|
|
{% if synapse_postgres_selinux_level != omit %}
|
|
SecurityLabelLevel = {{ synapse_postgres_selinux_level }}
|
|
{% endif %}
|
|
|
|
EnvironmentFile = {{ synapse_install_dir }}/synapse-postgres.env
|
|
|
|
Volume = synapse-postgres-socket:/var/run/postgresql:U,z
|
|
Volume = {{ synapse_install_dir }}/postgres:/var/lib/postgresql/data:U
|
|
Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=1m
|
|
|
|
PodmanArgs = --memory={{ synapse_postgres_memory_high }}
|
|
PodmanArgs = --memory-swap={{ synapse_postgres_swap_max }}
|
|
PodmanArgs = --memory-reservation={{ synapse_postgres_memory_low }}
|
|
|
|
PodmanArgs = --stop-signal=SIGINT
|
|
|
|
[Install]
|
|
WantedBy = default.target
|