45 lines
1.2 KiB
Django/Jinja
45 lines
1.2 KiB
Django/Jinja
{{ ansible_managed | comment }}
|
|
|
|
[Unit]
|
|
Description = Nginx for Mastodon
|
|
Requires = mastodon-web.service mastodon-streaming.service
|
|
After = mastodon-web.service mastodon-streaming.service
|
|
|
|
[Service]
|
|
Restart = always
|
|
RestartSec = 5s
|
|
|
|
[Container]
|
|
Image = {{ mastodon_nginx_containerimage }}:{{ mastodon_nginx_image_tag }}
|
|
ContainerName = mastodon-nginx
|
|
|
|
# AutoUpdate = registry
|
|
LogDriver = journald
|
|
|
|
ReadOnly = true
|
|
NoNewPrivileges = true
|
|
DropCapability = all
|
|
UserNS = container:mastodon-web
|
|
{% if mastodon_nginx_selinux_level != omit %}
|
|
SecurityLabelLevel = {{ mastodon_nginx_selinux_level }}
|
|
{% endif %}
|
|
|
|
Network = mastodon-backend.network
|
|
Network = caddy.network:alias=caddy-mastodon-nginx
|
|
ExposeHostPort = 8080
|
|
|
|
# Equal to mastodon user, so it can stat the public folder
|
|
User = 991
|
|
|
|
Volume = {{ mastodon_public_location }}:/usr/share/nginx/html/system:ro
|
|
Volume = {{ mastodon_install_location }}/default.conf:/etc/nginx/conf.d/default.conf:U,ro
|
|
|
|
Tmpfs = /var/cache/nginx:rw,noexec,nosuid,nodev,size=1g
|
|
Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=100m
|
|
|
|
PodmanArgs = --memory={{ mastodon_nginx_memory_high }}
|
|
PodmanArgs = --memory-swap={{ mastodon_nginx_swap_max }}
|
|
PodmanArgs = --memory-reservation={{ mastodon_nginx_memory_low }}
|
|
|
|
[Install]
|
|
WantedBy = default.target
|