44 lines
1 KiB
Django/Jinja
44 lines
1 KiB
Django/Jinja
{{ ansible_managed | comment }}
|
|
|
|
[Unit]
|
|
Description = hedgedoc Server
|
|
Requires = hedgedoc-postgres.service
|
|
After = hedgedoc-postgres.service
|
|
|
|
[Service]
|
|
Restart = always
|
|
RestartSec = 5s
|
|
|
|
[Container]
|
|
Image = {{ hedgedoc_containerimage }}:{{ hedgedoc_image_tag }}
|
|
ContainerName = hedgedoc
|
|
|
|
# Required for it to not use root / gosu in entrypoint
|
|
User = 10000
|
|
|
|
# AutoUpdate = registry
|
|
LogDriver = journald
|
|
|
|
ReadOnly = true
|
|
NoNewPrivileges = true
|
|
DropCapability = all
|
|
UserNS = auto:size=65535
|
|
{% if hedgedoc_selinux_level != omit %}
|
|
SecurityLabelLevel = {{ hedgedoc_selinux_level }}
|
|
{% endif %}
|
|
|
|
Network = caddy.network
|
|
|
|
Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=10m
|
|
|
|
EnvironmentFile = {{ hedgedoc_install_dir }}/hedgedoc.env
|
|
|
|
Volume = {{ hedgedoc_install_dir }}/uploads:/hedgedoc/public/uploads:U
|
|
Volume = hedgedoc-postgres-socket:/var/run/postgresql:z
|
|
|
|
PodmanArgs = --memory={{ hedgedoc_memory_high }}
|
|
PodmanArgs = --memory-swap={{ hedgedoc_swap_max }}
|
|
PodmanArgs = --memory-reservation={{ hedgedoc_memory_low }}
|
|
|
|
[Install]
|
|
WantedBy = default.target
|