48 lines
1.2 KiB
Django/Jinja
48 lines
1.2 KiB
Django/Jinja
{{ ansible_managed | comment }}
|
|
|
|
[Unit]
|
|
Description = Postgres for Mastodon
|
|
|
|
[Service]
|
|
Restart = always
|
|
RestartSec = 5s
|
|
|
|
[Container]
|
|
Image = {{ mastodon_postgres_containerimage }}:{{ mastodon_postgres_image_tag }}
|
|
ContainerName = mastodon-postgres
|
|
|
|
HealthCmd = CMD pg_isready -U postgres
|
|
|
|
# AutoUpdate = registry
|
|
LogDriver = journald
|
|
|
|
# User = 70
|
|
# Group = 70
|
|
|
|
# TODO: Investigate necessary capabilities
|
|
# NoNewPrivileges = true
|
|
ReadOnly = true
|
|
DropCapability = all
|
|
AddCapability = CHOWN DAC_OVERRIDE SETUID SETGID
|
|
UserNS = auto:size=65535
|
|
{% if mastodon_postgres_selinux_level != omit %}
|
|
SecurityLabelLevel = {{ mastodon_postgres_selinux_level }}
|
|
{% endif %}
|
|
|
|
EnvironmentFile = {{ mastodon_install_location }}/mastodon-postgres.env
|
|
|
|
Volume = mastodon-postgres-socket:/var/run/postgresql:U,z
|
|
Volume = {{ mastodon_postgres_location }}:/var/lib/postgresql/data:U
|
|
Tmpfs = /run/postgresql:rw,noexec,nosuid,nodev,size=1m
|
|
Tmpfs = /tmp:rw,noexec,nosuid,nodev,size=50m
|
|
|
|
ExposeHostPort = 5432
|
|
|
|
PodmanArgs = --memory={{ mastodon_postgres_memory_high }}
|
|
PodmanArgs = --memory-swap={{ mastodon_postgres_swap_max }}
|
|
PodmanArgs = --memory-reservation={{ mastodon_postgres_memory_low }}
|
|
|
|
PodmanArgs = --stop-signal=SIGINT
|
|
|
|
[Install]
|
|
WantedBy = default.target
|