infrastructure/roles/mastodon/templates/mastodon-redis.container.j2

{{ ansible_managed | comment }}

[Unit]
Description = Redis for Mastodon

[Service]
Restart = always
RestartSec = 5s

[Container]
Image = {{ mastodon_redis_containerimage }}:{{ mastodon_redis_image_tag }}
ContainerName = mastodon-redis

HealthCmd = CMD redis-cli -s /run/redis/redis.sock ping

Exec = redis-server /usr/lib/redis/redis.conf

# AutoUpdate = registry
LogDriver = journald

NoNewPrivileges = true
ReadOnly = true
DropCapability = all
AddCapability = CHOWN DAC_OVERRIDE SETUID SETGID
UserNS = auto:size=65535
{% if mastodon_redis_selinux_level != omit %}
SecurityLabelLevel = {{ mastodon_redis_selinux_level }}
{% endif %}

User = redis
Group = redis

# Sysctl = vm.overcommit_memory=1

Volume = mastodon-redis-socket:/run/redis:U,z
Volume = {{ mastodon_install_location }}/redis.conf:/usr/lib/redis/redis.conf:U,ro
Volume = {{ mastodon_redis_location }}:/data:U

Tmpfs = /run:rw,noexec,nosuid,nodev,size=1m

PodmanArgs = --memory={{ mastodon_redis_memory_high }}
PodmanArgs = --memory-swap={{ mastodon_redis_swap_max }}
PodmanArgs = --memory-reservation={{ mastodon_redis_memory_low }}

[Install]
WantedBy = default.target