# vim: set ft=systemd :
[Unit]
After=network-online.target
Wants=network-online.target
Requires=gen-nginx-cert.service

[Container]
Image=docker.io/library/nginx
Network=host
Volume=/etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
Volume=/etc/nginx/conf.d:/etc/nginx/conf.d:ro
Volume=/etc/nginx/ssl:/etc/nginx/ssl:ro
Volume=/dev/log:/dev/log
User=82
Group=82
AddCapability=CAP_NET_BIND_SERVICE
ReadOnly=true
VolatileTmp=yes

[Service]
ProtectSystem=full
UMask=0077
ExecReload=/usr/bin/podman exec systemd-%N nginx -s reload

[Install]
WantedBy=multi-user.target