[Unit]
Description=Vaultwarden API server

[Service]
Type=notify
NotifyAccess=all
ExecStartPre=-/usr/bin/podman container rm --force --ignore vaultwarden
ExecStart=/usr/bin/podman run \
    --pull never \
    --sdnotify=conmon --cgroups=no-conmon \
    --rm \
    --network=host \
    --name vaultwarden \
    -v /var/lib/vaultwarden/data:/data:Z \
    --env-file /etc/sysconfig/vaultwarden \
    --uidmap 0:{{ vaultwarden_user.uid }}:1 \
    --gidmap 0:{{ vaultwarden_user.group }}:1 \
    --uidmap 1:100000:65536 \
    --gidmap 1:100000:65536 \
    docker.io/vaultwarden/server:latest
TemporaryFileSystem=/etc/containers/networks
SuccessExitStatus=143
ProtectSystem=full
UMask=0077

[Install]
WantedBy=multi-user.target