[Unit]
After=network-online.target
Wants=network-online.target

[Container]
ContainerName=serial-terminal-server
Image=git.pyrocufflink.net/containerimages/serial-terminal-server
Pull=newer
ReadOnly=true
VolatileTmp=true
Volume=serial-logs:/var/log/serial:rw,z,U
Volume=serial-ssh:/etc/ssh:rw,z,U
Volume=/dev:/dev:rw
Volume=/etc/serterm/authorized_keys:/run/serial/.ssh/authorized_keys:ro,z,U
PublishPort=20022:20022
RunInit=true
# SELinux does not allow container_t access to devpts_t (for tmux)
SecurityLabelDisable=true
PodmanArgs=--device-cgroup-rule='c 188:* rw'
# This must be the GID of the "dialout" group on the host
# Using the group name would resolve the GID inside the container,
# which would not give the correct permissions.
PodmanArgs=--group-add=18

[Service]
Restart=always
RestartSec=2s

[Install]
WantedBy=multi-user.target