overmind
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy


			
				
					
						
						
							
							#jinja2: lstrip_blocks: "True"
[Unit]
Description=Matrix nginx-proxy server
{% for service in matrix_nginx_proxy_systemd_required_services_list %}
Requires={{ service }}
After={{ service }}
{% endfor %}
{% for service in matrix_nginx_proxy_systemd_wanted_services_list %}
Wants={{ service }}
{% endfor %}
After=network-online.target
DefaultDependencies=no
PartOf=matrix.target

[Service]
Type=simple
Environment="HOME={{ matrix_systemd_unit_home_path }}"
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-nginx-proxy 2>/dev/null'
ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null'

ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-nginx-proxy \
			--log-driver=none \
			--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
			--cap-drop=AUDIT_WRITE \
			--cap-drop=CHOWN \
			--cap-drop=DAC_OVERRIDE \
			--cap-drop=FOWNER \
			--cap-drop=FSETID \
			--cap-drop=KILL \
			--cap-drop=MKNOD \
			--cap-drop=SETFCAP \
			--cap-drop=SETGID \
			--cap-drop=SETPCAP \
			--cap-drop=SETUID \
			--cap-drop=SYS_CHROOT \
			--read-only \
			--tmpfs=/tmp:rw,noexec,nosuid,size={{ matrix_nginx_proxy_tmp_directory_size_mb }}m \
			--network={{ matrix_docker_network }} \
			{% if matrix_nginx_proxy_container_http_host_bind_port %}
			-p {{ matrix_nginx_proxy_container_http_host_bind_port }}:8080 \
			{% endif %}
			{% if matrix_nginx_proxy_https_enabled and matrix_nginx_proxy_container_https_host_bind_port %}
			-p {{ matrix_nginx_proxy_container_https_host_bind_port }}:8443 \
			{% endif %}
			{% if matrix_nginx_proxy_proxy_matrix_federation_api_enabled and matrix_nginx_proxy_container_federation_host_bind_port %}
			-p {{ matrix_nginx_proxy_container_federation_host_bind_port }}:{{ matrix_nginx_proxy_proxy_matrix_federation_port }} \
			{% endif %}
			--mount type=bind,src={{ matrix_nginx_proxy_base_path }}/nginx.conf,dst=/etc/nginx/nginx.conf,ro \
			--mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst={{ matrix_nginx_proxy_data_path_in_container }},ro \
			--mount type=bind,src={{ matrix_nginx_proxy_confd_path }},dst=/etc/nginx/conf.d,ro \
			{% if matrix_ssl_retrieval_method != 'none' %}
			--mount type=bind,src={{ matrix_ssl_config_dir_path }},dst={{ matrix_ssl_config_dir_path }},ro \
			{% endif %}
			--mount type=bind,src={{ matrix_static_files_base_path }},dst={{ matrix_static_files_base_path }},ro \
			{% for volume in matrix_nginx_proxy_container_additional_volumes %}
			-v {{ volume.src }}:{{ volume.dst }}:{{ volume.options }} \
			{% endfor %}
			{% for arg in matrix_nginx_proxy_container_extra_arguments %}
			{{ arg }} \
			{% endfor %}
			{{ matrix_nginx_proxy_docker_image }}

ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} stop matrix-nginx-proxy 2>/dev/null'
ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-nginx-proxy 2>/dev/null'
ExecReload={{ matrix_host_command_docker }} exec matrix-nginx-proxy /usr/sbin/nginx -s reload
Restart=always
RestartSec=30
SyslogIdentifier=matrix-nginx-proxy

[Install]
WantedBy=matrix.target