# FlaskPaste container unit
# Deploy as flaskpaste user with data in /opt/flaskpaste
#
# Setup:
#   useradd -r -m -d /home/flaskpaste -s /sbin/nologin flaskpaste
#   mkdir -p /opt/flaskpaste && chown flaskpaste:flaskpaste /opt/flaskpaste
#   cp flaskpaste.container /home/flaskpaste/.config/containers/systemd/
#   sudo -u flaskpaste podman build -t localhost/flaskpaste:latest /path/to/source
#   loginctl enable-linger flaskpaste
#   systemctl --user -M flaskpaste@ daemon-reload
#   systemctl --user -M flaskpaste@ start flaskpaste

[Unit]
Description=FlaskPaste pastebin service
After=local-fs.target

[Container]
Image=localhost/flaskpaste:latest
ContainerName=flaskpaste
PublishPort=5001:5000
Volume=/opt/flaskpaste:/app/data:Z
UserNS=keep-id:uid=999,gid=999

Environment=FLASK_ENV=production
Environment=FLASKPASTE_URL_PREFIX=
Environment=FLASKPASTE_EXPIRY_ANON=432000
Environment=FLASKPASTE_MAX_ANON=3145728
Environment=FLASKPASTE_MAX_AUTH=52428800

# Note: Healthcheck defined in Containerfile; Quadlet healthcheck disabled to avoid race
# Resource limits (--memory, --cpus) require cgroup delegation for rootless

[Service]
Restart=always
TimeoutStartSec=300

[Install]
WantedBy=default.target