[Unit]
Description=Podman container-{{ services_service_name }}-certbot.service
Documentation=man:podman-generate-systemd(1)
Wants=network.target
After=network-online.target
BindsTo=pod-{{ services_service_name }}.service container-{{ services_service_name }}-nginx.service
After=pod-{{ services_service_name }}.service container-{{ services_service_name }}-nginx.service
OnFailure=status-mail@%n.service

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/container-{{ services_service_name }}-certbot.pid %t/container-{{ services_service_name }}-certbot.ctr-id
ExecStart=/usr/bin/podman run \
    --conmon-pidfile %t/container-{{ services_service_name }}-certbot.pid \
    --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id \
    --cgroups=no-conmon \
    --pod-id-file %t/pod-{{ services_service_name }}.pod-id \
    --replace \
    --label "io.containers.autoupdate=image" \
    --log-driver=journald \
    -dt \
    -v {{ system_etc_root_directory }}/resolv.conf:/etc/resolv.conf:ro \
    -v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:/etc/letsencrypt \
    -v var-lib-letsencrypt:/var/lib/letsencrypt \
    -v var-www-html:/var/www/html \
    -v ./.config/service/crontabs-root:/etc/crontabs/root \
    -v /etc/timezone:/etc/timezone:ro \
    -v /etc/localtime:/etc/localtime:ro \
    --name=pod-{{ services_service_name }}-certbot \
    --entrypoint=/usr/sbin/crond \
    docker.io/certbot/certbot:{{ services_service_deploy_versions.certbot }} -f
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-{{ services_service_name }}-certbot.ctr-id
PIDFile=%t/container-{{ services_service_name }}-certbot.pid
Type=forking

[Install]
WantedBy=multi-user.target default.target