# {{ ansible_managed }}
[Unit]
Description=Traefik
Documentation=https://doc.traefik.io/traefik/
#After=network-online.target
AssertFileIsExecutable={{ traefik_opt }}/traefik
AssertPathExists={{ traefik_etc }}/traefik.yml

[Service]
# Run traefik as its own user (create new user with: useradd -r -s /bin/false -U -M traefik)
User=traefik
AmbientCapabilities=CAP_NET_BIND_SERVICE
ReadOnlyDirectories=/

# configure service behavior
Type=notify
ExecStart={{ traefik_opt }}/traefik --configFile={{ traefik_etc }}/traefik.yml
Restart=always
WatchdogSec=1s

# allow writing of acme.json
#ReadWritePaths=/var/traefik/acme.json
# depending on log and entrypoint configuration, you may need to allow writing to other paths, too

# limit number of processes in this unit
#LimitNPROC=1

[Install]
WantedBy=multi-user.target