# vim: set ft=systemd :
[Unit]
Description=Apply Configuration Policy
Wants=network-online.target
After=network-online.target
After=install-packages.service
After=ssh-host-certs.service

[Container]
Image=git.pyrocufflink.net/infra/cfg:latest
Pull=newer
Environment=RUST_LOG=debug
Volume=/:/host:rw
Volume=/run:/run:rw
Tmpfs=/root
ReadOnly=true
VolatileTmp=true
SecurityLabelDisable=true
PodmanArgs=--uts=host --cgroupns=host --ipc=host --pid=host --privileged
Network=host
LogDriver=passthrough

[Service]
Type=oneshot

[Install]
WantedBy=multi-user.target