[Unit]
Description=nginx
Wants=network.target
After=network.target

[Container]
Image=docker.io/library/nginx:1.25
User=101
Group=101
Volume=%E/nginx/nginx.conf:/etc/nginx/nginx.conf:ro,z
Volume=%E/nginx/conf.d:/etc/nginx/conf.d:ro,z
Volume=%E/nginx/default.d:/etc/nginx/default.d:ro,z
Volume=%E/pki/nginx:/etc/pki/nginx:ro,z
Mount=type=tmpfs,dst=/var/cache/nginx,chown=true
VolatileTmp=yes
ReadOnly=true
AddCapability=CAP_NET_BIND_SERVICE
Network=host

[Service]
Restart=always
ExecReload=/usr/bin/podman exec -i systemd-%N nginx -s reload

[Install]
WantedBy=multi-user.target