[Unit]
Description=nginx
Wants=network.target
After=network.target

[Container]
Image=docker.io/library/nginx:1.25
User=101
Group=101
Volume=%E/nginx:/etc/nginx:ro
Volume=%E/pki/nginx:/etc/pki/nginx:ro
Tmpfs=/var/cache/nginx
Tmpfs=/var/run/nginx
ReadOnly=true
AddCapability=CAP_NET_BIND_SERVICE
Network=host

[Service]
Restart=always
ExecReload=/usr/bin/podman exec -i systemd-%N nginx -s reload

[Install]
WantedBy=multi-user.target