[Unit]
Description=Docker Registry v2 with nginx Reverse Proxy
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
User=CI_SERVICE_USER
Group=CI_SERVICE_USER
WorkingDirectory=/opt/APP_NAME/registry
ExecStart=/usr/bin/podman play kube registry-pod.yaml
ExecStop=/usr/bin/podman pod stop registry-pod
ExecReload=/usr/bin/podman pod restart registry-pod
TimeoutStartSec=0

# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/APP_NAME/registry /etc/registry /var/lib/registry /var/log/registry

[Install]
WantedBy=multi-user.target