{{ ansible_managed | comment }}
[Unit]
Description=Authelia auth server
After=network-online.target
After=multi-user.target

[Service]
Type=simple
User={{ authelia_user }}
Group={{ authelia_group }}
WorkingDirectory={{ authelia_base_dir }}
ExecStart={{ authelia_base_dir }}/authelia --config={{ authelia_config_dir }}/authelia.yml

LimitNOFILE=65000
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true
ProtectSystem=full

{% for path in authelia_read_only_dirs %}
ReadOnlyDirectories={{ path }}
{% endfor %}

SyslogIdentifier=authelia
Restart=on-failure

[Install]
WantedBy=multi-user.target