[Unit]
Description=Authentik Server Container
After=authentik-pod.service
Requires=authentik-pod.service

[Container]
ContainerName={{ authentik_container_server_name }}
Image={{ authentik_image }}:{{ authentik_version }}
Pod=authentik.pod
EnvironmentFile={{ authentik_home }}/.env
User={{ authentik_uid }}:{{ authentik_gid }}
Annotation=run.oci.keep_original_groups=1

# Logging configuration
LogDriver=k8s-file
LogOpt=path={{ authentik_home }}/logs/server.log
Volume={{ authentik_home }}/logs:{{ authentik_home }}/logs

# Volume mounts for data and sockets
Volume={{ authentik_media_dir }}:/media
Volume={{ authentik_data_dir }}:/data
Volume={{ postgresql_unix_socket_directories }}:{{ postgresql_unix_socket_directories }}:Z
Volume={{ valkey_unix_socket_path | dirname }}:{{ valkey_unix_socket_path | dirname }}:Z

Exec=server

[Service]
Restart=always
TimeoutStartSec=300

[Install]
WantedBy=default.target