[Unit]
Description=Podman-in-podman GitLab Runner
Documentation=https://gitlab.com/qontainers/pipglr/-/blob/main/README.md
After=pipglr-storage-volume.service pipglr-cache-volume.service
Requires=podman.socket pipglr-storage-volume.service pipglr-cache-volume.service

[Container]
ContainerName=pipglr
Image=registry.gitlab.com/qontainers/pipglr

# Required to run containers inside a container and ensure
# container can be managed with podman-restart.service
# Note: See https://github.com/containers/podman/issues/20418
PodmanArgs=--privileged --restart=always

# A nested systemd is used to manage nested podman & gitlab runner services
Systemd=true

# Allow jobs access to utilize fuse-overlayfs, for example to build container images.
Device=/dev/fuse

# Must be owned by the gitlab-runner user
Secret config.toml,uid=1001,gid=1001

# Add network isolation from other containers
Network=pipglr.network

# Storage for nested container images and job cache
Volume=pipglr-storage:/home/podman/.local/share/containers
Volume=pipglr-cache:/cache

# No need to preserve this between runs
VolatileTmp=true