[Container]
Image=docker.io/miniflux/miniflux:latest
AutoUpdate=registry
Network=news.network

# environment
Environment=RUN_MIGRATIONS=1
Environment=CREATE_ADMIN=1
Environment=ADMIN_USERNAME=admin
Secret=news-adminpass,target=ADMIN_PASSWORD,type=env
Secret=news-connectionstr,target=DATABASE_URL,type=env

# storage
VolatileTmp=true

# security
ReadOnly=true
NoNewPrivileges=true
DropCapability=ALL
AddCapability=CHOWN DAC_OVERRIDE FOWNER SETGID SETUID

[Service]
Restart=always

[Unit]
After=news-postgres.service

[Install]
WantedBy=multi-user.target default.target