# Podman Quadlet unit for fjmcp-broker.
#
# Drop this file at ~/.config/containers/systemd/fjmcp-broker.container,
# then run:
#   systemctl --user daemon-reload
#   systemctl --user start fjmcp-broker
#
# Quadlet generates a transient systemd service from this file. State
# lives in the named volume "fjmcp-state"; recreating the container
# preserves SQLite data and registered OAuth clients.

[Unit]
Description=fjmcp-broker — OAuth 2.1 broker for forgejo-mcp
After=network-online.target
Wants=network-online.target

[Container]
Image=ghcr.io/olemd/fjmcp-broker:latest
ContainerName=fjmcp-broker

# Named volume for persistent SQLite state. Quadlet creates the volume
# on first start if it doesn't exist.
Volume=fjmcp-state:/data:Z

# Required configuration. Set FJMCP_BROKER_PUBLIC_URL to the
# Caddy-fronted hostname clients will see. Forgejo OAuth credentials
# come from a separate file outside this unit so the unit itself is
# safe to commit.
EnvironmentFile=%h/.config/fjmcp-broker.env
Environment=FJMCP_BROKER_LISTEN=:8080
Environment=FJMCP_BROKER_STORE=/data/broker.db

# Caddy reverse-proxies to localhost:8080.
PublishPort=127.0.0.1:8080:8080

# Healthcheck via /healthz. Three failures (90s) trigger restart.
HealthCmd=/usr/local/bin/fjmcp-broker --version
HealthInterval=30s
HealthRetries=3

[Service]
Restart=on-failure
RestartSec=10s

[Install]
WantedBy=default.target