# Rust Game Server Quadlet Container Definition
# Pfad: ~/.config/containers/systemd/rust.container (rootless)
# oder: /etc/containers/systemd/rust.container (system)

[Unit]
Description=Rust Game Server via gameadm
Documentation=https://git.pp1l.de/pp1l/gameadm
After=network-online.target
Wants=network-online.target

[Container]
Image=docker.io/didstopia/rust-server:latest
AutoUpdate=registry

# Umgebungsvariablen aus gameadm Konfiguration
EnvironmentFile=/etc/rust-server.conf
Environment=RUST_SERVER_STARTUP_ARGUMENTS=-batchmode -load -nographics +server.secure 1
Environment=RUST_SERVER_IDENTITY=main
Environment=RUST_SERVER_SEED=12345
Environment=RUST_SERVER_WORLDSIZE=3000
Environment=RUST_SERVER_MAXPLAYERS=4
Environment=RUST_SERVER_HOSTNAME=PP1L Rust Server - Powered by gameadm
Environment=RUST_SERVER_DESCRIPTION=Enterprise Rust Server managed by gameadm
Environment=RUST_SERVER_URL=https://git.pp1l.de/pp1l/gameadm
Environment=RUST_SERVER_BANNER_URL=
Environment=RUST_RCON_WEB=0
Environment=RUST_RCON_PORT=28016
Environment=RUST_RCON_PASSWORD_FILE=/tmp/rcon_password

# Netzwerk und Ports  
PublishPort=28015:28015
PublishPort=28016:28016

# Volumes und Secrets
Volume=/srv/rust:/steamcmd/rust:Z
Secret=rust_server_password,type=mount,target=/tmp/server_password
Secret=rust_rcon_password,type=mount,target=/tmp/rcon_password

# Performance und Sicherheit
User=1000:1000
SecurityLabelType=container_runtime_t
NoNewPrivileges=true
ReadOnlyTmpfs=true
Tmpfs=/tmp

# Memory Limits
Memory=2G
MemorySwap=2G

# Health Check
HealthCmd=netstat -ln | grep :28015 || exit 1
HealthInterval=30s
HealthRetries=3
HealthStartPeriod=120s

# Restart Policy
Restart=on-failure
RestartSec=30

# Labels für Auto-Update
Label=io.containers.autoupdate=registry
Label=maintainer=gameadm
Label=service=rust
Label=environment=production

[Service]
Type=notify
NotifyAccess=all
Delegate=yes
TimeoutStartSec=600
TimeoutStopSec=120

[Install]
WantedBy=multi-user.target