[Unit]
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=docker run \
          --name {{ oauth2_container_name }} \
          --entrypoint "" \
          --network host \
          --volume {{ oauth2_cert_directory }}:/etc/tls/private \
          quay.io/oauth2-proxy/oauth2-proxy:{{ oauth2_version }}\
          oauth2-proxy \
          --https-address={{ oauth2_listen_address }} \
          --tls-cert-file=/etc/tls/private/fullchain.pem \
          --tls-key-file=/etc/tls/private/privkey.pem \
          --upstream={{ oauth2_upstream }} \
          --cookie-secret="{{ oauth2_cookie_secret }}" \
          --client-secret="{{ oauth2_client_secret }}" \
          --client-id="{{ oauth2_client_id }}" \
          --provider={{ oauth2_client_provider }} \
          --redirect-url={{ oauth2_redirect_url }} \
          --oidc-issuer-url={{ oauth2_oidc_issuer_url }} \
          --email-domain={{ oauth2_email_domain }} \
          {{ oauth2_command_line_options }}
ExecStop=docker container rm \
         --force {{ oauth2_container_name }}

[Install]
WantedBy=multi-user.target