[Unit]
Description=Caddy web server
After=network.target

[Service]
Type=simple
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=http
Environment=CADDY_OPTS="run --config /etc/caddy/caddy_config.json"
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/caddy $CADDY_OPTS

[Install]
WantedBy=multi-user.target