[Unit]
Description=CAcert OpenID Connect Identity Provider for ORY Hydra

[Service]
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecCondition=/bin/sh -c 'test -f /etc/cacert-oidc-idp/idp.toml'
ExecStart=/usr/bin/cacert-idp --conf /etc/cacert-oidc-idp/idp.toml
StateDirectory=cacert-oidc-idp
User=cacert-oidc-idp
Group=cacert-oidc-idp

[Install]
WantedBy=multi-user.target