[Files]
Bind=/srv/xcache
Bind=/var/spool/xrootd
Bind=/var/run/xrootd
Bind=/var/local/xcache
BindReadOnly=/etc/grid-security
BindReadOnly=/etc/xrootd

# Mount root file system in container as overlayfs where writes go to a tmpfs
# such that the image directory will not be overwritten by running containers
#
# before this can work we need to run once before with
# --private-users-chown
# e.g.
# systemd-nspawn --volatile=no --private-users-chown --private-users=655360 -D /var/lib/machines/xcache ls -la /
Volatile=overlay

[Exec]
#PrivateUsers=False

# This might be one way to deal with permissions of bind mounts
# e.g. if the xrootd user inside the container has user id 999 it will consistently
# become 655360 + 999 on the host system
PrivateUsers=655360

Boot=False
ProcessTwo=True
Parameters=/usr/bin/xrootd -c /etc/xrootd/xcache.cfg
User=xrootd

# Options one commonly sees in other xcache configs
# Not sure how much better these really are
Environment=LD_PRELOAD=/usr/lib64/libtcmalloc.so
Environment=TCMALLOC_RELEASE_RATE=10

# This has to be renewed by a cron job
# (proxy for authenticating the xcache server to the remote destination)
Environment=X509_USER_PROXY=/var/run/xrootd/x509up

# This is needed to make the Rucio N2N plugin work
Environment=XRD_METALINKPROCESSING=1
Environment=XRD_LOCALMETALINKFILE=1

[Network]
VirtualEthernet=False